curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

indefinite retry on REFUSED_STREAM with curl (command-line)

From: Dima Tisnek via curl-library <>
Date: Tue, 10 Mar 2020 15:26:00 +0900

First off, pardon if this was reported or already solved.

I'm trying to set up a local sake APNS server, which comprises nginx
with http/2 config in a docker container plus a silly upstream server
in another container.

The connection is (and must be) http/2 with client cert.

And then I run a command like this:

curl -v \
  -d '{"aps":{"alert":"test","sound":"default"}}' \
  -H "apns-topic:com.yourcompanyname.yourappname" \
  -H "apns-expiration:1" \
  -H "apns-priority:10" \
  --http2 \
  --cert .fake-cert \
  https://localhost:2197/3/device/blah-blah-token -k

I get a weird endless retry from curl, one cycle of the retry looks like this:

* Connection state changed (MAX_CONCURRENT_STREAMS == 1234567890)!
* REFUSED_STREAM, retrying a fresh connect
* Connection died, retrying a fresh connect
* Closing connection 988
* TLSv1.2 (OUT), TLS alert, close notify (256):
* Issue another request to this URL:
* Hostname localhost was found in DNS cache
* Trying ::1...
* Connected to localhost (::1) port 2197 (#989)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
  CApath: none
* SSL re-using session ID
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* old SSL session ID is stale, removing
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=localhost
* start date: Feb 27 04:53:32 2020 GMT
* expire date: Jan 23 04:53:32 4758 GMT
* issuer: CN=localhost
* SSL certificate verify result: self signed certificate (18),
continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f9a6c007400)
> POST /3/device/blah-blah-token HTTP/2
> Host: localhost:2197
> User-Agent: curl/7.64.1
> Accept: */*
> apns-topic:com.yourcompanyname.yourappname
> apns-expiration:1
> apns-priority:10
> Content-Length: 42
> Content-Type: application/x-www-form-urlencoded

I don't know why nginx closes the stream, it's weird...
But it's also quite so weird that curl just doesn't give up and tries
again and again and again...
Received on 2020-03-10