Open master-of-darkness opened 6 months ago
I usually skip the --protocol arg completely -- does that fix your issues? I know chrome -> hq server is working.
Unfortunately it doesn't work :(
If you just run
./hq --mode=server --cert=<your cert> --key=<your key> --port 8443 -v 4
And hit with chrome, what's the server output?
If you just run
./hq --mode=server --cert=<your cert> --key=<your key> --port 8443 -v 4
And hit with chrome, what's the server output?
E1109 12:34:45.815054 7856 main.cpp:44] Cannot open /tmp/logs I1109 12:34:45.816812 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.816824 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.817651 7856 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.817658 7856 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.818532 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.818539 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.818593 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.818710 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f6788017d40 I1109 12:34:45.818728 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.819213 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.819218 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.819875 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.819881 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.819924 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.819931 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f67880bf360 I1109 12:34:45.819937 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.820389 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.820394 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.821027 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.821031 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.821075 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.821081 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f67880cde90 I1109 12:34:45.821087 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.821547 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.821552 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.822196 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.822201 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.822264 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.822273 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f67880dc390 I1109 12:34:45.822283 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.822836 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.822841 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.823822 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.823828 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.823876 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.823884 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f67880eb2d0 I1109 12:34:45.823891 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.824409 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.824412 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.825254 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.825261 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.825313 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.825321 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f67880f99d0 I1109 12:34:45.825330 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.825836 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.825839 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.826503 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.826508 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.826552 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.826558 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f67880f8950 I1109 12:34:45.826565 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.827070 7857 AeadTokenCipher.cpp:39] Updating token secrets I1109 12:34:45.827075 7857 AeadTokenCipher.cpp:48] Updating token secrets, num=1 I1109 12:34:45.827760 7857 SSLContextManager.cpp:833] cert /etc/http32webserver/cert/localhost.crt Identity: localhost I1109 12:34:45.827769 7857 SSLContextManager.cpp:836] cert /etc/http32webserver/cert/localhost.crt SAN: I1109 12:34:45.827828 7857 SSLContextManager.cpp:732] For vip vip_, setting sid_ctx localhost I1109 12:34:45.827836 7857 SSLContextManager.cpp:740] On VipID=[::1]:6667 context=0x7f67881168a0 I1109 12:34:45.827843 7857 SSLContextManager.cpp:1091] Adding CN/Subject-alternative-name "localhost" for SNI search I1109 12:34:45.828923 7866 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7a170 workerId=0 processId=0 I1109 12:34:45.828984 7867 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7a940 workerId=1 processId=0 I1109 12:34:45.829016 7868 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7b110 workerId=2 processId=0 I1109 12:34:45.829037 7869 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7b8e0 workerId=3 processId=0 I1109 12:34:45.829056 7870 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7c0d0 workerId=4 processId=0 I1109 12:34:45.829073 7872 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7c8e0 workerId=5 processId=0 I1109 12:34:45.829092 7873 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7d0d0 workerId=6 processId=0 I1109 12:34:45.829123 7874 QuicServer.cpp:274] No valid takenover fd found for address=[::1]:8443. binding on worker=0x2b7d8e0 workerId=7 processId=0 I1109 12:34:45.829139 7874 QuicServer.cpp:285] Initialized all workers in the eventbase I1109 12:34:45.829190 7856 HQServer.cpp:285] HQ server started at: [::1]:8443 I1109 12:34:47.248520 7858 AsyncSSLSocket.cpp:340] actual destruction of AsyncSSLSocket(this=0x7f6780002550, evb=0x7f6780000d80, fd=folly::NetworkSocket(-1), state=3, sslState=9, events=0) I1109 12:34:47.248592 7858 AsyncSocket.cpp:3169] this=0x7f6780003560, AsyncSocket::handleRead() got 517 bytes I1109 12:34:47.255234 7858 AsyncSocket.cpp:3169] this=0x7f6780003560, AsyncSocket::handleRead() got 30 bytes I1109 12:34:47.255358 7858 FizzAcceptorHandshakeHelper.cpp:153] Fizz handshake error with (peer=[::1]:45860, local=[::1]:6667) after 6 ms; 547 bytes received & 2120 bytes sent: fizz::FizzException: received alert: certificate_unknown, in state ExpectingFinished I1109 12:34:47.255385 7858 Acceptor.cpp:548] Acceptor=0x7f6788007680 onEmpty() I1109 12:34:48.002563 7859 AsyncSSLSocket.cpp:340] actual destruction of AsyncSSLSocket(this=0x7f67840021e0, evb=0x7f6784000d40, fd=folly::NetworkSocket(-1), state=3, sslState=9, events=0) I1109 12:34:48.002631 7859 AsyncSocket.cpp:3169] this=0x7f6784002f00, AsyncSocket::handleRead() got 517 bytes I1109 12:34:48.010644 7859 AsyncSocket.cpp:3169] this=0x7f6784002f00, AsyncSocket::handleRead() got 30 bytes I1109 12:34:48.010754 7859 FizzAcceptorHandshakeHelper.cpp:153] Fizz handshake error with (peer=[::1]:45868, local=[::1]:6667) after 8 ms; 547 bytes received & 2120 bytes sent: fizz::FizzException: received alert: certificate_unknown, in state ExpectingFinished I1109 12:34:48.010775 7859 Acceptor.cpp:548] Acceptor=0x7f678804b2d0 onEmpty()
On older version(10.16)
I1109 13:27:25.661306 67818 QuicServerWorker.cpp:1134] QuicServer readerr: AsyncSocketException: AsyncUDPSocket::getReadBuffer() returned empty buffer, type = Invalid arguments
I1109 13:27:25.661463 67811 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
I1109 13:27:25.661550 67812 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
I1109 13:27:25.661600 67813 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
I1109 13:27:25.661643 67814 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
I1109 13:27:25.661676 67815 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
I1109 13:27:25.661716 67816 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
I1109 13:27:25.661752 67817 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
I1109 13:27:25.661772 67818 QuicServerWorker.cpp:1384] QuicServer shutdown all connections. addressMap=0 connectionIdMap=0
Relevant log line:
I1109 12:34:47.255358 7858 FizzAcceptorHandshakeHelper.cpp:153] Fizz handshake error with (peer=[::1]:45860, local=[::1]:6667) after 6 ms; 547 bytes received & 2120 bytes sent: fizz::FizzException: received alert: certificate_unknown, in state ExpectingFinished
Is your cert unexpired and trusted by your browser?
Relevant log line:
I1109 12:34:47.255358 7858 FizzAcceptorHandshakeHelper.cpp:153] Fizz handshake error with (peer=[::1]:45860, local=[::1]:6667) after 6 ms; 547 bytes received & 2120 bytes sent: fizz::FizzException: received alert: certificate_unknown, in state ExpectingFinished
Is your cert unexpired and trusted by your browser?
My certificate is unexpired and added to my browser
I have the same issue on macOS, hq http3 not working with browsers but it works with HQClient.
Update: It works on FireFox nightly.
I'm working with proxygen <v2023.10.16.00>. HQServer works well with these parameters : --host=:: --port=443 --h2port==443 --protocol=h3 --quic_version=0. Google Chrome 119.0.6045.159, Mozilla Firefox 120.0, Microsoft Edge 119.0.2151.58 could setup a h3 connection to HQServer without problem.
I'm working with proxygen <v2023.10.16.00>. HQServer works well with these parameters : --host=:: --port=443 --h2port==443 --protocol=h3 --quic_version=0. Google Chrome 119.0.6045.159, Mozilla Firefox 120.0, Microsoft Edge 119.0.2151.58 could setup a h3 connection to HQServer without problem.
I tested it on Google Chrome on macOS, but unfortunately, it didn't work. It seems that your test was conducted on Windows OS.
I'm working with proxygen <v2023.10.16.00>. HQServer works well with these parameters : --host=:: --port=443 --h2port==443 --protocol=h3 --quic_version=0. Google Chrome 119.0.6045.159, Mozilla Firefox 120.0, Microsoft Edge 119.0.2151.58 could setup a h3 connection to HQServer without problem.
I tested it on Google Chrome on macOS, but unfortunately, it didn't work. It seems that your test was conducted on Windows OS. I built and tested on Rocky Linux 9 - not Windows, btw i didn't use the default TLS certificates in the sample code https://github.com/facebook/proxygen/blob/main/proxygen/httpserver/samples/hq/FizzContext.cpp, just imported the real TLS certificates from Let's Encrypt
Hi there!
I'm trying to figure out why the HQ client from the samples can't connect to the HQ server (also from the samples). I am able to connect using HTTP/2 (HTTPS) from the browser, but QUIC doesn't seem to work at all. I noticed that
hqParams.supportedAlpns
includes hq-29. Could the issue be related to the ALPN or the certificate?server run command:
client run command:
./hq --mode=client --path=/ --host=127.0.0.1 --port=8443 --protocol=hq-29
server log:client log:
update 02.11.2023: HQClient works well with h3, but firefox and chrome still work only with http2 Also, in both browsers I have
alt-svc | h3-27=":443"; ma=3600