APNs invalid certificate yields (confusing) connection error

[alixMougenot]

When you try to send data with an invalid certificate, you get this error:

Post https://api.push.apple.com/3/device/_token_goes_here_: http2: Transport: peer server initiated graceful shutdown after some of Request.Body was written; define Request.GetBody to avoid this error

This makes it look like a connection or implementation issue, while it is not.

When looking at the http2 logs, you can see that the gateway is explicitly telling you why they are cutting connection, the certificate is wrong: APNsConnectionCut.txt. The interesting part is: http2: Transport received GOAWAY len=46 LastStreamID=0 ErrCode=NO_ERROR Debug="{"reason":"BadCertificateEnvironment"}"
While it would have been nice from the Gateway to use the usual status error code to tell that the certificate is wrong, it does not. If there is an easy way to read GOAWAY frames to return an error that includes the eventual Debug field from Transport, it would be great to use it. If not, you may archive this report.

1. Version: go1.7.4
2. Env: running on darwin/amd64, same issue with a static binary on linux
3. How-To-Reproduce: posting one silent push notification with an invalid certificate (observed on prod gateway)
4. Observed: client.Push returns a connection/implementation error.
5. Expected: client.Push returns a error that includes the Debug field of the associated Transport when available.

[sideshow]

@alixMougenot Thanks for logging this. Is there any chance you can give me more info about your certificate and what is invalid about it? ie, has it expired or are you trying to send using a production cert in development mode etc. Just want to make we can replicate. Thanks

[alixMougenot]

Sure. You can reproduce this case by using a development certificate instead of a production certificate. Sorry for not mentioning this.

…

On Sat, Sep 23, 2017, 00:58 Adam Jones ***@***.***> wrote: @alixMougenot <https://github.com/alixmougenot> Thanks for logging this. Is there any chance you can give me more info about your certificate and what is invalid abount it. ie, has it expired or are you trying to sed using a production cert in development mode etc. Just want to make we can replicate. Thanks — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#93 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AGH9isy8NpVOVgVKaz4vQ3J7eA_WK3rTks5slDuVgaJpZM4PawE5> .