On Jul 30, 2019, at 6:30 AM, Hoggins! <hoggins@wheres5.com> wrote:
So cURL sends to the server that it supports HTTP/2. What is surprising is that at startup, FreeRadius says that the rlm_rest module is compiled against a libcurl version that seems to fully support HTTP/2:
The rlm_rest module also has to support HTTP/2. Right now, it expects an HTTP/1.1 (or earlier) response. The HTTP/2 protocol changes nearly everything about the protocol. So the explicit checks for HTTP/1.1 return codes in rlm_rest just won't with with HTTP/2.
Info: rlm_rest: libcurl version: libcurl/7.65.3 OpenSSL/1.1.1c-fips zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5) libssh/0.9.0/openssl/zlib nghttp2/1.38.0
The things is that in rlm_rest/rest.c (https://doc.freeradius.org/rest_8c_source.html), it seems that rlm_rest only expects HTTP/1.1 and nothing else (line 1572).
Yes.
I don't know if it's relevant to have a more "relaxed" control of what protocol a server answers with, or if HTTP/2 should be explicitly supported in the code.
HTTP/2 has to be explicitly supported in rlm_rest. For now, it's best to just disable HTTP2 in the rlm_rest module. Alan DeKok.