[Samba] wiki returns ERR_HTTP2_PROTOCOL_ERROR
Jeremy Allison
jra at samba.org
Mon Aug 16 21:58:45 UTC 2021
On Mon, Aug 16, 2021 at 02:47:32PM -0700, Jeremy Allison via samba wrote:
>Yep. I can reproduce this. I get (with curl -v):
>
> curl -vv https://wiki.samba.org
>* Trying 144.76.82.148:443...
>* Connected to wiki.samba.org (144.76.82.148) port 443 (#0)
>* ALPN, offering h2
>* ALPN, offering http/1.1
>* successfully set certificate verify locations:
>* CAfile: /etc/ssl/certs/ca-certificates.crt
>* CApath: /etc/ssl/certs
>* TLSv1.3 (OUT), TLS handshake, Client hello (1):
>* TLSv1.3 (IN), TLS handshake, Server hello (2):
>* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
>* TLSv1.3 (IN), TLS handshake, Certificate (11):
>* TLSv1.3 (IN), TLS handshake, CERT verify (15):
>* TLSv1.3 (IN), TLS handshake, Finished (20):
>* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
>* TLSv1.3 (OUT), TLS handshake, Finished (20):
>* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
>* ALPN, server accepted to use h2
>* Server certificate:
>* subject: CN=wiki.samba.org
>* start date: May 29 05:25:24 2021 GMT
>* expire date: Aug 27 05:25:24 2021 GMT
>* subjectAltName: host "wiki.samba.org" matched cert's "wiki.samba.org"
>* issuer: C=US; O=Let's Encrypt; CN=R3
>* SSL certificate verify ok.
>* Using HTTP2, server supports multi-use
>* Connection state changed (HTTP/2 confirmed)
>* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
>* Using Stream ID: 1 (easy handle 0x556e843b4580)
>>GET / HTTP/2
>>Host: wiki.samba.org
>>user-agent: curl/7.74.0
>>accept: */*
>>
>* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
>* old SSL session ID is stale, removing
>* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
>* http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [x-forwarded-proto:], value: [https]
>* HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
>* stopped the pause stream!
>* Connection #0 to host wiki.samba.org left intact
>curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
>
>so it looks like it might be a server problem somehow.
Maybe this bug:
https://www.rhymewithgravy.com/2016/08/23/Beware-the-Connection-Header-in-HTT-P.html
"An endpoint MUST NOT generate an HTTP/2 message containing connection-specific header fields"
More information about the samba
mailing list