Description of Problem:
Fails to download files via curl if http2 is used. Consider providing way to disable HTTP2 - it was not working with latest version of curl, atleast on alpine linux
OpenSCAP Error: Download failed: Stream error in the HTTP/2 framing layer [/home/buildozer/aports/community/openscap/src/openscap-1.3.10/src/common/oscap_acquire.c:405]
OpenSCAP Version:
Operating System & Version:
Alpine 3.20 docker image
openscap 1.3.10
Steps to Reproduce:
- run xccdf eval on debian 12 - e.g.
oscap-docker image debian:12 xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_cis_level2_server --results /report/ssg-results.xml --report /report/ssg-results.html /ssg/scap-security-guide-0.1.75/ssg-debian12-ds.xml;
- tries to fetch oval files and fails on HTTP2 frame - likely bug in curl
Actual Results:
Expected Results:
There is no way to force HTTP1.1 - i tried using .curlrc file but it did not help
Additional Information / Debugging Steps:
To quote from https://www.rfc-editor.org/rfc/rfc9113.html#name-connection-specific-header- headers like 'TE' are not allowed in HTTP/2 and lead to a stream reset. Apache is correct in its behaviour.
The question is now: is the libcurl application wrong in adding the header or should curl, when selecting HTTP/2, automatically strip the header from the request.
Description of Problem:
Fails to download files via curl if http2 is used. Consider providing way to disable HTTP2 - it was not working with latest version of curl, atleast on alpine linux
OpenSCAP Error: Download failed: Stream error in the HTTP/2 framing layer [/home/buildozer/aports/community/openscap/src/openscap-1.3.10/src/common/oscap_acquire.c:405]
OpenSCAP Version:
Operating System & Version:
Alpine 3.20 docker image
openscap 1.3.10
Steps to Reproduce:
oscap-docker image debian:12 xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_cis_level2_server --results /report/ssg-results.xml --report /report/ssg-results.html /ssg/scap-security-guide-0.1.75/ssg-debian12-ds.xml;
Actual Results:
Expected Results:
There is no way to force HTTP1.1 - i tried using .curlrc file but it did not help
Additional Information / Debugging Steps:
To quote from https://www.rfc-editor.org/rfc/rfc9113.html#name-connection-specific-header- headers like 'TE' are not allowed in HTTP/2 and lead to a stream reset. Apache is correct in its behaviour.
The question is now: is the libcurl application wrong in adding the header or should curl, when selecting HTTP/2, automatically strip the header from the request.