7.85.0: curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1) #9526
Description
I did this
-
Searched and found a similar issue
-
curl -v https://www.schneier.com/feed/atom/ -
Got output:
curl -v https://www.schneier.com/feed/atom/
* Trying 199.16.173.239:443...
* Connected to www.schneier.com (199.16.173.239) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: CN=tls.automattic.com
* start date: Jul 22 09:18:38 2022 GMT
* expire date: Oct 20 09:18:37 2022 GMT
* subjectAltName: host "www.schneier.com" matched cert's "www.schneier.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /feed/atom/]
* h2h3 [:scheme: https]
* h2h3 [:authority: www.schneier.com]
* h2h3 [user-agent: curl/7.85.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x19981f0)
> GET /feed/atom/ HTTP/2
> Host: www.schneier.com
> user-agent: curl/7.85.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Connection #0 to host www.schneier.com left intact
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
The result is similar with https://blog.trailofbits.com/feed/
- Tested the same URLs with the known
--http1.1workaround.
Result: correct download.
- Tested the same URLs in Firefox
Result: correct download using HTTP/2
I expected the following
Correct curl download of the RSS feed using HTTP/2.
curl/libcurl version
curl 7.85.0 (i586-suse-linux-gnu) libcurl/7.85.0 OpenSSL/1.1.1q-fips zlib/1.2.11 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.3 libpsl/0.21.1 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.49.0
Release-Date: 2022-08-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
operating system
openSUSE Tumbleweed
5.19.2-1-pae #1 SMP PREEMPT_DYNAMIC Thu Aug 18 05:06:49 UTC 2022 (6c252ef) i686
More info
In the older issue it is said that "This is a broken server and not a curl problem." However, those same URLs tested directly in Firefox work fine using HTTP/2 (looking at the network console of the browser).