rlm_rest and HTTP/2
Alan DeKok
aland at deployingradius.com
Tue Jul 30 16:12:02 CEST 2019
On Jul 30, 2019, at 6:30 AM, Hoggins! <hoggins at wheres5.com> wrote:
> So cURL sends to the server that it supports HTTP/2.
> What is surprising is that at startup, FreeRadius says that the rlm_rest
> module is compiled against a libcurl version that seems to fully support
> HTTP/2:
The rlm_rest module also has to support HTTP/2. Right now, it expects an HTTP/1.1 (or earlier) response.
The HTTP/2 protocol changes nearly everything about the protocol. So the explicit checks for HTTP/1.1 return codes in rlm_rest just won't with with HTTP/2.
> Info: rlm_rest: libcurl version: libcurl/7.65.3 OpenSSL/1.1.1c-fips
> zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5)
> libssh/0.9.0/openssl/zlib nghttp2/1.38.0
>
> The things is that in rlm_rest/rest.c
> (https://doc.freeradius.org/rest_8c_source.html), it seems that rlm_rest
> only expects HTTP/1.1 and nothing else (line 1572).
Yes.
> I don't know if it's relevant to have a more "relaxed" control of what
> protocol a server answers with, or if HTTP/2 should be explicitly
> supported in the code.
HTTP/2 has to be explicitly supported in rlm_rest.
For now, it's best to just disable HTTP2 in the rlm_rest module.
Alan DeKok.
More information about the Freeradius-Users
mailing list