Bug#952715: wget should not reuse an existing connection on retry in the face of 5xx failures, if other IP addresses exists

[Daniel Kahn Gillmor]

Package: wget
Version: 1.20.3-1+b2

I was running some experiments connecting to the SKS hkp pool.

These experiments were run from an IPv4 host, so you might not have the
same results.

From my current perspective, the SKS hkps pool
(hkps.pool.sks-keyservers.net) has 3 public IPv4 addresses:

   82.148.229.254, 192.146.137.99, 209.244.105.201

The connection i tried was invoked as:

     wget --ca-certificate=/usr/share/gnupg/sks-keyservers.netCA.pem 
'https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0x761471D89F8C9C97813959603732979CF967B306'

When wget selects either of the latter two IPv4 addresses, it works fine.

When it connects to the first one, though, i see:

    Loaded CA certificate '/usr/share/gnupg/sks-keyservers.netCA.pem'
    Resolving hkps.pool.sks-keyservers.net (hkps.pool.sks-keyservers.net)... 
82.148.229.254, 192.146.137.99, 209.244.105.201, ...
    Connecting to hkps.pool.sks-keyservers.net 
(hkps.pool.sks-keyservers.net)|82.148.229.254|:443... connected.
    HTTP request sent, awaiting response... 504 Gateway Time-out
    Retrying.

    --2020-02-27 16:52:02--  (try: 2)  
https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0x761471D89F8C9C97813959603732979CF967B306
    Reusing existing connection to hkps.pool.sks-keyservers.net:443.
    HTTP request sent, awaiting response... 504 Gateway Time-out
    Retrying.


and so on, down to:


    --2020-02-27 16:54:18--  (try:19)  
https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0x761471D89F8C9C97813959603732979CF967B306
    Reusing existing connection to hkps.pool.sks-keyservers.net:443.
    HTTP request sent, awaiting response... 504 Gateway Time-out
    Retrying.

    --2020-02-27 16:54:28--  (try:20)  
https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0x761471D89F8C9C97813959603732979CF967B306
    Reusing existing connection to hkps.pool.sks-keyservers.net:443.
    HTTP request sent, awaiting response... 504 Gateway Time-out
    Giving up.


In the face of such a gateway error, it would make more sense for wget
to try one of the other IP addresses from the known set of IP addresses,
rather than trying to reuse the connection.

This might well be an upstream issue, feel free to forward upstream!

Regards,

        --dkg

signature.asc
Description: PGP signature