[konqueror] [Bug 360423] New: Konqueror sends invalid SNI host names

Fri, 11 Mar 2016 11:55:05 -0800 

https://bugs.kde.org/show_bug.cgi?id=360423

            Bug ID: 360423
           Summary: Konqueror sends invalid SNI host names
           Product: konqueror
           Version: 4.14.2
          Platform: Debian stable
               URL: https://sni.velox.ch./
                OS: other
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: konq-b...@kde.org
          Reporter: bugs.kde.or...@y.st

To quote a couple specifications:
<https://tools.ietf.org/html/rfc6066#section-3> (SNI)
    "HostName" contains the fully qualified DNS hostname of the server,
    as understood by the client.  The hostname is represented as a byte
    string using ASCII encoding without a trailing dot.

<https://tools.ietf.org/html/rfc7230#section-5.4> (HTTP)
    A client MUST send a Host header field in all HTTP/1.1 request
    messages.  If the target URI includes an authority component, then a
    client MUST send a field-value for Host that is identical to that
    authority component, excluding any userinfo subcomponent and its "@"
    delimiter (Section 2.7.1).

That means that the SNI host name and HTTP Host header do not always match. The
SNI host name must never have a trailing dot, but the HTTP Host header must
reflect a host name that is identical to the host name of the URI, so if the
URI's host has a trailing dot, the HTTP Host header must include that trailing
dot.

For example, if the URI of a page is <https://sni.velox.ch./>, the following
values should be sent by the Web browser:
SNI host: sni.velox.ch
HTTP host: sni.velox.ch.

However, Konqueror sends "sni.velox.ch." as the SNI host name, causing the
server to throw an error.

Reproducible: Always

Steps to Reproduce:
0. Load any page page in which the domain has a trailing dot in the domain (for
example, <https://sni.velox.ch./>)
1. Konqueror will send a malformed SNI host name
2. If the server software does not accept malformed SNI host names, the error
will be visible.

Actual Results:  
Konqueror sends "sni.velox.ch." as the SNI host name, causing the server to
throw an error.

Expected Results:  
Konqueror *should* strip the trailing dot off of the SNI host name to make it
comply with RFC 6066 while leaving the trailing dot in the HTTP Host header to
comply with RFC 7230.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to