Connecting to Apple's APNS using cURL with HTTP\2 support via nghttp2

Question

I've attempted to compile cURL with HTTP/2 support by following this tutorial. I'm using Docker and my application is based off the official PHP Docker image, which uses Debian, although I've produced the same problems in an Ubuntu machine running inside a Vagrant VM.

There appears to be no problem at first. Indeed, running curl --version shows everything I'd expect:

curl 7.47.1 (x86_64-pc-linux-gnu) libcurl/7.47.1 OpenSSL/1.0.1k zlib/1.2.8 libidn/1.29 libssh2/1.4.3 nghttp2/1.7.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets 

Also, I can connect to https://nghttp2.org just fine:

curl --http2 -I https://nghttp2.org
HTTP/2.0 200
date:Mon, 15 Feb 2016 18:02:34 GMT
content-type:text/html
content-length:6680
last-modified:Thu, 11 Feb 2016 14:29:49 GMT
etag:"56bc9add-1a18"
link:</stylesheets/screen.css>; rel=preload; as=stylesheet
accept-ranges:bytes
x-backend-header-rtt:0.000581
server:nghttpx nghttp2/1.8.0-DEV
via:1.1 nghttpx
strict-transport-security:max-age=31536000
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block
x-content-type-options:nosniff

The problems begin when trying to connect to Apple's recently re-launched APNS Provider API which now runs on HTTP/2.

I've installed curl via Homebrew on my Mac (using --with-nghttp2) and I can get the following (expected) response:

curl -d 'Hello' --http2 https://api.push.apple.com/3/device/test
{"reason":"Forbidden"}

However, if I try to run the same command from within my Docker image, I get:

curl -d 'Hello' --http2 https://api.push.apple.com/3/device/test
?@@?HTTP/2 client preface string missing or corrupt. Hex dump for received bytes: 504f5354202f332f6465766963652f746573742048545450

I'm unsure why this problems seems to be specific to Apple's service, and what needs to be done to remedy the situation.

Any help would be greatly appreciated!

Answer 1

For anyone seeing this in the future, I ended up solving this, and the answer is on Server Fault.

Answer 2

Problem here is, that OpenSSL/1.0.1k doesn't come with ALPN protocol.

Apple requires it, whereas https://nghttp2.org is happy with NPN.

So to solve this, get OpenSSL/1.0.2 to work and you are all set.