Public bug reported: In the current stable version, nginx rejects with the 400 error any attempts of requesting different host over the same connection, if the relevant virtual server requires verification of a client certificate. While requesting hosts other than negotiated isn't something legal in HTTP/1.x, the HTTP/2 specification explicitly permits such requests for connection reuse and has introduced a special response code 421. According to RFC 7540 Section 9.1.2 this code can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI. And the client may retry the request over a different connection. Now this code is used for requests that aren't authorized in current connection, but is used only in the current mainline version of nginx. I ask to amend this bug so HTTP/2 can be used with optional client certificates, otherwise users like me are forced to turn it off.
All relevant changes to files are reported here: http://hg.nginx.org/nginx/rev/654d2dae97d3 Thanks for your help ** Affects: nginx (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1587419 Title: 421 Misdirected Request To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1587419/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
