Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http2.connect doesn't connect to an http2 secure server #14671

Closed
chiptus opened this issue Aug 7, 2017 · 11 comments
Closed

http2.connect doesn't connect to an http2 secure server #14671

chiptus opened this issue Aug 7, 2017 · 11 comments
Labels
http2 Issues or PRs related to the http2 subsystem.

Comments

@chiptus
Copy link

chiptus commented Aug 7, 2017

  • Version: v9.0.0-pre
  • Platform: Windows 10 64 bit
  • Subsystem: http2

Using the code examples from james's post

Chrome is connecting to the server successfully, but the client doesn't. Before changing the server to secure server it was the opposite way.

server.js

const http2 = require('http2');
const fs = require('fs');

// Create a plain-text HTTP/2 server
const options = {
  key: fs.readFileSync('server.key'),
  cert: fs.readFileSync('server.crt'),
};
const server = http2.createSecureServer(options);
server.on('stream', (stream, headers) => {
  console.log('stream');
  stream.respond({
    'content-type': 'text/html',
    ':status': 200,
  });
  stream.end('<h1>Hello World</h1>');
});

server.listen(1234);

client.js

const http2 = require('http2');

const client = http2.connect('https://localhost:1234');

const req = client.request({ ':path': '/' });

req.on('response', (headers) => {
  console.log(headers[':status']);
  console.log(headers['date']);
});

let data = '';
req.setEncoding('utf8');
req.on('data', (d) => data += d);
req.on('end', () => {
  console.log(data);
  client.destroy();
});
req.end();

#goodnessSquad

@mscdex mscdex added the http2 Issues or PRs related to the http2 subsystem. label Aug 7, 2017
@jasnell
Copy link
Member

jasnell commented Aug 8, 2017

You need to pass in tls options to the http2.connect() method, e.g.

http2.connect('https://localhost:1234', { rejectUnauthorized: false, ca: fs.readFileSync('ca.pem') });

@jasnell
Copy link
Member

jasnell commented Aug 8, 2017

@chiptus ... can you confirm that you're still having an issue after passing in the TSL options on the connect?

@chiptus
Copy link
Author

chiptus commented Aug 9, 2017

this is not working. is ca.pem the same as the certificate passed to http2.createSecureServer?

should these options be documented?

@grantila
Copy link

@jasnell

You need to pass in tls options to the http2.connect() method

Where is this documented? Not in the 8.x docs afaict... And regardless, why is a certificate necessary for the client? I get the point of providing a list of trusted certificates, so that untrusted servers can be rejected (otherwise https is kind of pointless), but that's a different story.

I have trouble using the example from the docs modified against an HTTP/2 test server, the response event is never emitted:

const http2 = require('http2');
const client = http2.connect('https://httpbin.org');

const req = client.request({':path': '/ip'}, {endStream: true});

req.on('response', (headers) => {
  console.log(headers[':status']);
});

This is in 8.4, 8.5, 8.6 and 8.7-rc.2

Might be related to #15405

@apapirovski
Copy link
Member

apapirovski commented Oct 17, 2017

@grantila httpbin doesn't work for http2. Use https://nghttp2.org/httpbin/ if you want the same functionality for h2.

@grantila
Copy link

That's interesting... Any ideas on why? And why no error? Only a streamClosed with zero (meaning no error).

@apapirovski
Copy link
Member

apapirovski commented Oct 17, 2017

Why doesn't httpbin support http2? I don't know, I don't run the service... if I had to guess, it probably hasn't been updated in ages. I'll leave it to someone else to answer why the code doesn't throw and whether it even should.

The streamClosed with 0 seems correct, it just means there was no other rstCode submitted by either side. (There very well might be an error emitted on req but they don't throw so you would need to specifically listen for it.)

@grantila
Copy link

Boy do I feel stupid mixing up "httpbin" with "httpbis" (http/2) believing httpbin.org was actually serving h2... But it does show the need for a generic way to fetch from "https://somewhere" without having to know what that server runs, as explained in #16256.

I tried @chiptus code and added {rejectUnauthorized: false} (for a self-signed certificate) and it works, so IMO this can be closed. Thanks everyone!

@apapirovski
Copy link
Member

@grantila Glad to hear it worked and yea, we definitely need to continue work on the client-side of h2. It currently doesn't support downgrading to h1, doesn't support the whole Agent model, etc.

@chiptus Is this still an issue you're experiencing? If not or we don't hear back, we'll probably close this up in the next few days (but feel free to re-open).

@chiptus
Copy link
Author

chiptus commented Oct 18, 2017 via email

@apapirovski
Copy link
Member

As there hasn't been much activity on this, everyone else seems to be able to connect and none of our internal tests have been failing, I'm going to go ahead and close this. That said, feel free to re-open if you believe that this issue still exists and is a bug in the http2 implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
http2 Issues or PRs related to the http2 subsystem.
Projects
None yet
Development

No branches or pull requests

5 participants