curl: (56) Unexpected EOF

classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|

curl: (56) Unexpected EOF

Glen Peterson
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Joakim Erdfelt-8
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Joakim Erdfelt-8
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Greg Wilkins
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
It *works* with http1.1 (I will also look more at the fat-jar thing):

$ curl --http1.1 --verbose --insecure https://localhost:8443 -D headers.txt
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  start date: Oct  2 20:53:35 2019 GMT
*  expire date: Oct  2 20:53:35 2022 GMT
*  issuer: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 178
< Server: Jetty(9.4.20.v20190813)
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Test Page</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>Working.</p>
  </body>
</html>
* Connection #0 to host localhost left intact

On Fri, Oct 4, 2019 at 6:32 PM Greg Wilkins <[hidden email]> wrote:
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
I may have been able to really simplify my example.  Here's the entire main method that works when run from class files, and fails when run from the jar:

val bb: ByteBuffer = ByteBuffer.allocate(100)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_0)
logger.info("hello world http 1.0: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_1)
logger.info("hello world http 1.1: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_2)
logger.info("hello world http 2: " + bb)

OUTPUT (from Jar - breaks):
hello world http 1.0: java.nio.HeapByteBuffer[pos=14 lim=100 cap=100]
hello world http 1.1: java.nio.HeapByteBuffer[pos=28 lim=100 cap=100]
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.organicdesign.classVsJar.ClazzVsJarKt.main(ClazzVsJar.kt:84)

From classes it ends with:
hello world http 2: java.nio.HeapByteBuffer[pos=39 lim=100 cap=100]


Greg Wilkins:
    logger.info("http1fieldpreEncoderVersion = " + org.eclipse.jetty.http.Http1FieldPreEncoder().httpVersion)
    logger.info("http2fieldpreEncoderVersion = " + org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder().httpVersion)

Output:
  http1fieldpreEncoderVersion = HTTP/1.0
  http2fieldpreEncoderVersion = HTTP/2.0

So both are in the Jar and successfully loaded by the JVM.  Maybe I'm getting an older version of one of them from another jar?  Presumably another jetty jar?  My IDE doesn't give me a choice for where to import them from, so I don't know where another version could be coming from.


On Fri, Oct 4, 2019 at 7:34 PM Glen Peterson <[hidden email]> wrote:
It *works* with http1.1 (I will also look more at the fat-jar thing):

$ curl --http1.1 --verbose --insecure https://localhost:8443 -D headers.txt
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  start date: Oct  2 20:53:35 2019 GMT
*  expire date: Oct  2 20:53:35 2022 GMT
*  issuer: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 178
< Server: Jetty(9.4.20.v20190813)
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Test Page</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>Working.</p>
  </body>
</html>
* Connection #0 to host localhost left intact

On Fri, Oct 4, 2019 at 6:32 PM Greg Wilkins <[hidden email]> wrote:
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Greg Wilkins

Glen,

it is not a matter of if the classes are in the jar or not.  It is a matter of if the META-INF/services has been correctly configured to load them with the ServiceLoader.

Does your jar have a META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder  file and if so, what is it's contents?



On Sat, 5 Oct 2019 at 10:05, Glen Peterson <[hidden email]> wrote:
I may have been able to really simplify my example.  Here's the entire main method that works when run from class files, and fails when run from the jar:

val bb: ByteBuffer = ByteBuffer.allocate(100)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_0)
logger.info("hello world http 1.0: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_1)
logger.info("hello world http 1.1: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_2)
logger.info("hello world http 2: " + bb)

OUTPUT (from Jar - breaks):
hello world http 1.0: java.nio.HeapByteBuffer[pos=14 lim=100 cap=100]
hello world http 1.1: java.nio.HeapByteBuffer[pos=28 lim=100 cap=100]
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.organicdesign.classVsJar.ClazzVsJarKt.main(ClazzVsJar.kt:84)

From classes it ends with:
hello world http 2: java.nio.HeapByteBuffer[pos=39 lim=100 cap=100]


Greg Wilkins:
    logger.info("http1fieldpreEncoderVersion = " + org.eclipse.jetty.http.Http1FieldPreEncoder().httpVersion)
    logger.info("http2fieldpreEncoderVersion = " + org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder().httpVersion)

Output:
  http1fieldpreEncoderVersion = HTTP/1.0
  http2fieldpreEncoderVersion = HTTP/2.0

So both are in the Jar and successfully loaded by the JVM.  Maybe I'm getting an older version of one of them from another jar?  Presumably another jetty jar?  My IDE doesn't give me a choice for where to import them from, so I don't know where another version could be coming from.


On Fri, Oct 4, 2019 at 7:34 PM Glen Peterson <[hidden email]> wrote:
It *works* with http1.1 (I will also look more at the fat-jar thing):

$ curl --http1.1 --verbose --insecure https://localhost:8443 -D headers.txt
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  start date: Oct  2 20:53:35 2019 GMT
*  expire date: Oct  2 20:53:35 2022 GMT
*  issuer: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 178
< Server: Jetty(9.4.20.v20190813)
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Test Page</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>Working.</p>
  </body>
</html>
* Connection #0 to host localhost left intact

On Fri, Oct 4, 2019 at 6:32 PM Greg Wilkins <[hidden email]> wrote:
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
Yes.  It has a single line:
org.eclipse.jetty.http.Http1FieldPreEncoder

Should it have 2 lines?  What if I just disallow that file altogether?

On Fri, Oct 4, 2019 at 8:10 PM Greg Wilkins <[hidden email]> wrote:

Glen,

it is not a matter of if the classes are in the jar or not.  It is a matter of if the META-INF/services has been correctly configured to load them with the ServiceLoader.

Does your jar have a META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder  file and if so, what is it's contents?



On Sat, 5 Oct 2019 at 10:05, Glen Peterson <[hidden email]> wrote:
I may have been able to really simplify my example.  Here's the entire main method that works when run from class files, and fails when run from the jar:

val bb: ByteBuffer = ByteBuffer.allocate(100)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_0)
logger.info("hello world http 1.0: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_1)
logger.info("hello world http 1.1: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_2)
logger.info("hello world http 2: " + bb)

OUTPUT (from Jar - breaks):
hello world http 1.0: java.nio.HeapByteBuffer[pos=14 lim=100 cap=100]
hello world http 1.1: java.nio.HeapByteBuffer[pos=28 lim=100 cap=100]
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.organicdesign.classVsJar.ClazzVsJarKt.main(ClazzVsJar.kt:84)

From classes it ends with:
hello world http 2: java.nio.HeapByteBuffer[pos=39 lim=100 cap=100]


Greg Wilkins:
    logger.info("http1fieldpreEncoderVersion = " + org.eclipse.jetty.http.Http1FieldPreEncoder().httpVersion)
    logger.info("http2fieldpreEncoderVersion = " + org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder().httpVersion)

Output:
  http1fieldpreEncoderVersion = HTTP/1.0
  http2fieldpreEncoderVersion = HTTP/2.0

So both are in the Jar and successfully loaded by the JVM.  Maybe I'm getting an older version of one of them from another jar?  Presumably another jetty jar?  My IDE doesn't give me a choice for where to import them from, so I don't know where another version could be coming from.


On Fri, Oct 4, 2019 at 7:34 PM Glen Peterson <[hidden email]> wrote:
It *works* with http1.1 (I will also look more at the fat-jar thing):

$ curl --http1.1 --verbose --insecure https://localhost:8443 -D headers.txt
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  start date: Oct  2 20:53:35 2019 GMT
*  expire date: Oct  2 20:53:35 2022 GMT
*  issuer: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 178
< Server: Jetty(9.4.20.v20190813)
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Test Page</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>Working.</p>
  </body>
</html>
* Connection #0 to host localhost left intact

On Fri, Oct 4, 2019 at 6:32 PM Greg Wilkins <[hidden email]> wrote:
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
SWEET!  That fixed it.  I just added the line:
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder
And it worked!  Hallelujah!

Is that something I can configure with code?

On Fri, Oct 4, 2019 at 8:12 PM Glen Peterson <[hidden email]> wrote:
Yes.  It has a single line:
org.eclipse.jetty.http.Http1FieldPreEncoder

Should it have 2 lines?  What if I just disallow that file altogether?

On Fri, Oct 4, 2019 at 8:10 PM Greg Wilkins <[hidden email]> wrote:

Glen,

it is not a matter of if the classes are in the jar or not.  It is a matter of if the META-INF/services has been correctly configured to load them with the ServiceLoader.

Does your jar have a META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder  file and if so, what is it's contents?



On Sat, 5 Oct 2019 at 10:05, Glen Peterson <[hidden email]> wrote:
I may have been able to really simplify my example.  Here's the entire main method that works when run from class files, and fails when run from the jar:

val bb: ByteBuffer = ByteBuffer.allocate(100)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_0)
logger.info("hello world http 1.0: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_1)
logger.info("hello world http 1.1: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_2)
logger.info("hello world http 2: " + bb)

OUTPUT (from Jar - breaks):
hello world http 1.0: java.nio.HeapByteBuffer[pos=14 lim=100 cap=100]
hello world http 1.1: java.nio.HeapByteBuffer[pos=28 lim=100 cap=100]
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.organicdesign.classVsJar.ClazzVsJarKt.main(ClazzVsJar.kt:84)

From classes it ends with:
hello world http 2: java.nio.HeapByteBuffer[pos=39 lim=100 cap=100]


Greg Wilkins:
    logger.info("http1fieldpreEncoderVersion = " + org.eclipse.jetty.http.Http1FieldPreEncoder().httpVersion)
    logger.info("http2fieldpreEncoderVersion = " + org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder().httpVersion)

Output:
  http1fieldpreEncoderVersion = HTTP/1.0
  http2fieldpreEncoderVersion = HTTP/2.0

So both are in the Jar and successfully loaded by the JVM.  Maybe I'm getting an older version of one of them from another jar?  Presumably another jetty jar?  My IDE doesn't give me a choice for where to import them from, so I don't know where another version could be coming from.


On Fri, Oct 4, 2019 at 7:34 PM Glen Peterson <[hidden email]> wrote:
It *works* with http1.1 (I will also look more at the fat-jar thing):

$ curl --http1.1 --verbose --insecure https://localhost:8443 -D headers.txt
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  start date: Oct  2 20:53:35 2019 GMT
*  expire date: Oct  2 20:53:35 2022 GMT
*  issuer: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 178
< Server: Jetty(9.4.20.v20190813)
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Test Page</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>Working.</p>
  </body>
</html>
* Connection #0 to host localhost left intact

On Fri, Oct 4, 2019 at 6:32 PM Greg Wilkins <[hidden email]> wrote:
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Greg Wilkins
A good tool to create a fat jar should merged META-INF service files for you.  There are probably a couple of other ones that need to be merged in the code base... more so once you go to jetty 10.

cheers


On Sat, 5 Oct 2019 at 10:16, Glen Peterson <[hidden email]> wrote:
SWEET!  That fixed it.  I just added the line:
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder
And it worked!  Hallelujah!

Is that something I can configure with code?

On Fri, Oct 4, 2019 at 8:12 PM Glen Peterson <[hidden email]> wrote:
Yes.  It has a single line:
org.eclipse.jetty.http.Http1FieldPreEncoder

Should it have 2 lines?  What if I just disallow that file altogether?

On Fri, Oct 4, 2019 at 8:10 PM Greg Wilkins <[hidden email]> wrote:

Glen,

it is not a matter of if the classes are in the jar or not.  It is a matter of if the META-INF/services has been correctly configured to load them with the ServiceLoader.

Does your jar have a META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder  file and if so, what is it's contents?



On Sat, 5 Oct 2019 at 10:05, Glen Peterson <[hidden email]> wrote:
I may have been able to really simplify my example.  Here's the entire main method that works when run from class files, and fails when run from the jar:

val bb: ByteBuffer = ByteBuffer.allocate(100)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_0)
logger.info("hello world http 1.0: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_1)
logger.info("hello world http 1.1: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_2)
logger.info("hello world http 2: " + bb)

OUTPUT (from Jar - breaks):
hello world http 1.0: java.nio.HeapByteBuffer[pos=14 lim=100 cap=100]
hello world http 1.1: java.nio.HeapByteBuffer[pos=28 lim=100 cap=100]
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.organicdesign.classVsJar.ClazzVsJarKt.main(ClazzVsJar.kt:84)

From classes it ends with:
hello world http 2: java.nio.HeapByteBuffer[pos=39 lim=100 cap=100]


Greg Wilkins:
    logger.info("http1fieldpreEncoderVersion = " + org.eclipse.jetty.http.Http1FieldPreEncoder().httpVersion)
    logger.info("http2fieldpreEncoderVersion = " + org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder().httpVersion)

Output:
  http1fieldpreEncoderVersion = HTTP/1.0
  http2fieldpreEncoderVersion = HTTP/2.0

So both are in the Jar and successfully loaded by the JVM.  Maybe I'm getting an older version of one of them from another jar?  Presumably another jetty jar?  My IDE doesn't give me a choice for where to import them from, so I don't know where another version could be coming from.


On Fri, Oct 4, 2019 at 7:34 PM Glen Peterson <[hidden email]> wrote:
It *works* with http1.1 (I will also look more at the fat-jar thing):

$ curl --http1.1 --verbose --insecure https://localhost:8443 -D headers.txt
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  start date: Oct  2 20:53:35 2019 GMT
*  expire date: Oct  2 20:53:35 2022 GMT
*  issuer: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 178
< Server: Jetty(9.4.20.v20190813)
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Test Page</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>Working.</p>
  </body>
</html>
* Connection #0 to host localhost left intact

On Fri, Oct 4, 2019 at 6:32 PM Greg Wilkins <[hidden email]> wrote:
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
I only found the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder file in the org.eclipse.jetty.http2:http2-hpac:9.4.20.v20190813 jar file and it had just the one line in it:
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

Same thing with version 9.4.21.v20190926.  Should I be getting that file from somewhere else?

Looking for documentation, I did the following google searches with no results:
HttpFieldPreEncoder site:https://www.eclipse.org/jetty/documentation/
Http1FieldPreEncoder site:https://www.eclipse.org/jetty/documentation/
HpackFieldPreEncoder site:https://www.eclipse.org/jetty/documentation/

I'm using the Maven Shade plugin.  What would you recommend as a better tool to make a fat jar?  I tried Gradle too, but went back to Maven specifically because the Shade plugin had better debugging info than the Gradle Shadow plugin.  Maybe I just don't know how to work it.

I don't mean to be a pest.  If something is missing, I could try to add it if you think that would be helpful.  Once my bug-report project is working, I was thinking of leaving it out there and renaming it to jetty-http2-example in case it helps others.  The other http2 sample I found was from 2015 and referenced deprecated and now non-existent classes.

On Fri, Oct 4, 2019 at 8:21 PM Greg Wilkins <[hidden email]> wrote:
A good tool to create a fat jar should merged META-INF service files for you.  There are probably a couple of other ones that need to be merged in the code base... more so once you go to jetty 10.

cheers


On Sat, 5 Oct 2019 at 10:16, Glen Peterson <[hidden email]> wrote:
SWEET!  That fixed it.  I just added the line:
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder
And it worked!  Hallelujah!

Is that something I can configure with code?

On Fri, Oct 4, 2019 at 8:12 PM Glen Peterson <[hidden email]> wrote:
Yes.  It has a single line:
org.eclipse.jetty.http.Http1FieldPreEncoder

Should it have 2 lines?  What if I just disallow that file altogether?

On Fri, Oct 4, 2019 at 8:10 PM Greg Wilkins <[hidden email]> wrote:

Glen,

it is not a matter of if the classes are in the jar or not.  It is a matter of if the META-INF/services has been correctly configured to load them with the ServiceLoader.

Does your jar have a META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder  file and if so, what is it's contents?



On Sat, 5 Oct 2019 at 10:05, Glen Peterson <[hidden email]> wrote:
I may have been able to really simplify my example.  Here's the entire main method that works when run from class files, and fails when run from the jar:

val bb: ByteBuffer = ByteBuffer.allocate(100)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_0)
logger.info("hello world http 1.0: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_1_1)
logger.info("hello world http 1.1: " + bb)

PreEncodedHttpField("hello", "world").putTo(bb, HttpVersion.HTTP_2)
logger.info("hello world http 2: " + bb)

OUTPUT (from Jar - breaks):
hello world http 1.0: java.nio.HeapByteBuffer[pos=14 lim=100 cap=100]
hello world http 1.1: java.nio.HeapByteBuffer[pos=28 lim=100 cap=100]
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.organicdesign.classVsJar.ClazzVsJarKt.main(ClazzVsJar.kt:84)

From classes it ends with:
hello world http 2: java.nio.HeapByteBuffer[pos=39 lim=100 cap=100]


Greg Wilkins:
    logger.info("http1fieldpreEncoderVersion = " + org.eclipse.jetty.http.Http1FieldPreEncoder().httpVersion)
    logger.info("http2fieldpreEncoderVersion = " + org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder().httpVersion)

Output:
  http1fieldpreEncoderVersion = HTTP/1.0
  http2fieldpreEncoderVersion = HTTP/2.0

So both are in the Jar and successfully loaded by the JVM.  Maybe I'm getting an older version of one of them from another jar?  Presumably another jetty jar?  My IDE doesn't give me a choice for where to import them from, so I don't know where another version could be coming from.


On Fri, Oct 4, 2019 at 7:34 PM Glen Peterson <[hidden email]> wrote:
It *works* with http1.1 (I will also look more at the fat-jar thing):

$ curl --http1.1 --verbose --insecure https://localhost:8443 -D headers.txt
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  start date: Oct  2 20:53:35 2019 GMT
*  expire date: Oct  2 20:53:35 2022 GMT
*  issuer: C=US; ST=South Carolina; L=Upstate; O=OrganicDesign; OU=Testing; CN=classVsJar.organicdesign.org
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.58.0
> Accept: */*
>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< Content-Type: text/html;charset=utf-8
< Content-Length: 178
< Server: Jetty(9.4.20.v20190813)
<
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>Test Page</title>
  </head>
  <body>
    <h1>It works!</h1>
    <p>Working.</p>
  </body>
</html>
* Connection #0 to host localhost left intact

On Fri, Oct 4, 2019 at 6:32 PM Greg Wilkins <[hidden email]> wrote:
I'm guessing the problem is the way you make your fat jar you must not be correctly combining the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder files

To run both http1 and http2, you need that file to exist in the jar and to contain:

org.eclipse.jetty.http.Http1FieldPreEncoder
org.eclipse.jetty.http2.hpack.HpackFieldPreEncoder

On Sat, 5 Oct 2019 at 07:35, Joakim Erdfelt <[hidden email]> wrote:
Interesting, I wonder if you are hitting the response headers issues with regards to HTTP/2.

See:
and https://github.com/eclipse/jetty.project/issues/4115

Can you run curl again, but with HTTP/1.1?

$ curl --http1.1 --verbose ....

What kind of headers are you actually using?

Joakim Erdfelt / [hidden email]


On Fri, Oct 4, 2019 at 4:04 PM Glen Peterson <[hidden email]> wrote:
I changed the logging configuration from INFO to DEBUG and found this error when Jetty tries to serve the request:

Sending HeadersFrame@676f5d6c#1{end=false}
Appended HeadersFrame@676f5d6c#1{end=false}, entries=1
Flushing HTTP2ServerSession@74a58163{l:/0:0:0:0:0:0:0:1:8443 <-> r:/0:0:0:0:0:0:0:1:53320,sendWindow=15728640,recvWindow=1048576,streams=1,NOT_CLOSED,null}
Processing HeadersFrame@676f5d6c#1{end=false}
CtxTbl[3319f232] encoding
encode IdxFieldS1:':status: 200' to '88'
Failure generating HeadersFrame@676f5d6c#1{end=false}

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1

at org.eclipse.jetty.http.PreEncodedHttpField.putTo(PreEncodedHttpField.java:118)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:316)
at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:204)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generateHeaders(HeadersGenerator.java:72)
at org.eclipse.jetty.http2.generator.HeadersGenerator.generate(HeadersGenerator.java:56)
at org.eclipse.jetty.http2.generator.Generator.control(Generator.java:80)
at org.eclipse.jetty.http2.HTTP2Session$ControlEntry.generate(HTTP2Session.java:1250)
at org.eclipse.jetty.http2.HTTP2Flusher.process(HTTP2Flusher.java:187)
at org.eclipse.jetty.util.IteratingCallback.processing(IteratingCallback.java:241)
at org.eclipse.jetty.util.IteratingCallback.iterate(IteratingCallback.java:223)
at org.eclipse.jetty.http2.HTTP2Session.frame(HTTP2Session.java:757)
at org.eclipse.jetty.http2.HTTP2Session.frames(HTTP2Session.java:727)
at org.eclipse.jetty.http2.HTTP2Stream.headers(HTTP2Stream.java:112)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.sendHeadersFrame(HttpTransportOverHTTP2.java:270)
at org.eclipse.jetty.http2.server.HttpTransportOverHTTP2.send(HttpTransportOverHTTP2.java:142)
at org.eclipse.jetty.server.HttpChannel.sendResponse(HttpChannel.java:852)
at org.eclipse.jetty.server.HttpChannel.write(HttpChannel.java:929)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:250)
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:226)
at org.eclipse.jetty.server.HttpOutput.close(HttpOutput.java:308)
at org.eclipse.jetty.server.HttpWriter.close(HttpWriter.java:47)
at org.eclipse.jetty.server.ResponseWriter.close(ResponseWriter.java:161)
at org.eclipse.jetty.server.Response.closeOutput(Response.java:844)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:517)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:314)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.http2.HTTP2Connection.produce(HTTP2Connection.java:170)
at org.eclipse.jetty.http2.server.HTTP2ServerConnection.onOpen(HTTP2ServerConnection.java:150)
at org.eclipse.jetty.io.AbstractEndPoint.upgrade(AbstractEndPoint.java:442)
at org.eclipse.jetty.server.NegotiatingServerConnection.onFillable(NegotiatingServerConnection.java:130)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:426)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:320)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:158)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:367)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:782)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:918)
at java.base/java.lang.Thread.run(Thread.java:834)
Failing, entries processed/pending/queued=0/1/0

I re-posted this version here:

On Wed, Oct 2, 2019 at 5:40 PM Glen Peterson <[hidden email]> wrote:
Yes Joakim.  I just made one and posted it here:

On Wed, Oct 2, 2019 at 2:43 PM Joakim Erdfelt <[hidden email]> wrote:
Do you have a project that you can share that replicates this?

Joakim Erdfelt / [hidden email]


On Wed, Oct 2, 2019 at 1:16 PM Glen Peterson <[hidden email]> wrote:
P.S. I was able to get some interesting output from wget2 (successor to wget).  It works fine running with the classes.  With the jar file, I get the following which seems jetty-related:

$ wget2 -d --no-check-certificate https://dev.memoryjoggerlibrary.com:8443/
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 name=check-certificate value=https://dev.memoryjoggerlibrary.com:8443/ invert=1
02.140606.876 Local URI encoding = 'UTF-8'
02.140606.876 Input URI encoding = 'UTF-8'
02.140606.876 Fetched HSTS data from '/home/gpeterso/.wget-hsts'
02.140606.876 Fetched HPKP data from '/home/gpeterso/.wget-hpkp'
02.140606.877 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.877 Fetched TLS session data from '/home/gpeterso/.wget-session'
02.140606.877 Fetched OCSP hosts from '/home/gpeterso/.wget-ocsp_hosts'
02.140606.877 Fetched OCSP fingerprints from '/home/gpeterso/.wget-ocsp'
02.140606.877 *url = https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 *3 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 local filename = 'index.html'
02.140606.877 host_add_job: job fname index.html
02.140606.877 host_add_job: 0x55b15a6bfb60 https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 host_add_job: qsize 1 host-qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 queue_size: qsize=1
02.140606.877 [0] action=1 pending=0 host=0x0
02.140606.877 qsize=1 blocked=0
02.140606.877 pause=-1570039566877
02.140606.877 dequeue job https://dev.memoryjoggerlibrary.com:8443/
02.140606.877 resolving dev.memoryjoggerlibrary.com:8443...
02.140606.877 has 127.0.0.1:8443
02.140606.877 Add dns cache entry dev.memoryjoggerlibrary.com
02.140606.877 trying 127.0.0.1:8443...
02.140606.877 GnuTLS init
02.140606.877 Certificates loaded: -1
02.140606.877 GnuTLS init done
02.140606.877 TLS False Start requested
02.140606.877 ALPN offering h2
02.140606.877 ALPN offering http/1.1
02.140606.877 found cached session data for dev.memoryjoggerlibrary.com
WARNING: The certificate is NOT trusted. The certificate issuer is unknown.
02.140606.885 TLS False Start: on
02.140606.885 ALPN: Server accepted protocol 'h2'
02.140606.885 Handshake completed
02.140606.885 established connection dev.memoryjoggerlibrary.com
02.140606.885 cookie_create_request_header for host=dev.memoryjoggerlibrary.com path=
02.140606.885 HTTP2 stream id 1
02.140606.885 [0] action=1 pending=1 host=0x55b15a6bf9c0
02.140606.885 qsize=1 blocked=0
02.140606.885 pause=-1570039566885
02.140606.885 [0] action=2 pending=1 host=0x55b15a6bf9c0
02.140606.885   ##  pending_requests = 1
02.140606.885   ##  loop responses=0
02.140606.885 [FRAME 0] > SETTINGS
02.140606.885 [FRAME 1] > HEADERS
02.140606.885 [FRAME 1] > :method: GET
02.140606.885 [FRAME 1] > :path: /
02.140606.885 [FRAME 1] > :scheme: https
02.140606.885 [FRAME 1] > :authority: dev.memoryjoggerlibrary.com
02.140606.885 [FRAME 1] > accept-encoding: gzip, deflate, bzip2, xz, lzma
02.140606.885 [FRAME 1] > accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
02.140606.885 [FRAME 1] > user-agent: wget2/1.0.0
02.140606.885   ##  loop responses=0
02.140606.886 Got delayed session data
02.140606.886 found TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 removed TLS session data for dev.memoryjoggerlibrary.com
02.140606.886 add TLS session data for dev.memoryjoggerlibrary.com (maxage=64800, size=1260)
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886 [FRAME 0] < WINDOW_UPDATE
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] > SETTINGS
02.140606.886   ##  loop responses=0
02.140606.886 [FRAME 0] < SETTINGS
02.140606.886   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0
02.140608.260   ##  loop responses=0

That scrolled really fast in a loop until I hit CTRL-C

02.140608.260 host_increase_failure: dev.memoryjoggerlibrary.com failures=1
02.140608.260 closing connection

It just sat there doing nothing, so I hit CTRL-C again to exit


On Wed, Oct 2, 2019 at 1:43 PM Glen Peterson <[hidden email]> wrote:
Thank you for jetty.  I've been using it for a few years now and love it.  Especially that I can configure it programmatically (with Kotlin code) and that you have updated the SSL/TLS protocol defaults over time.  Such an improvement over Tomcat!

Problem
My problem may be jar-file/classpath related and not jetty related, but then why does jetty actually call my code, service the request, but not return the response?

I recently enabled HTTP/2 (Google wants that for a Progressive Web App).  Now if I run my app the way IntelliJ does, giving the compiled classes directory, then adding all the jar dependencies it works. `java -classpath classes/:bunch-of-jar-files... MainClassName` it works.  But if I run from the fat-jar file it doesn't work.

curl

Jar File Failure:
$ curl --insecure https://dev.memoryjoggerlibrary.com:8443 -D headers.txt
curl: (56) Unexpected EOF
$ ls -s
total 0
0 headers.txt

Class Files Success:
That same curl command returns the HTML file I was expecting when running with the massive classpath (no fat-jar), plus the following headers.txt:
HTTP/2 200
server: Jetty(9.4.20.v20190813)
content-type: text/html;charset=utf-8

I have determined that the jar files included by maven exactly match the jar files specified on the command line.

Chrome
With chrome, the class files work great, but the Jar file produces, "This site can’t be reached... unexpectedly closed the connection... ERR_CONNECTION_CLOSED"

Unaffected
Log Files:
I can see in the log files in both cases that the request is being processed, but there is no exception thrown and no response apparently written.

Nmap Cipher Test:
Whether it yields HTML or not, the server gives the same response to my cipher test:
$ nmap --script ssl-cert,ssl-enum-ciphers -p 8443 dev.memoryjoggerlibrary.com

Starting Nmap 7.60 ( https://nmap.org ) at 2019-10-02 13:32 EDT
Nmap scan report for dev.memoryjoggerlibrary.com (127.0.0.1)
Host is up (0.000053s latency).
rDNS record for 127.0.0.1: localhost

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-cert: Subject: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Issuer: commonName=dev.memoryjoggerlibrary.com/organizationName=PlanBase Inc./stateOrProvinceName=Massachusetts/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-09-25T20:57:00
| Not valid after:  2022-09-25T20:57:00
| MD5:   483e 988f 709f 7300 3f3d 1d51 4f95 81cb
|_SHA-1: abe8 c872 c7d7 dfb1 4152 8bf3 2fee 5617 7613 94cd
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

Details:
I'm using a self-signed certificate.

Currently using (from maven .pom):
<jetty.version>9.4.20.v20190813
jetty-server
jetty-alpn-conscrypt-server
http2-common
http2-hpack
http2-server

Not currently using: conscrypt-openjdk (seems to be overridden by the conscrypt-openjdk-uber included in jetty-alpn-conscrypt-server - same issues with or without this dependency)


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081


--
Glen K. Peterson
(828) 393-0081
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Steven Schlansker

> On Oct 7, 2019, at 12:33 PM, Glen Peterson <[hidden email]> wrote:
> ...
> I'm using the Maven Shade plugin.  What would you recommend as a better tool to make a fat jar?  I tried Gradle too, but went back to Maven specifically because the Shade plugin had better debugging info than the Gradle Shadow plugin.  Maybe I just don't know how to work it.

Are you familiar with https://maven.apache.org/plugins/maven-shade-plugin/examples/resource-transformers.html#ServicesResourceTransformer ?  That's how we got this working in the past (before we ditched shading entirely since it's such a mess).

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Greg Wilkins
Glen,

not it's not just the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder file I'm concerned with, but any META-INF/services/* file, with examples including:
  • com.sun.net.httpserver.spi.HttpServerProvider
  • javax.servlet.ServletContainerInitializer
  • javax.websocket.ContainerProvider
  • javax.websocket.server.ServerEndpointConfig$Configurator
  • org.apache.juli.logging.Log
  • org.eclipse.jetty.http.HttpFieldPreEncoder
  • org.eclipse.jetty.io.ssl.ALPNProcessor$Client
  • org.eclipse.jetty.io.ssl.ALPNProcessor$Server
  • org.eclipse.jetty.websocket.api.extensions.Extension
  • org.eclipse.jetty.xml.ConfigurationProcessorFactory
The ServicesResourceTransformer linked by Steven is probably what you need to make sure all these files are correctly shaded.



On Tue, 8 Oct 2019 at 06:56, Steven Schlansker <[hidden email]> wrote:

> On Oct 7, 2019, at 12:33 PM, Glen Peterson <[hidden email]> wrote:
> ...
> I'm using the Maven Shade plugin.  What would you recommend as a better tool to make a fat jar?  I tried Gradle too, but went back to Maven specifically because the Shade plugin had better debugging info than the Gradle Shadow plugin.  Maybe I just don't know how to work it.

Are you familiar with https://maven.apache.org/plugins/maven-shade-plugin/examples/resource-transformers.html#ServicesResourceTransformer ?  That's how we got this working in the past (before we ditched shading entirely since it's such a mess).

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: curl: (56) Unexpected EOF

Glen Peterson
Oh.  I found the other file in org.eclipse.jetty:jetty-http:9.4.21.v20190926 that has the other line in it.

I included the ServicesResourceTransformer (thank you Steven!) and it merged the two files for me.  Perfect!  Sounds like that was the root cause of my issue.

I searched again, to see how I'd missed this:
ServicesResourceTransformer site:https://www.eclipse.org/jetty/documentation/
and found nothing.  So I made the following documentation pull request:

Reading something like that could have saved me a number of days that I'm too embarrassed to admit.


On Mon, Oct 7, 2019 at 4:53 PM Greg Wilkins <[hidden email]> wrote:
Glen,

not it's not just the META-INF/services/org.eclipse.jetty.http.HttpFieldPreEncoder file I'm concerned with, but any META-INF/services/* file, with examples including:
  • com.sun.net.httpserver.spi.HttpServerProvider
  • javax.servlet.ServletContainerInitializer
  • javax.websocket.ContainerProvider
  • javax.websocket.server.ServerEndpointConfig$Configurator
  • org.apache.juli.logging.Log
  • org.eclipse.jetty.http.HttpFieldPreEncoder
  • org.eclipse.jetty.io.ssl.ALPNProcessor$Client
  • org.eclipse.jetty.io.ssl.ALPNProcessor$Server
  • org.eclipse.jetty.websocket.api.extensions.Extension
  • org.eclipse.jetty.xml.ConfigurationProcessorFactory
The ServicesResourceTransformer linked by Steven is probably what you need to make sure all these files are correctly shaded.



On Tue, 8 Oct 2019 at 06:56, Steven Schlansker <[hidden email]> wrote:

> On Oct 7, 2019, at 12:33 PM, Glen Peterson <[hidden email]> wrote:
> ...
> I'm using the Maven Shade plugin.  What would you recommend as a better tool to make a fat jar?  I tried Gradle too, but went back to Maven specifically because the Shade plugin had better debugging info than the Gradle Shadow plugin.  Maybe I just don't know how to work it.

Are you familiar with https://maven.apache.org/plugins/maven-shade-plugin/examples/resource-transformers.html#ServicesResourceTransformer ?  That's how we got this working in the past (before we ditched shading entirely since it's such a mess).

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Glen K. Peterson
(828) 393-0081

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users