[Bug-wget] [bug #47408] Wget sends malformed SNI host names

[Yst Dawson]

URL:
  <http://savannah.gnu.org/bugs/?47408>

                 Summary: Wget sends malformed SNI host names
                 Project: GNU Wget
            Submitted by: yst
            Submitted on: Mon 14 Mar 2016 05:21:14 PM GMT
                Category: Program Logic
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.16
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: None

    _______________________________________________________

Details:

To quote a couple specifications:
<https://tools.ietf.org/html/rfc6066#section-3> (SNI)
        "HostName" contains the fully qualified DNS hostname of the server,
        as understood by the client.  The hostname is represented as a byte
        string using ASCII encoding without a trailing dot.

<https://tools.ietf.org/html/rfc7230#section-5.4> (HTTP)
        A client MUST send a Host header field in all HTTP/1.1 request
        messages.  If the target URI includes an authority component, then a
        client MUST send a field-value for Host that is identical to that
        authority component, excluding any userinfo subcomponent and its "@"
        delimiter (Section 2.7.1).

That means that the SNI host name and HTTP Host header do not always match.
The SNI host name must never have a trailing dot, but the HTTP Host header
must reflect a host name that is identical to the host name of the URI, so if
the URI's host has a trailing dot, the HTTP Host header must include that
trailing dot.

For example, if the URI of a page is <https://alice.sni.velox.ch./>, the
following values should be sent by the Web browser:
SNI host: alice.sni.velox.ch
HTTP host: alice.sni.velox.ch.

However, Wget sends "alice.sni.velox.ch." as the SNI host name. In some cases,
malformed SNI host names can cause the server to throw an error, an example of
which can be seen at <https://sni.velox.ch./> or <https://www.apache.org./>.

Other information:
 * version: 1.16
 * invoked by running "wget --no-check-certificate
https://alice.sni.velox.ch./";
 * expected result: Wget should send an SNI host name that conforms to RFC
6066 or no SNI host name, while still sending an HTTP Host header that
includes the trailing dot, as per RFC 7230.
 * actual result: Wget sent a malformed SNI host name
 * The output, in case relevant, has been attached as a file upload.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 14 Mar 2016 05:21:14 PM GMT  Name: index.html  Size: 5kB   By: yst

<http://savannah.gnu.org/bugs/download.php?file_id=36634>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?47408>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/