GNU Social user cannot follow mastodon users (500 error)

[rugk]

When I go to https://mastodon.social/users/tchncs/remote_follow as a GNU Social user (rugk [at] gnusocial.de) and enter the name/server there, I just get a 500 error.

We're sorry, but something went wrong.

curl 'https://mastodon.social/users/tchncs/remote_follow' -H 'Host: mastodon.social' -H 'User-Agent: Mozilla/5.0 ([…] Linux x86_64; rv:54.0) […] Firefox/54.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: de,en-US;q=0.7,en;q=0.3' --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Referer: https://mastodon.social/users/tchncs/remote_follow' -H 'Cookie: _mastodon_session=eTF5[…]' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'Cache-Control: max-age=0' --data 'utf8=%E2%9C%93&authenticity_token=InhOQ8[…]JBgblXg%3D%3D&remote_follow%5Bacct%5D=rugk%40gnusocial.de&button='

On https://social.tchncs.de/users/beli3ver/remote_follow I do the same and get a different error. I get a 500 error too, but a different error message.

We're sorry, but this instance looks down from here!

Something may not be healthy or it's a restart after updates, please give us some time, you will be redirected automaticly.

...Maybe you wanna explore our mainpage while you're waiting... .

10 seconds until trying to reconnect... .

curl 'https://social.tchncs.de/users/beli3ver/remote_follow' --2.0 -H 'Host: social.tchncs.de' -H 'User-Agent: Mozilla/5.0 ([…]; Linux x86_64; rv:54.0) […] Firefox/54.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: de,en-US;q=0.7,en;q=0.3' --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Referer: https://social.tchncs.de/users/beli3ver/remote_follow' -H 'Cookie: _mastodon_session=N0N6NzUxOHI[…]0a' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'Cache-Control: max-age=0' --data 'utf8=%E2%9C%93&authenticity_token=Wq8ncDwf04Tqq[…]g%3D%3D&remote_follow%5Bacct%5D=rugk%40gnusocial.de&button='

Note that I can follow both accounts when I use a GNUSocial-internal search for the users, and click on GNUSocial-internal follow button.
The toots are missing, but that's another issue. (edit: opened at #4256)

---

• I searched or browsed the repo’s other issues to ensure this is not a duplicate.
• This bug happens on a tagged release and not on master (If you're a user, don't worry about this).

Ref. for German-speaking users here is the previous discussion: https://gnusocial.de/notice/10717763

[unarist]

[12] pry(main)> r = HTTP.get('https://gnusocial.de/.well-known/webfinger?resource=rugk@gnusocial.de')
[httplog] GET https://gnusocial.de/.well-known/webfinger?resource=rugk@gnusocial.de completed with status code 200 in 1.7955785000085598 seconds
=> #<HTTP::Response/1.1 200 OK {"Date"=>"Sat, 22 Jul 2017 17:58:54 GMT", "Server"=>"Apache/2.4.25 (Debian)", "Upgrade"=>"h2,h2c", "Connection"=>"Upgrade, close", "Vary"=>"Accept-Encoding,Cookie", "Content-Length"=>"1610", "Content-Type"=>"application/jrd+json"}>
[13] pry(main)> r.to_s
=> ""

However, I can get correct response with Net::HTTP.

[15] pry(main)> Net::HTTP.get_print URI.parse('https://gnusocial.de/.well-known/webfinger?resource=rugk@gnusocial.de')
{"subject":"acct:rugk@gnusocial.de","aliases":....}[httplog] GET http://gnusocial.de:443/.well-known/webfinger?resource=rugk@gnusocial.de completed with status code 200 in 0.34804549999535084 seconds
=> nil

So...maybe a bug on HTTP.rb?

[rugk]

As for the second thing there, you maybe also want to use HTTPS here:

[httplog] GET http://gnusocial.de:443

Kinda strange to use HTTP over port 443. (and also not secure) This could also be an/the issue or the log is incorrect…

[Gargron]

That's just the log syntax. HTTP is the name of protocol, TLS or not.

[unarist]

gnusocial.de always returns Upgrade: h2, h2o as a advertisement that it supports those protocols. However, http_parser C library used in http_parser.rb treats it as an actual upgrading, and stop processing response body.

This issue was fixed in that C library in April (nodejs/http-parser#363), but http_parser.rb still uses very old commit.

Well, I've filed an issue on http.rb (httprb/http#422).

[vinzv]

To give some more input, this is my http2 config (Debian Jessie/Apache):

Protocols h2 h2c http/1.1
H2Push          on
H2PushPriority  *                       after
H2PushPriority  text/css                before
H2PushPriority  image/jpeg              after   32
H2PushPriority  image/png               after   32
H2PushPriority  application/javascript  interleaved

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL$

After I deactivated it and deactivated the http2 apache module remote following is working again.