Oops, I sent this to a personal email address instead of the mailing list. Forwarding to the mailing list.
-------- plusendita mesaĝo -------- De: y.st. <[email protected]> Al: Daniel Stenberg <[email protected]> Temo: Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names Dato: Wed, 16 Mar 2016 09:15:46 -0700 The point is that some Web servers, such as Apache, choke on invalid SNI host names. Following the standard fixes the problem. On mer, 2016-03-16 at 11:59 +0100, Daniel Stenberg wrote: > On Wed, 16 Mar 2016, Tim Ruehsen wrote: > > > Here is a patch for both openssl and gnutls. Please comment, I'll push it > > tomorrow. > > The bug report says the SNI field should be different than the Host: header, > but I question the sensibility in that. What would be the point? (pun not > intended =B)) > > When requesting contents from an HTTPS site, the SNI field will tell the > server which particular virtual server to get the data from and when the > trailing dot gets stripped the two strings with and without dot will end up > on > the same virtual server. Sending a Host: header that doesn't match the > virtual > server name then is then likely to either get ignored or to cause the HTTP > backend to complain. > > It will also make it behave a bit different for HTTP than for HTTPS since > then > there's no SNI field and the Host: header is what will be used and then they > clearly are different servers. > > And incidentally, curl strips the trailing dot off from both SNI and Host: =) > -- My PGP key ID is 0xE7464A03 and my fingerprint is D135 B061 DBED 690B 479F E2E3 7D83 E1E5 E746 4A03 I encrypt if I have your key, I sign on request. I only accept signing requests on encrypted mail. -- My PGP key ID is 0xE7464A03 and my fingerprint is D135 B061 DBED 690B 479F E2E3 7D83 E1E5 E746 4A03 I encrypt if I have your key, I sign on request. I only accept signing requests on encrypted mail.
