[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names
From: |
Daniel Stenberg |
Subject: |
Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names |
Date: |
Wed, 16 Mar 2016 11:59:04 +0100 (CET) |
User-agent: |
Alpine 2.20 (DEB 67 2015-01-07) |
On Wed, 16 Mar 2016, Tim Ruehsen wrote:
Here is a patch for both openssl and gnutls. Please comment, I'll push it
tomorrow.
The bug report says the SNI field should be different than the Host: header,
but I question the sensibility in that. What would be the point? (pun not
intended =B))
When requesting contents from an HTTPS site, the SNI field will tell the
server which particular virtual server to get the data from and when the
trailing dot gets stripped the two strings with and without dot will end up on
the same virtual server. Sending a Host: header that doesn't match the virtual
server name then is then likely to either get ignored or to cause the HTTP
backend to complain.
It will also make it behave a bit different for HTTP than for HTTPS since then
there's no SNI field and the Host: header is what will be used and then they
clearly are different servers.
And incidentally, curl strips the trailing dot off from both SNI and Host: =)
--
/ daniel.haxx.se