1

I want to write a client for the api of binance.com using http/2. For this I am trying the library nghttp2, I've put in a test call to the api into their example code:

int main(int argc, char *argv[]) {
  boost::system::error_code ec;
  boost::asio::io_service io_service;

  boost::asio::ssl::context tls(boost::asio::ssl::context::sslv23);
  tls.set_default_verify_paths();
  // disabled to make development easier...
  // tls.set_verify_mode(boost::asio::ssl::verify_peer);
  configure_tls_context(ec, tls);

  session sess(io_service, tls, "api.binance.com", "443");

[...]

    auto req = sess.submit(ec, "GET", "https://api.binance.com/api/v1/ping");

[...]

However it always ends up in the error handler telling me

sslv3 alert handshake failure

I am at a loss how to debug this. What can I even do to understand why this is not working? I've tried to change the open on the tls context creation to other things, like tlsv12, but none work. If it's really trying to use sslv3 it's no surprise that it doesn't work, as a ssl test of api.binance.com reports no support for sslv3. Testing on nghttp2.org itself I do not get this error. Something about the SSL negotiation goes wrong somewhere. But how can I see where?

Cola_Colin
  • 415
  • 5
  • 16
  • 1
    Another possibility is that nghttp2 client does not send `server_name` extension, but other clients do. Some servers refuse a `Client Hello` if Server Name Indication (SNI) is not present. See https://stackoverflow.com/questions/30817876/wget-ssl-alert-handshake-failure. I, however, do not have any idea how to set `server_name` or `http/1.1` in `application_layer_protocol_negotiation` extensions. If you can figure out, please share. Hope it helps. – Soumya Kanti Apr 30 '18 at 06:32
  • This issue is of interest to me, so after some futile effort I logged a bug: https://github.com/nghttp2/nghttp2/issues/1172. – Soumya Kanti Apr 30 '18 at 11:23

1 Answers1

1

This issue got fixed: https://github.com/nghttp2/nghttp2/pull/1173.

So if you are in hurry and do not want to wait for nghttp2 1.32 to get released, you can check out the master branch. I did build nghttp from source, so I can say that it takes time but is straight-forward to build.

Soumya Kanti
  • 1,429
  • 1
  • 17
  • 28