https://bugs.kde.org/show_bug.cgi?id=360423
Yst Dawson <bugs.kde.or...@y.st> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Resolution|WAITINGFORINFO |---
Status|NEEDSINFO |CONFIRMED
--- Comment #15 from Yst Dawson <bugs.kde.or...@y.st> ---
Because I couldn't get the proxy setting to work, I had to wipe my laptop so
it'd be safe to use it on an unsafe network, then had to take it down to the
local library to use their network. I'll wipe it again, then get all my data
transferred back onto it later so I can use it on my secure network again, I
guess ...
Anyway, as the website mentioned in the bug report is now down, I've found this
new one: <https://check-tls.akamaized.net./>. It does have the flaw that it
appears to be trying to test to see if the SNI host name and the HTTP Host
header match, when according to the two RFCs mentioned in the initial bug
report, they shouldn't match when the host name in the URI is fully-qualified
(ends in a dot). Still, it shows the two important pieces of information: the
SNI host and the HTTP Host header. It seems that the most-recent versions of
Konqueror not only still have the bug, but actually introduce a second bug.
The dot at the end in the hostname in the URI (if present) *MUST* be stripped
in the SNI host (RFC 6066), but Konqueror does not strip this dot. This was the
original bug reported.
The dot at the end of the hostname in the URI (if present) *MUST NOT* be
stripped in the HTTP Host header (RFC 7230), but Konqueror does strip this dot.
This is a newly-introduced bug.
In other words, the dot is stripped only in the place it shouldn't be stripped.
--
You are receiving this mail because:
You are watching all bug changes.
