Terms

• I have read the guidelines for Contributing to Roots Projects
• This request is not a duplicate of an existing issue
• I have read the docs and followed them (if applicable)
• I have seached the Roots Discourse for answers and followed them (if applicable)
• This is not a personal support request that should be posted on the Roots Discourse community

Description

I faced an issue on my satispress server hosted on a trellis managed host.

curl https://satis.mydomain.com was failing with this error:

curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)

This was preventing composer (which uses curl) from fetching updates from this server when it was run from a client with curl 7.85.0 installed (ubuntu 22.10 default).

The culprit in trellis is this line:

It results in a response header containing a trailing whitespace, which is now considered a RFC violation.

This is nghttp2 1.49.0 that started to reject header fields with trailing whitespace, as that is an RFC violation. Also discussed here: #9479

The next nghttp2 release (1.50.0) has an option to switch off that behavior and curl will use that if available. But nghttp2 1.50.0 has not been released yet and neither has a curl version with that added logic.

This is not a curl bug. This is changed behavior in nghttp2. Our advice is to either downgrade nghttp2 to 1.48.0 again for the time being, or to apply a patch to nghttp2 to make it go back to its previous behaviors.

curl/curl#9526 (comment)

Steps To Reproduce

1. install curl 7.85.0 locally
2. curl https://example.com (server must be managed by trellis and have an ssl provider != 'self-signed')

Expected Behavior

curl returns page content.

Actual Behavior

curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)

Relevant Log Output

No response

Versions

1.20.0