[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [Fwd: Re: [bug #47408] Wget sends malformed SNI host names]
From: |
y.st. |
Subject: |
[Bug-wget] [Fwd: Re: [bug #47408] Wget sends malformed SNI host names] |
Date: |
Wed, 16 Mar 2016 09:50:04 -0700 |
Oops, I sent this to a personal email address instead of the mailing
list. Forwarding to the mailing list.
-------- plusendita mesaĝo --------
De: y.st. <address@hidden>
Al: Daniel Stenberg <address@hidden>
Temo: Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names
Dato: Wed, 16 Mar 2016 09:15:46 -0700
The point is that some Web servers, such as Apache, choke on invalid SNI
host names. Following the standard fixes the problem.
On mer, 2016-03-16 at 11:59 +0100, Daniel Stenberg wrote:
> On Wed, 16 Mar 2016, Tim Ruehsen wrote:
>
> > Here is a patch for both openssl and gnutls. Please comment, I'll push it
> > tomorrow.
>
> The bug report says the SNI field should be different than the Host: header,
> but I question the sensibility in that. What would be the point? (pun not
> intended =B))
>
> When requesting contents from an HTTPS site, the SNI field will tell the
> server which particular virtual server to get the data from and when the
> trailing dot gets stripped the two strings with and without dot will end up
> on
> the same virtual server. Sending a Host: header that doesn't match the
> virtual
> server name then is then likely to either get ignored or to cause the HTTP
> backend to complain.
>
> It will also make it behave a bit different for HTTP than for HTTPS since
> then
> there's no SNI field and the Host: header is what will be used and then they
> clearly are different servers.
>
> And incidentally, curl strips the trailing dot off from both SNI and Host: =)
>
--
My PGP key ID is 0xE7464A03 and my fingerprint is
D135 B061 DBED 690B 479F E2E3 7D83 E1E5 E746 4A03
I encrypt if I have your key, I sign on request.
I only accept signing requests on encrypted mail.
--
My PGP key ID is 0xE7464A03 and my fingerprint is
D135 B061 DBED 690B 479F E2E3 7D83 E1E5 E746 4A03
I encrypt if I have your key, I sign on request.
I only accept signing requests on encrypted mail.
- [Bug-wget] [Fwd: Re: [bug #47408] Wget sends malformed SNI host names],
y.st. <=