[Bug-wget] [Fwd: Re: [bug #47408] Wget sends malformed SNI host names]

[y.st.]

Oops, I sent this to a personal email address instead of the mailing
list. Forwarding to the mailing list.

-------- plusendita mesaĝo --------
De: y.st. <address@hidden>
Al: Daniel Stenberg <address@hidden>
Temo: Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names
Dato: Wed, 16 Mar 2016 09:15:46 -0700

The point is that some Web servers, such as Apache, choke on invalid SNI
host names. Following the standard fixes the problem.

On mer, 2016-03-16 at 11:59 +0100, Daniel Stenberg wrote:
> On Wed, 16 Mar 2016, Tim Ruehsen wrote:
> 
> > Here is a patch for both openssl and gnutls. Please comment, I'll push it 
> > tomorrow.
> 
> The bug report says the SNI field should be different than the Host: header, 
> but I question the sensibility in that. What would be the point? (pun not 
> intended =B))
> 
> When requesting contents from an HTTPS site, the SNI field will tell the 
> server which particular virtual server to get the data from and when the 
> trailing dot gets stripped the two strings with and without dot will end up 
> on 
> the same virtual server. Sending a Host: header that doesn't match the 
> virtual 
> server name then is then likely to either get ignored or to cause the HTTP 
> backend to complain.
> 
> It will also make it behave a bit different for HTTP than for HTTPS since 
> then 
> there's no SNI field and the Host: header is what will be used and then they 
> clearly are different servers.
> 
> And incidentally, curl strips the trailing dot off from both SNI and Host: =)
> 

-- 
My PGP key ID is 0xE7464A03 and my fingerprint is
D135 B061 DBED 690B 479F E2E3 7D83 E1E5 E746 4A03
I encrypt if I have your key, I sign on request. 
I only accept signing requests on encrypted mail.


-- 
My PGP key ID is 0xE7464A03 and my fingerprint is
D135 B061 DBED 690B 479F E2E3 7D83 E1E5 E746 4A03
I encrypt if I have your key, I sign on request. 
I only accept signing requests on encrypted mail.