curl Connection reset by peer in tests #19
Description
Hi, I am getting the following test failures when packaging for Arch:
Failures:
1) Localhost::Authority behaves like valid protocol can connect using HTTP over TLSv1.2
Got 2 failures:
Shared Example Group: "valid protocol" called from ./spec/localhost/protocol_spec.rb:92
1.1) Failure/Error: expect(status).to be_success
expected `#<Process::Status: pid 819 exit 56>.success?` to be truthy, got false
# ./spec/localhost/protocol_spec.rb:41:in `block (2 levels) in <top (required)>'
1.2) Failure/Error: expect(status).to be_success
expected `#<Process::Status: pid 819 exit 56>.success?` to be truthy, got false
# ./spec/localhost/protocol_spec.rb:41:in `block (2 levels) in <top (required)>'
2) Localhost::Authority behaves like valid protocol can connect using HTTP over default
Got 2 failures:
Shared Example Group: "valid protocol" called from ./spec/localhost/protocol_spec.rb:94
2.1) Failure/Error: expect(status).to be_success
expected `#<Process::Status: pid 821 exit 56>.success?` to be truthy, got false
# ./spec/localhost/protocol_spec.rb:41:in `block (2 levels) in <top (required)>'
2.2) Failure/Error: expect(status).to be_success
expected `#<Process::Status: pid 821 exit 56>.success?` to be truthy, got false
# ./spec/localhost/protocol_spec.rb:41:in `block (2 levels) in <top (required)>'
Finished in 0.32225 seconds (files took 0.10124 seconds to load)
10 examples, 2 failures
Failed examples:
rspec ./spec/localhost/protocol_spec.rb[1:1:2] # Localhost::Authority behaves like valid protocol can connect using HTTP over TLSv1.2
rspec ./spec/localhost/protocol_spec.rb[1:2:2] # Localhost::Authority behaves like valid protocol can connect using HTTP over default
Apparently curl is still trying to connect with TLS 1.3:
can connect using TLSv1.2
* Trying 127.0.0.1:4040...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to localhost (127.0.0.1) port 4040 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [88 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [155 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [891 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: O=Development; CN=localhost
* start date: Oct 18 03:35:47 2022 GMT
* expire date: Oct 15 03:35:47 2032 GMT
* issuer: O=Development; CN=localhost
* SSL certificate verify result: self signed certificate (18), continuing anyway.
} [5 bytes data]
> GET / HTTP/1.1
> Host: localhost:4040
> User-Agent: curl/7.85.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [233 bytes data]
* OpenSSL SSL_read: Connection reset by peer, errno 104
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
} [5 bytes data]
curl: (56) OpenSSL SSL_read: Connection reset by peer, errno 104
can connect using HTTP over TLSv1.2 (FAILED - 1)
The options passed to curl seems to be setting "not lower than", according to its help text:
-1, --tlsv1 Use TLSv1.0 or greater
--tlsv1.0 Use TLSv1.0 or greater
--tlsv1.1 Use TLSv1.1 or greater
--tlsv1.2 Use TLSv1.2 or greater
--tlsv1.3 Use TLSv1.3 or greater
Is it that the server somehow, incorrectly made curl thinks it supports TLS 1.3?