[jira] [Commented] (HTTPCORE-606) HTTP2 framing layer error with HttpCore 5.0 server

Mon, 14 Oct 2019 02:11:31 -0700 


    [ 
https://issues.apache.org/jira/browse/HTTPCORE-606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16950837#comment-16950837
 ] 

Oleg Kalnichevski commented on HTTPCORE-606:
--------------------------------------------

[~rhashimoto] I cannot reproduce the defect with latest HttpCore master. The 
only difference to 5.0-beta9 is upgrade to Conscrypt 2.2.1

Client side
{noformat}
oleg@ok2c:~$ curl -v -k https://localhost:8080/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: O=Apache Software Foundation; OU=HttpComponents Project; CN=Test 
Server
*  start date: Oct 11 15:56:37 2019 GMT
*  expire date: Jul 26 15:56:37 2293 GMT
*  issuer: O=Apache Software Foundation; OU=HttpComponents Project; CN=Test CA; 
[email protected]
*  SSL certificate verify result: self signed certificate in certificate chain 
(19), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x561a0bfdf580)
> GET / HTTP/2
> Host: localhost:8080
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< content-type: text/plain
< date: Mon, 14 Oct 2019 08:59:28 GMT
< 
* Connection #0 to host localhost left intact
curl: (16) Error in the HTTP2 framing layer
{noformat}

Server side
{noformat}
10:59:25,522 [main] Listening on /0:0:0:0:0:0:0:0:8080
10:59:28,470 [server-dispatch-1] 
i/o-00000000[ACTIVE][r:][ACTIVE][r][NOT_HANDSHAKING][0][0][0] TLS started
10:59:28,472 [server-dispatch-1] i/o-00000000[ACTIVE][r:] Protocol upgrade: 
class org.apache.hc.core5.http2.impl.nio.ServerHttpProtocolNegotiator
10:59:28,473 [server-dispatch-1] i/o-00000000[ACTIVE][r:] Set timeout 15 SECONDS
10:59:28,473 [server-dispatch-1] 
i/o-00000000[ACTIVE][r:r][ACTIVE][r][NOT_HANDSHAKING][0][0][0] input ready
10:59:28,481 [server-dispatch-1] i/o-00000000[ACTIVE][r:r] 517 bytes read
10:59:28,484 [server-dispatch-1] i/o-00000000[ACTIVE][rw:r] Event mask set [rw]
10:59:28,484 [server-dispatch-1] 
i/o-00000000[ACTIVE][rw:r][ACTIVE][r][NEED_UNWRAP][0][0][2404] output ready
10:59:28,484 [server-dispatch-1] i/o-00000000[ACTIVE][rw:r] 2404 bytes written
10:59:28,484 [server-dispatch-1] i/o-00000000[ACTIVE][r:r] Event mask set [r]
10:59:28,485 [server-dispatch-1] 
i/o-00000000[ACTIVE][r:r][ACTIVE][r][NEED_UNWRAP][0][0][0] input ready
10:59:28,485 [server-dispatch-1] i/o-00000000[ACTIVE][r:r] 93 bytes read
10:59:28,489 [server-dispatch-1] i/o-00000000[ACTIVE][r:r] Set timeout 15 
SECONDS
10:59:28,489 [server-dispatch-1] 
i/o-00000000[ACTIVE][r:r][ACTIVE][r][NOT_HANDSHAKING][0][0][51] connected
10:59:28,489 [server-dispatch-1] i/o-00000000[ACTIVE][rw:r] Event mask set [rw]
10:59:28,490 [server-dispatch-1] 
i/o-00000000[ACTIVE][rw:r][ACTIVE][r][NOT_HANDSHAKING][0][0][51] output ready
10:59:28,490 [server-dispatch-1] i/o-00000000[ACTIVE][rw:r] 51 bytes written
10:59:28,490 [server-dispatch-1] i/o-00000000[ACTIVE][r:r] Event mask set [r]
10:59:28,490 [server-dispatch-1] 
i/o-00000000[ACTIVE][r:r][ACTIVE][r][NOT_HANDSHAKING][0][0][0] input ready
10:59:28,493 [server-dispatch-1] i/o-00000000[ACTIVE][r:r] 219 bytes read
10:59:28,505 [server-dispatch-1] i/o-00000000[ACTIVE][r:r] Protocol upgrade: 
class org.apache.hc.core5.http2.impl.nio.ServerH2IOEventHandler
10:59:28,507 [server-dispatch-1] i/o-00000000 >> stream 0 frame: SETTINGS 
(0x4); flags: (0x0); length: 36
10:59:28,507 [server-dispatch-1] i/o-00000000[ACTIVE][rw:r] Event mask set [rw]
10:59:28,508 [server-dispatch-1] i/o-00000000 << stream 0 frame: SETTINGS 
(0x4); flags: (0x0); length: 18
10:59:28,508 [server-dispatch-1] i/o-00000000 >> stream 0 flow control 
1073676289 -> 1073741824
10:59:28,508 [server-dispatch-1] i/o-00000000 >> stream 0 frame: SETTINGS 
(0x4); flags: ACK (0x1); length: 0
10:59:28,509 [server-dispatch-1] i/o-00000000 << stream 0 frame: WINDOW_UPDATE 
(0x8); flags: (0x0); length: 4
10:59:28,509 [server-dispatch-1] i/o-00000000 >> stream 0 flow control 
1073676289 -> 2147418113
10:59:28,509 [server-dispatch-1] i/o-00000000 << stream 1 frame: HEADERS (0x1); 
flags: END_STREAM END_HEADERS (0x5); length: 30
10:59:28,516 [server-dispatch-1] i/o-00000000 << :method: GET
10:59:28,516 [server-dispatch-1] i/o-00000000 << :path: /
10:59:28,516 [server-dispatch-1] i/o-00000000 << :scheme: https
10:59:28,516 [server-dispatch-1] i/o-00000000 << :authority: localhost:8080
10:59:28,516 [server-dispatch-1] i/o-00000000 << user-agent: curl/7.58.0
10:59:28,516 [server-dispatch-1] i/o-00000000 << accept: */*
10:59:28,555 [server-dispatch-1] i/o-00000000 >> :status: 200
10:59:28,555 [server-dispatch-1] i/o-00000000 >> content-type: text/plain
10:59:28,555 [server-dispatch-1] i/o-00000000 >> date: Mon, 14 Oct 2019 
08:59:28 GMT
10:59:28,556 [server-dispatch-1] i/o-00000000 >> stream 1 frame: HEADERS (0x1); 
flags: END_HEADERS (0x4); length: 34
10:59:28,556 [server-dispatch-1] i/o-00000000 >> stream 1 frame: DATA (0x0); 
flags: (0x0); length: 65536
10:59:28,556 [server-dispatch-1] i/o-00000000 >> stream 0 flow control -65536 
-> 2147352577
10:59:28,556 [server-dispatch-1] i/o-00000000 >> stream 1 flow control -65536 
-> 1073676288
10:59:28,557 [server-dispatch-1] 
i/o-00000000[ACTIVE][rw:r][ACTIVE][rw][NOT_HANDSHAKING][0][0][16597] output 
ready
10:59:28,557 [server-dispatch-1] i/o-00000000 << stream 0 flow control 
1073676289 -> 1073741824
10:59:28,557 [server-dispatch-1] i/o-00000000[ACTIVE][rw:r] 16597 bytes written
10:59:28,557 [server-dispatch-1] 
i/o-00000000[ACTIVE][rw:rw][ACTIVE][rw][NOT_HANDSHAKING][0][0][0] input ready
10:59:28,557 [server-dispatch-1] i/o-00000000[ACTIVE][rw:rw] 135 bytes read
10:59:28,558 [server-dispatch-1] i/o-00000000 << stream 0 frame: SETTINGS 
(0x4); flags: ACK (0x1); length: 0
10:59:28,558 [server-dispatch-1] i/o-00000000 << stream 0 frame: GOAWAY (0x7); 
flags: (0x0); length: 28
10:59:28,559 [server-dispatch-1] i/o-00000000[ACTIVE][w:rw] Event mask set [w]
10:59:28,559 [server-dispatch-1] 
i/o-00000000[ACTIVE][w:rw][CLOSING][w][NOT_HANDSHAKING][inbound 
done][][EOF][][0][0][0] output ready
10:59:28,559 [server-dispatch-1] i/o-00000000[ACTIVE][w:rw] 0 bytes written
10:59:28,560 [server-dispatch-1] i/o-00000000[ACTIVE][w:rw] Close
10:59:28,560 [server-dispatch-1] 
i/o-00000000[CLOSED][][CLOSED][w][NOT_HANDSHAKING][inbound done][][outbound 
done][][EOF][][0][0][31] disconnected
{noformat}

Oleg


> HTTP2 framing layer error with HttpCore 5.0 server
> --------------------------------------------------
>
>                 Key: HTTPCORE-606
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-606
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore
>    Affects Versions: 5.0-beta9
>            Reporter: Roy Hashimoto
>            Priority: Major
>         Attachments: ConscryptTest.java
>
>
> The attached file implements a simple H2/TLS server that returns a roughly 64 
> KB response. Things work fine when HTTP1 is used but with HTTP2 a framing 
> layer error is reported.
> Using curl:
> {{$ curl -k https://localhost:8080/}}
> {{curl: (16) Error in the HTTP2 framing layer}}
> Using Chrome:
> {{GET https://localhost:8080/ net::ERR_HTTP2_FRAME_SIZE_ERROR 200}}
> I'm using Conscrypt (org.conscrypt:conscrypt-openjdk-uber:2.2.1) because I 
> currently have only Java 8 environments so that's how I enable H2. I don't 
> know if the bug is related to the JSSE implementation or not. I did try to 
> disable TLS on the server and connect with {{curl --http2}} but that didn't 
> work - curl offered to upgrade but the server returned HTTP1 and the error 
> doesn't happen with HTTP1.
> The response is big enough that writing the response body data to the 
> DataStreamChannel does not consume it all in one call. I believe this might 
> be a factor because if I instead dribble the data out with small writes over 
> time like this then no error occurs:
> {{private int counter = 0;}}
> {{@Override}}
> {{public void produce(DataStreamChannel channel) throws IOException {}}
> {{  if (counter < 4096) {}}
> {{    ByteBuffer buffer = ByteBuffer.wrap(String.format("%4d:0123456789\n", 
> counter).getBytes());}}
> {{    counter++;}}
> {{    channel.write(buffer);}}
> {{    new Thread(() -> {}}
> {{      try {}}
> {{        Thread.sleep(50);}}
> {{      } catch (InterruptedException ignored) {}}
> {{      }}}
> {{      channel.requestOutput();}}
> {{    }).start();}}
> {{  } else {}}
> {{    channel.endStream();}}
> {{  }}}
> {{}}}
> To run the test program you will need to modify the code at the beginning of 
> {{main}} to load your own X509 KeyStore. Connect to the server with an 
> H2-capable client on port 8080.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to