rlm_rest and HTTP/2

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jul 30 16:25:22 CEST 2019



> On 30 Jul 2019, at 23:12, Alan DeKok <aland at deployingradius.com> wrote:
> 
>> On Jul 30, 2019, at 6:30 AM, Hoggins! <hoggins at wheres5.com> wrote:
>> So cURL sends to the server that it supports HTTP/2.
>> What is surprising is that at startup, FreeRadius says that the rlm_rest
>> module is compiled against a libcurl version that seems to fully support
>> HTTP/2:
> 
>  The rlm_rest module also has to support HTTP/2.  Right now, it expects an HTTP/1.1 (or earlier) response.
> 
>  The HTTP/2 protocol changes nearly everything about the protocol.  So the explicit checks for HTTP/1.1 return codes in rlm_rest just won't with with HTTP/2.
> 
>>    Info: rlm_rest: libcurl version: libcurl/7.65.3 OpenSSL/1.1.1c-fips
>> zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.0.5)
>> libssh/0.9.0/openssl/zlib nghttp2/1.38.0
>> 
>> The things is that in rlm_rest/rest.c
>> (https://doc.freeradius.org/rest_8c_source.html), it seems that rlm_rest
>> only expects HTTP/1.1 and nothing else (line 1572).
> 
>  Yes.
> 
>> I don't know if it's relevant to have a more "relaxed" control of what
>> protocol a server answers with, or if HTTP/2 should be explicitly
>> supported in the code.
> 
>  HTTP/2 has to be explicitly supported in rlm_rest.
> 
>  For now, it's best to just disable HTTP2 in the rlm_rest module.

HTTP/2 works fine and has been tested in master branch.  Parse fixes just need backporting if we want to support this in v3.

-Arran



More information about the Freeradius-Users mailing list