[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names
From: |
Tim Ruehsen |
Subject: |
Re: [Bug-wget] [bug #47408] Wget sends malformed SNI host names |
Date: |
Wed, 16 Mar 2016 11:31:43 +0100 |
User-agent: |
KMail/4.14.10 (Linux/4.4.0-1-amd64; KDE/4.14.14; x86_64; ; ) |
Here is a patch for both openssl and gnutls.
Please comment, I'll push it tomorrow.
BTW, when fixing the gnutls code I stumbled upon a bug in 3.4.x.
I reported it as https://gitlab.com/gnutls/gnutls/issues/78
Tim
On Monday 14 March 2016 17:21:15 Yst Dawson wrote:
> URL:
> <http://savannah.gnu.org/bugs/?47408>
>
> Summary: Wget sends malformed SNI host names
> Project: GNU Wget
> Submitted by: yst
> Submitted on: Mon 14 Mar 2016 05:21:14 PM GMT
> Category: Program Logic
> Severity: 3 - Normal
> Priority: 5 - Normal
> Status: None
> Privacy: Public
> Assigned to: None
> Originator Name:
> Originator Email:
> Open/Closed: Open
> Discussion Lock: Any
> Release: 1.16
> Operating System: GNU/Linux
> Reproducibility: Every Time
> Fixed Release: None
> Planned Release: None
> Regression: None
> Work Required: None
> Patch Included: None
>
> _______________________________________________________
>
> Details:
>
> To quote a couple specifications:
> <https://tools.ietf.org/html/rfc6066#section-3> (SNI)
> "HostName" contains the fully qualified DNS hostname of the server,
> as understood by the client. The hostname is represented as a byte
> string using ASCII encoding without a trailing dot.
>
> <https://tools.ietf.org/html/rfc7230#section-5.4> (HTTP)
> A client MUST send a Host header field in all HTTP/1.1 request
> messages. If the target URI includes an authority component, then a
> client MUST send a field-value for Host that is identical to that
> authority component, excluding any userinfo subcomponent and its "@"
> delimiter (Section 2.7.1).
>
> That means that the SNI host name and HTTP Host header do not always match.
> The SNI host name must never have a trailing dot, but the HTTP Host header
> must reflect a host name that is identical to the host name of the URI, so
> if the URI's host has a trailing dot, the HTTP Host header must include
> that trailing dot.
>
> For example, if the URI of a page is <https://alice.sni.velox.ch./>, the
> following values should be sent by the Web browser:
> SNI host: alice.sni.velox.ch
> HTTP host: alice.sni.velox.ch.
>
> However, Wget sends "alice.sni.velox.ch." as the SNI host name. In some
> cases, malformed SNI host names can cause the server to throw an error, an
> example of which can be seen at <https://sni.velox.ch./> or
> <https://www.apache.org./>.
>
> Other information:
> * version: 1.16
> * invoked by running "wget --no-check-certificate
> https://alice.sni.velox.ch./"
> * expected result: Wget should send an SNI host name that conforms to RFC
> 6066 or no SNI host name, while still sending an HTTP Host header that
> includes the trailing dot, as per RFC 7230.
> * actual result: Wget sent a malformed SNI host name
> * The output, in case relevant, has been attached as a file upload.
>
>
>
> _______________________________________________________
>
> File Attachments:
>
>
> -------------------------------------------------------
> Date: Mon 14 Mar 2016 05:21:14 PM GMT Name: index.html Size: 5kB By: yst
>
> <http://savannah.gnu.org/bugs/download.php?file_id6634>
>
> _______________________________________________________
>
> Reply to this item at:
>
> <http://savannah.gnu.org/bugs/?47408>
>
> _______________________________________________
> Message sent via/by Savannah
> http://savannah.gnu.org/
0001-Fix-SNI-server-names-with-trailing-dot-s.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part.