On 23/10/2015 12:26, Mark Thomas wrote: > On 23/10/2015 11:54, Rémy Maucherat wrote: >> 2015-10-23 10:12 GMT+02:00 Mark Thomas <ma...@apache.org>: >> >>> I've made a little progress. >>> >>> I can see in Wireshark that the initial HTTP/2 connection preface is >>> sent followed by a SETTINGS frame are sent by Chrome. >>> >>> Debug logging in Tomcat shows that that data is never processed by the >>> Http2UpgradeHandler. >>> >>> My current thinking is that this data is getting lost somewhere in the >>> handshake process. I want to add more debug logging to Tomcat so I can >>> track all the bytes and match up what I see in Wireshark with what I see >>> in Tomcat. >>> >> I did spend some time debugging the handshake but found nothing >> interesting [it works and the state is as it should be after it]. Maybe >> you'll have better luck though. > > Not so far :(. > > I have is a bunch of theories all of which have been disproved as soon > as I add some more debug logging. > > The only positive is that I am filling in some gaps in the debug logging > for HTTP/2 as I go. Some of it might be over the top. We might want to > prune it once everything is stable.
Found it. unwrap() only unwraps one TLS Record at a time. If there are multiple TLS records in the input buffer unwrap reads them all into the engine but only provides the decrypt for the first. Further calls to unwrap are required to decrypt the remaining records. I have put in a work-around but I'm not sure it is in the right place. This feels like something that should be fixed at a lower level (tcnative?) so a call to unwrap unwarps as much as possible. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
