This follows the docs provided by the [github issue](1),
https://www.mailgun.com/blog/http-2-cleartext-h2c-client-example-go/
For manual testing, ensure that you have a curl version with the proper
"Features", as can be read off `curl --version`:
curl 7.72.0 (x86_64-apple-darwin19.5.0) libcurl/7.72.0 OpenSSL/1.1.1g zlib/1.2.11 brotli/1.0.9 zstd/1.4.5 c-ares/1.16.1 libssh2/1.9.0 nghttp2/1.41.0 librtmp/2.3
Release-Date: 2020-08-19
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd
As described in the mailgun blog post, curl-openssl on homebrew has it for osx.
With this change, and started with
./opa_darwin_amd64 run -s --h2c --diagnostic-addr :8182
Both the ALPN and the "prior knowledge" modes work against the insecure endpoints:
$ curl -v --http2 http://127.0.0.1:8181/metrics >/dev/null
* Trying 127.0.0.1:8181...
> GET /metrics HTTP/1.1
> Host: 127.0.0.1:8181
> User-Agent: curl/7.72.0
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAAQCAAAAAAIAAAAA
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 101 Switching Protocols
< Connection: Upgrade
< Upgrade: h2c
* Received 101
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< content-type: text/plain; version=0.0.4; charset=utf-8
< date: Wed, 30 Sep 2020 12:15:08 GMT
<
{ [4096 bytes data]
* Connection #0 to host 127.0.0.1 left intact
$ curl -v --http2-prior-knowledge http://127.0.0.1:8181/metrics >/dev/null
* Trying 127.0.0.1:8181...
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f85c3814c00)
> GET /metrics HTTP/2
> Host: 127.0.0.1:8181
> user-agent: curl/7.72.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< content-type: text/plain; version=0.0.4; charset=utf-8
< date: Wed, 30 Sep 2020 12:15:13 GMT
<
{ [4096 bytes data]
* Connection #0 to host 127.0.0.1 left intact
[1]: open-policy-agent#2399
Signed-off-by: Stephan Renatus <srenatus@chef.io>