https://issues.apache.org/bugzilla/show_bug.cgi?id=49491
Summary: SSL module does not do the case insensitive URI
comparison
Product: Apache httpd-2
Version: 2.2.15
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [email protected]
Hi,
In our test server when I try to access URI
"https://DTGTEST.ORG/ukdtt2/IC008/PATH/file"; then the request is denied with
error code 400. The error.log says:
"[error] Hostname dTgTeSt.OrG provided via SNI and hostname dtgtest.org
provided via HTTP are different"
The error here is that the function ssl_hook_ReadReq in file
ssl_engine_kernal.c at line number 205 {if (strcmp(host, servername))} uses
case sensitive URI comparison. But the RFC 4366 specifies that all the URI
comparison shall be case-insensitive. So I suggest to change this line to
if (strcasecmp(host, servername))
Thanks you very much for your help and wonderful work at Apache.
Best Regards,
Mayank
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
