Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-1038

An ordinary HTTP/2 upgrade request from curl triggers muted EOFException in Http2UpgradeHandler

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • JWS 5.0_RHEL ER1
    • None
    • None

      TODO

      • it seems as an unnecessary overhead to throw and swallow an exception with each such request for upgrade that is supposedly valid and done by a well established client (curl)
      • TODO mbabacek1@redhat.com: create an upstream Apache bugzilla if found pertinent

      Tomcat

      Log

      Full log: tomcat.log, excerpt:

      31-May-2018 18:03:08.811 FINE [https-openssl-apr-127.0.0.1-8443-exec-3] org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Entry, Connection [0], SocketStatus [OPEN_READ]
31-May-2018 18:03:08.812 FINE [https-openssl-apr-127.0.0.1-8443-exec-3] org.apache.coyote.http2.Http2UpgradeHandler.init Connection [0], State [CONNECTED]
31-May-2018 18:03:08.812 FINE [https-openssl-apr-127.0.0.1-8443-exec-3] org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Connection [0]
 java.io.EOFException
    at org.apache.coyote.http2.Http2UpgradeHandler.fill(Http2UpgradeHandler.java:1174)
    at org.apache.coyote.http2.Http2Parser$Input.fill(Http2Parser.java:692)
    at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:76)
    at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:69)
    at org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:316)
    at org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:53)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2299)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

      Config

      See all used certificates.zip and server.xml.

      Curl

      Build

      Curl: built from sources, HEAD:5005ade2, https://github.com/curl/curl.git

  curl version:     7.61.0-DEV
  Host setup:       x86_64-unknown-linux-gnu
  Install prefix:   /usr/local
  Compiler:         gcc
  SSL support:      enabled (OpenSSL)
  SSH support:      no      (--with-libssh2)
  zlib support:     enabled
  brotli support:   no      (--with-brotli)
  GSS-API support:  no      (--with-gssapi)
  TLS-SRP support:  no      (--enable-tls-srp)
  resolver:         POSIX threaded
  IPv6 support:     enabled
  Unix sockets support: enabled
  IDN support:      enabled (libidn2)
  Build libcurl:    Shared=yes, Static=yes
  Built-in manual:  enabled
  --libcurl option: enabled (--disable-libcurl-option)
  Verbose errors:   enabled (--disable-verbose)
  SSPI support:     no      (--enable-sspi)
  ca cert bundle:   /etc/pki/tls/certs/ca-bundle.crt
  ca cert path:     no
  ca fallback:      no
  LDAP support:     enabled (OpenLDAP)
  LDAPS support:    enabled
  RTSP support:     enabled
  RTMP support:     no      (--with-librtmp)
  metalink support: no      (--with-libmetalink)
  PSL support:      yes
  HTTP2 support:    enabled (nghttp2)
  Protocols:        DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS LDAP LDAPS POP3
                    POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP

      Log

      See curl.log for a full trace of the call:

      curl https://node1.javaserver:8443/ -i -v --tlsv1.2 --http2  --ciphers HIGH --cert-type PEM --ssl-no-revoke 
--cert /opt/chain/certs/node1.client.cert.pem 
--key /opt/chain/private/node1.client.key.pem 
--cacert /opt/chain/certs/ca-chain.cert.pem 
--pass testpass --trace log.log

HTTP/2 200 
content-type: text/html;charset=UTF-8
date: Thu, 31 May 2018 22:03:08 GMT




<!DOCTYPE html>
<html lang="en">
...cut for brevity...

      Tomcat source

      Line 1174 in Http2UpgradeHandler.java:

         1156 @Override
   1157 public boolean fill(boolean block, byte[] data, int offset, int length) throws IOException {
   1158     int len = length;
   1159     int pos = offset;
   1160     boolean nextReadBlock = block;
   1161     int thisRead = 0;
   1162   
   1163     while (len > 0) {
   1164         thisRead = socketWrapper.read(nextReadBlock, data, pos, len);
   1165         if (thisRead == 0) {
   1166             if (nextReadBlock) {
   1167                 // Should never happen
   1168                 throw new IllegalStateException();
   1169             } else {
   1170                 return false;
   1171             }
   1172         } else if (thisRead == -1) {
   1173             if (connectionState.get().isNewStreamAllowed()) {
-> 1174                 throw new EOFException();
   1175             } else {
   1176                 return false;
   1177             }
   1178         } else {
   1179             pos += thisRead;
   1180             len -= thisRead;
   1181             nextReadBlock = true;
   1182         }
   1183     }
   1184    return true;
   1185 }

      I think I get how is the read block treated, but I don't understand why an exception is needed to control the flow?

        1. tomcat.log
          24 kB
        2. server.xml
          3 kB
        3. curl.log
          102 kB
        4. certificates.zip
          17 kB

              rmaucher Remy Maucherat
              mbabacek1@redhat.com Karm Karm
              Karm Karm Karm Karm
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: