Skip to content

HTTPS RR from DoH is ignored #16966

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pkropachev opened this issue Apr 4, 2025 · 2 comments
Closed

HTTPS RR from DoH is ignored #16966

pkropachev opened this issue Apr 4, 2025 · 2 comments
Assignees
@icing

Comments

@pkropachev
Copy link
Contributor

pkropachev commented Apr 4, 2025
edited
Loading

I did this

Hello team!

I use DoH to resolve the HTTP server.

curl -v --doh-insecure --doh-url https://dns.testdomain.com/dns-query https://caddy.testdomain.com -k --trace-config dns

HTTP server supports h3 protocol, DNS and DoH provides corresponding resource record.

dig +https @dns.testdomain.com caddy.testdomain.com HTTPS

; <<>> DiG 9.18.30-0ubuntu0.20.04.2-Ubuntu <<>> +https @dns.testdomain.com caddy.testdomain.com HTTPS
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61212
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 5cae24108992288a0100000067eff66c85679ebea66a93e9 (good)
;; QUESTION SECTION:
;caddy.testdomain.com.		IN	HTTPS

;; ANSWER SECTION:
caddy.testdomain.com.	172800	IN	HTTPS	1 . alpn="h3,h2"

;; ADDITIONAL SECTION:
caddy.testdomain.com.	172800	IN	A	192.168.222.100

;; Query time: 0 msec
;; SERVER: 192.168.222.3#443(dns.testdomain.com) (HTTPS)
;; WHEN: Fri Apr 04 18:10:36 MSK 2025
;; MSG SIZE  rcvd: 118

But by some reason curl uses h2 protocol to work with HTTP server. It looks like curl ignores HTTPS RR from DoH.

* [DNS] asyn-ares: fire off query for HTTPSRR
* [DNS] Connection #1 is not open enough, cannot reuse
* [DNS] Found pending candidate for reuse and CURLOPT_PIPEWAIT is set
* [DNS] No connections available.
* [DNS] Connection #1 is not open enough, cannot reuse
* [DNS] Found pending candidate for reuse and CURLOPT_PIPEWAIT is set
* [DNS] No connections available.
* [DNS] Host dns.testdomain.com:443 was resolved.
* [DNS] IPv6: (none)
* [DNS] IPv4: 192.168.222.3
* [DNS]   Trying 192.168.222.3:443...
* [DNS] ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* [DNS] SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* [DNS] ALPN: server accepted h2
* [DNS] Server certificate:
...
* [DNS]  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* [DNS]   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* [DNS] Connected to dns.testdomain.com (192.168.222.3) port 443
* [DNS] using HTTP/2
* [DNS] [HTTP/2] [1] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [1] [:method: POST]
* [DNS] [HTTP/2] [1] [:scheme: https]
* [DNS] [HTTP/2] [1] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [1] [:path: /dns-query]
* [DNS] [HTTP/2] [1] [accept: */*]
* [DNS] [HTTP/2] [1] [content-type: application/dns-message]
* [DNS] [HTTP/2] [1] [content-length: 38]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 38
> 
* [DNS] upload completely sent off: 38 bytes
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* [DNS] Multiplexed connection found
* [DNS] Re-using existing https: connection with host dns.testdomain.com
* [DNS] [HTTP/2] [3] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [3] [:method: POST]
* [DNS] [HTTP/2] [3] [:scheme: https]
* [DNS] [HTTP/2] [3] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [3] [:path: /dns-query]
* [DNS] [HTTP/2] [3] [accept: */*]
* [DNS] [HTTP/2] [3] [content-type: application/dns-message]
* [DNS] [HTTP/2] [3] [content-length: 38]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 38
> 
* [DNS] upload completely sent off: 38 bytes
* [DNS] Multiplexed connection found
* [DNS] Re-using existing https: connection with host dns.testdomain.com
* [DNS] [HTTP/2] [5] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [5] [:method: POST]
* [DNS] [HTTP/2] [5] [:scheme: https]
* [DNS] [HTTP/2] [5] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [5] [:path: /dns-query]
* [DNS] [HTTP/2] [5] [accept: */*]
* [DNS] [HTTP/2] [5] [content-type: application/dns-message]
* [DNS] [HTTP/2] [5] [content-length: 38]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 38
> 
* [DNS] upload completely sent off: 38 bytes
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 54
< cache-control: max-age=172800
< 
* [DNS] a DoH request is completed, 2 to go
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 89
< cache-control: max-age=7200
< 
* [DNS] a DoH request is completed, 1 to go
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 79
< cache-control: max-age=172800
< 
* [DNS] Connection #1 to host dns.testdomain.com left intact
* [DNS] a DoH request is completed, 0 to go
* [DNS] hostname: caddy.testdomain.com
* [DoH] TTL: 172800 seconds
* [DoH] A: 192.168.222.100
* DoH HTTPS RR: length 13
* [DNS] HTTPS RR ALPN: 32 16 0 0
* Some HTTPS RR to process
* Host caddy.testdomain.com:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.222.100
*   Trying 192.168.222.100:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
...
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to caddy.testdomain.com (192.168.222.100) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://caddy.testdomain.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: caddy.testdomain.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.13.1-DEV]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: caddy.testdomain.com
> User-Agent: curl/8.13.1-DEV
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/2 200 
< alt-svc: h3=":443"; ma=2592000
< content-type: text/plain; charset=utf-8
< server: Caddy
< content-length: 36
< date: Fri, 04 Apr 2025 15:06:08 GMT
< 
* Connection #0 to host caddy.testdomain.com left intact
Hello, world! you are using HTTP/2.0

According to Wireshark, curl sends query for HTTPS type and gets response from DoH.

Image

Image

I expected the following

curl handles response from DoH and uses the corresponding HTTP protocol.

curl/libcurl version

curl 8.13.1-DEV

operating system

Ubuntu 20.04.6
@icing icing self-assigned this Apr 4, 2025
icing added a commit to icing/curl that referenced this issue Apr 4, 2025
@icing
https-connect, fix httpsrr target check
b111e86 
Stupidly, the HTTPSRR check on the record's target was not
working as it used the wrong index on the NUL byte if the
target was not NULL.

refs curl#16966
@icing icing mentioned this issue Apr 4, 2025
Closed
@icing
Copy link
Contributor

icing commented Apr 4, 2025

@pkropachev, oh my. there was a silly mistake when checking the target of the httpsrr record. Fixed in #16968.

Would be nice if you could verify. Thanks!

@pkropachev
Copy link
Contributor Author

@icing, fix works for me! Thanks!

HTTPS RR is advertised by DoH for HTTP server1.

dig +https @dns.testdomain.com caddy.testdomain.com -t ANY
...
;; ANSWER SECTION:
caddy.testdomain.com.	172800	IN	HTTPS	1 . alpn="h3,h2"
caddy.testdomain.com.	172800	IN	A	192.168.222.100

;; Query time: 0 msec
;; SERVER: 192.168.222.3#443(dns.testdomain.com) (HTTPS)
;; WHEN: Fri Apr 04 19:33:30 MSK 2025
;; MSG SIZE  rcvd: 118

In result, curl uses h3 to connect to server1.

curl -v --doh-insecure --doh-url https://dns.testdomain.com/dns-query https://caddy.testdomain.com -k --trace-config dns
* [DNS] asyn-ares: fire off query for HTTPSRR
* [DNS] Connection #1 is not open enough, cannot reuse
* [DNS] Found pending candidate for reuse and CURLOPT_PIPEWAIT is set
* [DNS] No connections available.
* [DNS] Connection #1 is not open enough, cannot reuse
* [DNS] Found pending candidate for reuse and CURLOPT_PIPEWAIT is set
* [DNS] No connections available.
* [DNS] Host dns.testdomain.com:443 was resolved.
* [DNS] IPv6: (none)
* [DNS] IPv4: 192.168.222.3
* [DNS]   Trying 192.168.222.3:443...
* [DNS] ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* [DNS] SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* [DNS] ALPN: server accepted h2
* [DNS] Server certificate:
...
* [DNS]   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* [DNS] Connected to dns.testdomain.com (192.168.222.3) port 443
* [DNS] using HTTP/2
* [DNS] [HTTP/2] [1] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [1] [:method: POST]
* [DNS] [HTTP/2] [1] [:scheme: https]
* [DNS] [HTTP/2] [1] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [1] [:path: /dns-query]
* [DNS] [HTTP/2] [1] [accept: */*]
* [DNS] [HTTP/2] [1] [content-type: application/dns-message]
* [DNS] [HTTP/2] [1] [content-length: 38]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 38
> 
* [DNS] upload completely sent off: 38 bytes
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* [DNS] Multiplexed connection found
* [DNS] Re-using existing https: connection with host dns.testdomain.com
* [DNS] [HTTP/2] [3] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [3] [:method: POST]
* [DNS] [HTTP/2] [3] [:scheme: https]
* [DNS] [HTTP/2] [3] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [3] [:path: /dns-query]
* [DNS] [HTTP/2] [3] [accept: */*]
* [DNS] [HTTP/2] [3] [content-type: application/dns-message]
* [DNS] [HTTP/2] [3] [content-length: 38]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 38
> 
* [DNS] upload completely sent off: 38 bytes
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 54
< cache-control: max-age=172800
< 
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 89
< cache-control: max-age=7200
< 
* [DNS] a DoH request is completed, 2 to go
* [DNS] Connection #1 to host dns.testdomain.com left intact
* [DNS] a DoH request is completed, 1 to go
* [DNS] Re-using existing https: connection with host dns.testdomain.com
* [DNS] [HTTP/2] [5] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [5] [:method: POST]
* [DNS] [HTTP/2] [5] [:scheme: https]
* [DNS] [HTTP/2] [5] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [5] [:path: /dns-query]
* [DNS] [HTTP/2] [5] [accept: */*]
* [DNS] [HTTP/2] [5] [content-type: application/dns-message]
* [DNS] [HTTP/2] [5] [content-length: 38]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 38
> 
* [DNS] upload completely sent off: 38 bytes
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 79
< cache-control: max-age=172800
< 
* [DNS] Connection #1 to host dns.testdomain.com left intact
* [DNS] a DoH request is completed, 0 to go
* [DNS] hostname: caddy.testdomain.com
* [DoH] TTL: 172800 seconds
* [DoH] A: 192.168.222.100
* DoH HTTPS RR: length 13
* [DNS] HTTPS RR ALPN: 32 16 0 0
* Some HTTPS RR to process
* Host caddy.testdomain.com:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.222.100
*   Trying 192.168.222.100:443...
* Server certificate:
...
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to caddy.testdomain.com (192.168.222.100) port 443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://caddy.testdomain.com/
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: caddy.testdomain.com]
* [HTTP/3] [0] [:path: /]
* [HTTP/3] [0] [user-agent: curl/8.13.1-DEV]
* [HTTP/3] [0] [accept: */*]
> GET / HTTP/3
> Host: caddy.testdomain.com
> User-Agent: curl/8.13.1-DEV
> Accept: */*
> 
* Request completely sent off
< HTTP/3 200 
< date: Fri, 04 Apr 2025 16:35:09 GMT
< content-length: 36
< server: Caddy
< content-type: text/plain; charset=utf-8
< 
* Connection #0 to host caddy.testdomain.com left intact
Hello, world! you are using HTTP/3.0

HTTPS RR is not advertised by DoH for HTTP server2.

dig +https @dns.testdomain.com httpbin.testdomain.com -t ANY
...
;; ANSWER SECTION:
httpbin.testdomain.com.	172800	IN	A	192.168.222.2

;; Query time: 0 msec
;; SERVER: 192.168.222.3#443(dns.testdomain.com) (HTTPS)
;; WHEN: Fri Apr 04 19:35:52 MSK 2025
;; MSG SIZE  rcvd: 95

So, curl uses h2 by default.

curl -v --doh-insecure --doh-url https://dns.testdomain.com/dns-query https://httpbin.testdomain.com/headers -k --trace-config dns
* [DNS] asyn-ares: fire off query for HTTPSRR
* [DNS] Connection #1 is not open enough, cannot reuse
* [DNS] Found pending candidate for reuse and CURLOPT_PIPEWAIT is set
* [DNS] No connections available.
* [DNS] Connection #1 is not open enough, cannot reuse
* [DNS] Found pending candidate for reuse and CURLOPT_PIPEWAIT is set
* [DNS] No connections available.
* [DNS] Host dns.testdomain.com:443 was resolved.
* [DNS] IPv6: (none)
* [DNS] IPv4: 192.168.222.3
* [DNS]   Trying 192.168.222.3:443...
* [DNS] ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* [DNS] SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* [DNS] ALPN: server accepted h2
* [DNS] Server certificate:
...
* [DNS]   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* [DNS] Connected to dns.testdomain.com (192.168.222.3) port 443
* [DNS] using HTTP/2
* [DNS] [HTTP/2] [1] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [1] [:method: POST]
* [DNS] [HTTP/2] [1] [:scheme: https]
* [DNS] [HTTP/2] [1] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [1] [:path: /dns-query]
* [DNS] [HTTP/2] [1] [accept: */*]
* [DNS] [HTTP/2] [1] [content-type: application/dns-message]
* [DNS] [HTTP/2] [1] [content-length: 40]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 40
> 
* [DNS] upload completely sent off: 40 bytes
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 56
< cache-control: max-age=172800
< 
* [DNS] Connection #1 to host dns.testdomain.com left intact
* [DNS] a DoH request is completed, 2 to go
* [DNS] Re-using existing https: connection with host dns.testdomain.com
* [DNS] [HTTP/2] [3] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [3] [:method: POST]
* [DNS] [HTTP/2] [3] [:scheme: https]
* [DNS] [HTTP/2] [3] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [3] [:path: /dns-query]
* [DNS] [HTTP/2] [3] [accept: */*]
* [DNS] [HTTP/2] [3] [content-type: application/dns-message]
* [DNS] [HTTP/2] [3] [content-length: 40]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 40
> 
* [DNS] upload completely sent off: 40 bytes
* [DNS] Multiplexed connection found
* [DNS] Re-using existing https: connection with host dns.testdomain.com
* [DNS] [HTTP/2] [5] OPENED stream for https://dns.testdomain.com/dns-query
* [DNS] [HTTP/2] [5] [:method: POST]
* [DNS] [HTTP/2] [5] [:scheme: https]
* [DNS] [HTTP/2] [5] [:authority: dns.testdomain.com]
* [DNS] [HTTP/2] [5] [:path: /dns-query]
* [DNS] [HTTP/2] [5] [accept: */*]
* [DNS] [HTTP/2] [5] [content-type: application/dns-message]
* [DNS] [HTTP/2] [5] [content-length: 40]
> POST /dns-query HTTP/2
> Host: dns.testdomain.com
> Accept: */*
> Content-Type: application/dns-message
> Content-Length: 40
> 
* [DNS] upload completely sent off: 40 bytes
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 91
< cache-control: max-age=7200
< 
< HTTP/2 200 
< content-type: application/dns-message
< content-length: 91
< cache-control: max-age=7200
< 
* [DNS] a DoH request is completed, 1 to go
* [DNS] Connection #1 to host dns.testdomain.com left intact
* [DNS] a DoH request is completed, 0 to go
* [DNS] hostname: httpbin.testdomain.com
* [DoH] TTL: 172800 seconds
* [DoH] A: 192.168.222.2
* Host httpbin.testdomain.com:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.222.2
*   Trying 192.168.222.2:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
...
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to httpbin.testdomain.com (192.168.222.2) port 443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://httpbin.testdomain.com/headers
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: httpbin.testdomain.com]
* [HTTP/2] [1] [:path: /headers]
* [HTTP/2] [1] [user-agent: curl/8.13.1-DEV]
* [HTTP/2] [1] [accept: */*]
> GET /headers HTTP/2
> Host: httpbin.testdomain.com
> User-Agent: curl/8.13.1-DEV
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Request completely sent off
< HTTP/2 200 
< server: nginx/1.22.1
< date: Fri, 04 Apr 2025 16:37:07 GMT
< content-type: application/json
< content-length: 118
< access-control-allow-origin: *
< access-control-allow-credentials: true
< 
{
  "headers": {
    "Accept": "*/*",
    "Host": "httpbin.testdomain.com",
    "User-Agent": "curl/8.13.1-DEV"
  }
}
* Connection #0 to host httpbin.testdomain.com left intact

@bagder bagder closed this as completed in 4f3c22d Apr 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@icing icing

Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@icing @pkropachev