Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-1038

An ordinary HTTP/2 upgrade request from curl triggers muted EOFException in Http2UpgradeHandler

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • JWS 5.0_RHEL ER1
    • None
    • None

      TODO

      • it seems as an unnecessary overhead to throw and swallow an exception with each such request for upgrade that is supposedly valid and done by a well established client (curl)
      • TODO mbabacek1@redhat.com: create an upstream Apache bugzilla if found pertinent

      Tomcat

      Log

      Full log: tomcat.log, excerpt:

      31-May-2018 18:03:08.811 FINE [https-openssl-apr-127.0.0.1-8443-exec-3] org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Entry, Connection [0], SocketStatus [OPEN_READ]
      31-May-2018 18:03:08.812 FINE [https-openssl-apr-127.0.0.1-8443-exec-3] org.apache.coyote.http2.Http2UpgradeHandler.init Connection [0], State [CONNECTED]
      31-May-2018 18:03:08.812 FINE [https-openssl-apr-127.0.0.1-8443-exec-3] org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch Connection [0]
       java.io.EOFException
          at org.apache.coyote.http2.Http2UpgradeHandler.fill(Http2UpgradeHandler.java:1174)
          at org.apache.coyote.http2.Http2Parser$Input.fill(Http2Parser.java:692)
          at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:76)
          at org.apache.coyote.http2.Http2Parser.readFrame(Http2Parser.java:69)
          at org.apache.coyote.http2.Http2UpgradeHandler.upgradeDispatch(Http2UpgradeHandler.java:316)
          at org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54)
          at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:53)
          at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
          at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2299)
          at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
          at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
          at java.lang.Thread.run(Thread.java:745)
      

      Config

      See all used certificates.zip and server.xml.

      Curl

      Build

      Curl: built from sources, HEAD:5005ade2, https://github.com/curl/curl.git
      
        curl version:     7.61.0-DEV
        Host setup:       x86_64-unknown-linux-gnu
        Install prefix:   /usr/local
        Compiler:         gcc
        SSL support:      enabled (OpenSSL)
        SSH support:      no      (--with-libssh2)
        zlib support:     enabled
        brotli support:   no      (--with-brotli)
        GSS-API support:  no      (--with-gssapi)
        TLS-SRP support:  no      (--enable-tls-srp)
        resolver:         POSIX threaded
        IPv6 support:     enabled
        Unix sockets support: enabled
        IDN support:      enabled (libidn2)
        Build libcurl:    Shared=yes, Static=yes
        Built-in manual:  enabled
        --libcurl option: enabled (--disable-libcurl-option)
        Verbose errors:   enabled (--disable-verbose)
        SSPI support:     no      (--enable-sspi)
        ca cert bundle:   /etc/pki/tls/certs/ca-bundle.crt
        ca cert path:     no
        ca fallback:      no
        LDAP support:     enabled (OpenLDAP)
        LDAPS support:    enabled
        RTSP support:     enabled
        RTMP support:     no      (--with-librtmp)
        metalink support: no      (--with-libmetalink)
        PSL support:      yes
        HTTP2 support:    enabled (nghttp2)
        Protocols:        DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS LDAP LDAPS POP3
                          POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
      

      Log

      See curl.log for a full trace of the call:

      curl https://node1.javaserver:8443/ -i -v --tlsv1.2 --http2  --ciphers HIGH --cert-type PEM --ssl-no-revoke 
      --cert /opt/chain/certs/node1.client.cert.pem 
      --key /opt/chain/private/node1.client.key.pem 
      --cacert /opt/chain/certs/ca-chain.cert.pem 
      --pass testpass --trace log.log
      
      HTTP/2 200 
      content-type: text/html;charset=UTF-8
      date: Thu, 31 May 2018 22:03:08 GMT
      
      
      
      
      <!DOCTYPE html>
      <html lang="en">
      ...cut for brevity...
      

      Tomcat source

      Line 1174 in Http2UpgradeHandler.java:

         1156 @Override
         1157 public boolean fill(boolean block, byte[] data, int offset, int length) throws IOException {
         1158     int len = length;
         1159     int pos = offset;
         1160     boolean nextReadBlock = block;
         1161     int thisRead = 0;
         1162   
         1163     while (len > 0) {
         1164         thisRead = socketWrapper.read(nextReadBlock, data, pos, len);
         1165         if (thisRead == 0) {
         1166             if (nextReadBlock) {
         1167                 // Should never happen
         1168                 throw new IllegalStateException();
         1169             } else {
         1170                 return false;
         1171             }
         1172         } else if (thisRead == -1) {
         1173             if (connectionState.get().isNewStreamAllowed()) {
      -> 1174                 throw new EOFException();
         1175             } else {
         1176                 return false;
         1177             }
         1178         } else {
         1179             pos += thisRead;
         1180             len -= thisRead;
         1181             nextReadBlock = true;
         1182         }
         1183     }
         1184    return true;
         1185 }
      

      I think I get how is the read block treated, but I don't understand why an exception is needed to control the flow?

        1. tomcat.log
          24 kB
        2. server.xml
          3 kB
        3. curl.log
          102 kB
        4. certificates.zip
          17 kB

            rmaucher Remy Maucherat
            mbabacek1@redhat.com Karm Karm
            Karm Karm Karm Karm
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: