rlm_rest and HTTP/2
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Jul 30 16:25:22 CEST 2019
> On 30 Jul 2019, at 23:12, Alan DeKok <aland at deployingradius.com> wrote:
>
>> On Jul 30, 2019, at 6:30 AM, Hoggins! <hoggins at wheres5.com> wrote:
>> So cURL sends to the server that it supports HTTP/2.
>> What is surprising is that at startup, FreeRadius says that the rlm_rest
>> module is compiled against a libcurl version that seems to fully support
>> HTTP/2:
>
> The rlm_rest module also has to support HTTP/2. Right now, it expects an HTTP/1.1 (or earlier) response.
>
> The HTTP/2 protocol changes nearly everything about the protocol. So the explicit checks for HTTP/1.1 return codes in rlm_rest just won't with with HTTP/2.
>
>> Info: rlm_rest: libcurl version: libcurl/7.65.3 OpenSSL/1.1.1c-fips
>> zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5)
>> libssh/0.9.0/openssl/zlib nghttp2/1.38.0
>>
>> The things is that in rlm_rest/rest.c
>> (https://doc.freeradius.org/rest_8c_source.html), it seems that rlm_rest
>> only expects HTTP/1.1 and nothing else (line 1572).
>
> Yes.
>
>> I don't know if it's relevant to have a more "relaxed" control of what
>> protocol a server answers with, or if HTTP/2 should be explicitly
>> supported in the code.
>
> HTTP/2 has to be explicitly supported in rlm_rest.
>
> For now, it's best to just disable HTTP2 in the rlm_rest module.
HTTP/2 works fine and has been tested in master branch. Parse fixes just need backporting if we want to support this in v3.
-Arran
More information about the Freeradius-Users
mailing list