Hi, I'm in process of porting acme-client to linux and I might have notice small bug in header parsing in http.c.
First, let me warn you that C is not my strongest language, so I might very well be wrong, but is looks to me like if http_head_parse function is just parsing the key-value pairs from the header and doing no manipulation on them. And then http_head_get is used to search for specific header. But it uses just strcmp to try to match the strings, while based on https://tools.ietf.org/html/rfc7230#section-3.2 my understanding is, that field names are supposed to be case-insensitive. So search for Reply-Nonce in netproc.c my as well fail because for server it's perfectly legal to send it as reply-nonce instead. If you don't consider this an issue, please, feel free to just ignore this mail and sorry for bothering you. Have a nice day, W. -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors.
signature.asc
Description: PGP signature
