search

ptrd / flupke

Java HTTP3 Client and HTTP3 Server plugin for Kwik
GNU General Public License v3.0
15 stars 4 forks source link

Quic connection with nginx.org fails #12

Closed zhkl0228 closed 4 months ago

zhkl0228 commented 5 months ago 
public void testFlupke() throws Exception {
        URI serverUrl = URI.create("https://quic.nginx.org/test");
        HttpRequest request = HttpRequest.newBuilder()
                .uri(serverUrl)
                .timeout(Duration.ofSeconds(30))
                .build();

        HttpClient client = Http3Client.newBuilder()
                .logger(new SysOutLogger())
                .connectTimeout(Duration.ofSeconds(30))
                .build();
        HttpResponse<String> httpResponse = client.send(request, HttpResponse.BodyHandlers.ofString());
        System.out.println(httpResponse.body());
    }
ptrd commented 5 months ago

Hi, Thanks for your interest in Flupke. It would help me a lot if you would describe what the problem is. I now feel like you are giving me a puzzle. I'm not in to puzzles. I like to help you but i would also like to spend as little time on it as needed, so I can spend my valuable time on creating new features. Please help me in helping you. I'm, after all, a human being, you can just talk to me ;-)

zhkl0228 commented 5 months ago

I apologize for my poor English, the above test run will fail

ptrd commented 5 months ago

Your English is ok, don't worry, i'm not a native speaker myself.

It fails with an exception I guess? Can you show the stacktrace?

zhkl0228 commented 5 months ago

53:26.393 Error: Inconsistency error in congestion controller; attempt to set bytes in-flight below 0 53:26.402 Error: Discarding packet (74 bytes) that cannot be decrypted (net.luminis.quic.crypto.MissingKeysException: Missing keys for encryption level Handshake (keys not installed))

java.net.ConnectException: Handshake error: Server closed connection: TLS error 40: handshake failed

at net.luminis.quic.core.QuicClientConnectionImpl.connect(QuicClientConnectionImpl.java:373)
at net.luminis.quic.core.QuicClientConnectionImpl.connect(QuicClientConnectionImpl.java:322)
at net.luminis.http3.impl.Http3ClientConnectionImpl.connect(Http3ClientConnectionImpl.java:92)
at net.luminis.http3.Http3Client.send(Http3Client.java:134)
zhkl0228 commented 5 months ago

flupke-0.5.3

ptrd commented 5 months ago

I reproduced the problem and from the Wireshark capture I can see that nginx immediately sends a "connection close". I have no clue why, asked the nginx people for help.

ptrd commented 4 months ago

The reason this fails is that this server uses ECDSA certificate (public key algorithm id-ecPublicKey) on curve P-384. Unfortunately, this is currently not supported by kwik / agent15. I'm closing this issue, because it is definitely not an issue in Flupke. Feel free to create an issue for this in Kwik project. Either way, I will fix this.

ptrd commented 3 months ago

Fixed in https://github.com/ptrd/kwik/commit/373f359264d89bebb9b7b7de0242e4a63ec41d2d