[
https://issues.apache.org/jira/browse/HTTPCLIENT-2120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17216770#comment-17216770
]
Oleg Kalnichevski commented on HTTPCLIENT-2120:
-----------------------------------------------
[~synth3] Where shall I begin?
# We are all volunteers here and as far as I know no committer on the project
gets paid to work on Apache HttpComponents by their employing company.
Therefore we do not have to do _anything_. _At all_. Things that no one feels
strongly about simply get neglected. For instance our project web site. It is
likely one of the worst web sites in existence but no one feels strongly enough
about it to commit their personal time to improving it.
# HttpClient 5.0 release notes clearly state what features are supported.
HttpCore 5.0 release notes also state what features are out of scope. But you
are right. It is not obvious that HTTP/2 client transport presently does not
the CONNECT method or tunneling HTTP/2 traffic via a HTTP/1.1 proxy.
# I intentionally did not want to implement HTTP/2 proxy support on my
personal time. This feature mainly of interest to corporate users. Corporate
users should be able to deal with it.
What can done about it:
* I can fix the web site content though I do not want to commit to any
particular time line. Please raise a separate issue for that.
* I can work on improving the exception handling so that HttpClient can throw
back a more reasonable error in case of someone's trying to force HTTP/2
traffic through a proxy. Please raise a separate issue for that.
* Consider telling your boss that he (or she or any of 55 genders) should
assign a salaried developer to work on HttpClient and contribute this feature
to the community.
Oleg
> Support HTTP/2 (TLS) Tunneling over HTTP-Proxy
> ----------------------------------------------
>
> Key: HTTPCLIENT-2120
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2120
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (async)
> Affects Versions: 5.0.3
> Reporter: synth3
> Priority: Critical
> Labels: http2, proxy
>
> *First of all:*
> * Are there plans for supporting HTTP/2 (with TLS) connections via corporate
> HTTP-proxies?
> ** If yes: is there a schedule?
> * Could you please add documentation to "https://hc.apache.org"; that makes
> it clear that the HTTP/2 implementation does currently not support
> HTTP-proxies?
> ** This alone could save people hours of programming something that has no
> chance to work and debugging afterwards
> ** The only clear statement I found regarding that topic was at a migration
> guide
> ("https://ok2c.github.io/httpclient-migration-guide/migration-to-async-http2.html";)
> *Observations while trying to establish a HTTP/2 connection via proxy:*
> The observations can be made using the following minimal example with
> {{[proxy_ip]:[proxy_port]}} replaced with host and port of an actual
> HTTP-Proxy:
> {code:java}
> CloseableHttpAsyncClient client = HttpAsyncClients.custom()
> .setVersionPolicy(HttpVersionPolicy.FORCE_HTTP_2)
> .setProxy(HttpHost.create("[proxy_ip]:[proxy_port]")).build();
> client.start();
> // throws org.apache.hc.core5.http.ConnectionClosedException
> client.execute(SimpleHttpRequests.get("https://http2.pro/client";),
> null).get();
> {code}
> The above code throws the following Exception:
> {code:java}
> Exception in thread "main" java.util.concurrent.ExecutionException:
> org.apache.hc.core5.http.ConnectionClosedException: Connection is closed
> at
> org.apache.hc.core5.concurrent.BasicFuture.getResult(BasicFuture.java:72)
> at org.apache.hc.core5.concurrent.BasicFuture.get(BasicFuture.java:85)
> at com.test.MinimalProxyTest.basicTest(MinimalProxyTest.java:41)
> at com.test.MinimalProxyTest.main(MinimalProxyTest.java:23)
> Caused by: org.apache.hc.core5.http.ConnectionClosedException: Connection is
> closed
> at
> org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(AbstractH2StreamMultiplexer.java:661)
> at
> org.apache.hc.core5.http2.impl.nio.AbstractH2IOEventHandler.exception(AbstractH2IOEventHandler.java:91)
> at
> org.apache.hc.core5.http2.impl.nio.ClientH2IOEventHandler.exception(ClientH2IOEventHandler.java:39)
> at
> org.apache.hc.core5.reactor.InternalDataChannel.onException(InternalDataChannel.java:162)
> at
> org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:55)
> at
> org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:179)
> at
> org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:128)
> at
> org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:85)
> at
> org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
> at java.base/java.lang.Thread.run(Thread.java:832)
> {code}
> * There is no exception thrown that makes clear that this constellation
> (HTTP/2 + Proxy) is not supported
> ** Even though I found
> {{org.apache.hc.client5.http.impl.async.InternalHttpAsyncClient.determineRoute(HttpHost,
> HttpClientContext)}} with {{throw new HttpException("HTTP/2 tunneling not
> supported")}} which is not triggered because
> {{HttpClientContext.getProtocolVersion()}} returns {{HTTP-1.1}}
> * Looking at the Logs I see that the HTTP/2 request was tried to be
> performed unencrypted and the Proxy sends {{HTTP/1.0 400 Bad Request}} and
> closes the connection
> * Also in the logs I can see {{Code FRAME_SIZE_ERROR}} and {{Frame size
> exceeds maximum}} which might be caused by trying to consume the HTTP-1.1
> proxy response as HTTP/2
> ** The associated Exception ({{H2ConnectionException: Frame size exceeds
> maximum}}) is omitted in
> {{org.apache.hc.core5.http2.impl.nio.AbstractH2StreamMultiplexer.onException(Exception)}}
> where {{((ExecutableCommand) command).failed(new
> ConnectionClosedException())}} is called
> *What can be done?*
> If I wanted to support you in implementing the HTTP/2 via proxy support where
> would I have to start?
> * When I understand the situation right then we are almost there and the
> only problem is that the HTTP/2 request is tried to be performed without
> encryption
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
