Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: HTTP/2 POST via Akamai (maybe) corrupted #13637
I am currently chasing down a poor interaction between Go's HTTP/2, github.com/xenolf/lego, github.com/letsencrypt/boulder and Akamai:
The server is seeing different bytes in the body of the POST depending on if the connection comes in as HTTP/2 or not.
I do not have any evidence yet that Go's HTTP/2 is implicated in this, but Brad asked me to file this while we are looking for more info.
I am using:
lego from commit bf740fa2cafb7d6deb0911792a13f37ef5995a03
With http2VerboseLogs on, here is a repro:
$ ./lego -m "firstname.lastname@example.org" -s "https://acme-staging.api.letsencrypt.org/directory" -d nella.org -d blog.nella.org run
Lines marked with ** above are debugging I added into lego's jws.go in order to know exactly what was passed into http.Post.
You can use the repro case exactly as this. The email@example.com account does not exist in staging, so it will always try to make a new one and fail on the POST new-reg.
The problem, as I see it, is that I can't get visibility into what's coming out of Akami's nginix and going towards letencrypt's origin server.
Rather than editing h2_bundle.go directly (which is kind of ugly), I find it easier to modify golang.org/x/net/http2 instead and then run the bundle command to bring it into net/http:
#!/bin/bash set -e go get golang.org/x/tools/cmd/bundle bundle golang.org/x/net/http2 net/http http2 > /tmp/bund.go mv /tmp/bund.go $GOROOT/go/src/net/http/h2_bundle.go
The logs above are too verbose. I think we only care about the headers and data the h1 and h2 transports write. (not read)