rlm_rest and HTTP/2

Alan DeKok aland at deployingradius.com
Tue Jul 30 16:12:02 CEST 2019


On Jul 30, 2019, at 6:30 AM, Hoggins! <hoggins at wheres5.com> wrote:
> So cURL sends to the server that it supports HTTP/2.
> What is surprising is that at startup, FreeRadius says that the rlm_rest
> module is compiled against a libcurl version that seems to fully support
> HTTP/2:

  The rlm_rest module also has to support HTTP/2.  Right now, it expects an HTTP/1.1 (or earlier) response.

  The HTTP/2 protocol changes nearly everything about the protocol.  So the explicit checks for HTTP/1.1 return codes in rlm_rest just won't with with HTTP/2.

>     Info: rlm_rest: libcurl version: libcurl/7.65.3 OpenSSL/1.1.1c-fips
> zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5)
> libssh/0.9.0/openssl/zlib nghttp2/1.38.0
> 
> The things is that in rlm_rest/rest.c
> (https://doc.freeradius.org/rest_8c_source.html), it seems that rlm_rest
> only expects HTTP/1.1 and nothing else (line 1572).

  Yes.

> I don't know if it's relevant to have a more "relaxed" control of what
> protocol a server answers with, or if HTTP/2 should be explicitly
> supported in the code.

  HTTP/2 has to be explicitly supported in rlm_rest.

  For now, it's best to just disable HTTP2 in the rlm_rest module.

  Alan DeKok.




More information about the Freeradius-Users mailing list