Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names

[Tim Ruehsen]

Here is a patch for both openssl and gnutls.
Please comment, I'll push it tomorrow.

BTW, when fixing the gnutls code I stumbled upon a bug in 3.4.x.
I reported it as https://gitlab.com/gnutls/gnutls/issues/78

Tim

On Monday 14 March 2016 17:21:15 Yst Dawson wrote:
> URL:
>   <http://savannah.gnu.org/bugs/?47408>
>
>                  Summary: Wget sends malformed SNI host names
>                  Project: GNU Wget
>             Submitted by: yst
>             Submitted on: Mon 14 Mar 2016 05:21:14 PM GMT
>                 Category: Program Logic
>                 Severity: 3 - Normal
>                 Priority: 5 - Normal
>                   Status: None
>                  Privacy: Public
>              Assigned to: None
>          Originator Name:
>         Originator Email:
>              Open/Closed: Open
>          Discussion Lock: Any
>                  Release: 1.16
>         Operating System: GNU/Linux
>          Reproducibility: Every Time
>            Fixed Release: None
>          Planned Release: None
>               Regression: None
>            Work Required: None
>           Patch Included: None
>
>     _______________________________________________________
>
> Details:
>
> To quote a couple specifications:
> <https://tools.ietf.org/html/rfc6066#section-3> (SNI)
>       "HostName" contains the fully qualified DNS hostname of the server,
>       as understood by the client.  The hostname is represented as a byte
>       string using ASCII encoding without a trailing dot.
>
> <https://tools.ietf.org/html/rfc7230#section-5.4> (HTTP)
>       A client MUST send a Host header field in all HTTP/1.1 request
>       messages.  If the target URI includes an authority component, then a
>       client MUST send a field-value for Host that is identical to that
>       authority component, excluding any userinfo subcomponent and its "@"
>       delimiter (Section 2.7.1).
>
> That means that the SNI host name and HTTP Host header do not always match.
> The SNI host name must never have a trailing dot, but the HTTP Host header
> must reflect a host name that is identical to the host name of the URI, so
> if the URI's host has a trailing dot, the HTTP Host header must include
> that trailing dot.
>
> For example, if the URI of a page is <https://alice.sni.velox.ch./>, the
> following values should be sent by the Web browser:
> SNI host: alice.sni.velox.ch
> HTTP host: alice.sni.velox.ch.
>
> However, Wget sends "alice.sni.velox.ch." as the SNI host name. In some
> cases, malformed SNI host names can cause the server to throw an error, an
> example of which can be seen at <https://sni.velox.ch./> or
> <https://www.apache.org./>.
>
> Other information:
>  * version: 1.16
>  * invoked by running "wget --no-check-certificate
> https://alice.sni.velox.ch./";
>  * expected result: Wget should send an SNI host name that conforms to RFC
> 6066 or no SNI host name, while still sending an HTTP Host header that
> includes the trailing dot, as per RFC 7230.
>  * actual result: Wget sent a malformed SNI host name
>  * The output, in case relevant, has been attached as a file upload.
>
>
>
>     _______________________________________________________
>
> File Attachments:
>
>
> -------------------------------------------------------
> Date: Mon 14 Mar 2016 05:21:14 PM GMT  Name: index.html  Size: 5kB   By: yst
>
> <http://savannah.gnu.org/bugs/download.php?file_id6634>
>
>     _______________________________________________________
>
> Reply to this item at:
>
>   <http://savannah.gnu.org/bugs/?47408>
>
> _______________________________________________
>   Message sent via/by Savannah
>   http://savannah.gnu.org/

0001-Fix-SNI-server-names-with-trailing-dot-s.patch
Description: Text Data

signature.asc
Description: This is a digitally signed message part.