You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/04/15 23:16:36 UTC

[Bug 56414] New: SNI & HTTP hostname different because of user@

https://issues.apache.org/bugzilla/show_bug.cgi?id=56414

            Bug ID: 56414
           Summary: SNI & HTTP hostname different because of user@
           Product: Apache httpd-2
           Version: 2.2.22
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: ben.rubson@gmail.com

Hello,

I use Apache 2.2.22 on my Debian Wheezy (7 / stable) box.

Here is the message I have in error.log, from a user using a subversion client
:

Hostname www.domain.com provided via SNI and hostname my-user@www.domain.com
provided via HTTP are different

Here is a quick fix I wrote, but perhaps something more official / clean could
be written.

In modules/ssl/ssl_engine_kernel.c,
I added these 7 first lines,
and I modified the 8th one :

char *hostcut = malloc(strlen(host) + 1);
strcpy(hostcut,host);
if (strstr (hostcut,"@"))
{
    hostcut=strstr (hostcut,"@");
    hostcut=&hostcut[1];
}
if (strcasecmp(hostcut, servername)) {
    ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
        "Hostname %s provided via SNI and hostname %s provided"
        " via HTTP are different", servername, hostcut);
        return HTTP_BAD_REQUEST;
}

Thank you very much,

Best regards,

Ben

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 56414] SNI & HTTP hostname different because of user@

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56414

--- Comment #2 from Ben RUBSON <be...@gmail.com> ---
I did not look at client side no.
Client is Versions v1.3.0 :
http://www.versionsapp.com

This client has username and password fields.
However, it adds a my-user@ string in the location field before the domain.

I though that it was something authorized to use something like
my-user@www.domain.com, this is why I wrote this little patch.

Ben

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 56414] SNI & HTTP hostname different because of user@

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56414

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #1 from Eric Covener <co...@gmail.com> ---
The mismatch sounds like a client bug, has someone looked at it from the client
side?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org