Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http-kit doesn't get past fastly - "Requested host does not match any Subject Alternative Names (SANs)" #525

Closed
JohnnyJayJay opened this issue Jun 22, 2023 · 3 comments
Closed

http-kit doesn't get past fastly - "Requested host does not match any Subject Alternative Names (SANs)" #525

JohnnyJayJay opened this issue Jun 22, 2023 · 3 comments

Comments

@JohnnyJayJay
Copy link

Something in http-kit's default behaviour causes some requests to fail that need to get past fastly. I do not understand the error or what it means – what I know is that it occurs for me only if I make a request via http-kit and not via other means (curl, other Clojure libraries).

Here are two request to https://xkcd.com from my machine (Arch Linux):

Using java-http-clj:

{:status 200,
 :body "...",
 :version :http1.1,
 :headers
 {"x-cache" "HIT, HIT",
  "x-timer" "S1687458919.940590,VS0,VE0",
  "server" "nginx",
  "age" "97",
  "via" ";; => 1.1 varnish, 1.1 varnish",
  "content-type" "text/html; charset=UTF-8",
  "content-length" "7514",
  "connection" "keep-alive",
  "accept-ranges" "bytes",
  "expires" "Wed, 21 Jun 2023 22:01:22 GMT",
  "etag" "\"649371c5-1d5a\"",
  "x-cache-hits" "2, 3",
  "date" "Thu, 22 Jun 2023 18:35:18 GMT",
  "vary" "Accept-Encoding",
  "last-modified" "Wed, 21 Jun 2023 21:55:17 GMT",
  "cache-control" "max-age=300",
  "x-served-by" "cache-dfw-kdfw8210033-DFW, cache-fra-eddf8230061-FRA"}}

Using http-kit:

{:opts {:method :get, :url "https://xkcd.com"},
 :body
 "Requested host does not match any Subject Alternative Names (SANs) on TLS certificate [5fad8fbd0ff0dd40aa328467a6de02b5e76e047fef7c94b7f39f6fd524936ed1] in use with this connection.\r\n\r\nVisit https://docs.fastly.com/en/guides/common-400-errors#error-421-misdirected-request for more information.\r\n\r",
 :headers
 {:connection "keep-alive",
  :content-length "297",
  :content-type "text/plain; charset=utf-8",
  :x-served-by "cache-fra-eddf8230112"},
 :status 421}

Both were sent as plain GET, no additional configuration. Does anyone have any idea what could be wrong here?
@JohnnyJayJay
Copy link
Author

Appears to be duplicate of #393
Applying the workaround there seems to fix my issue.

@ptaoussanis
Copy link
Member

@JohnnyJayJay Hi Johnny, thanks for the update. Please note that no workaround should be necessary for the latest http-kit release.

Cheers :-)

@JohnnyJayJay
Copy link
Author

@JohnnyJayJay Hi Johnny, thanks for the update. Please note that no workaround should be necessary for the latest http-kit release.

Cheers :-)

Thanks, that works. Dependency upgrade task didn't pick it up because it's just a RC.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ptaoussanis @JohnnyJayJay