Hi, In our test server when I try to access URI "https://DTGTEST.ORG/ukdtt2/IC008/PATH/file" then the request is denied with error code 400. The error.log says: "[error] Hostname dTgTeSt.OrG provided via SNI and hostname dtgtest.org provided via HTTP are different" The error here is that the function ssl_hook_ReadReq in file ssl_engine_kernal.c at line number 205 {if (strcmp(host, servername))} uses case sensitive URI comparison. But the RFC 4366 specifies that all the URI comparison shall be case-insensitive. So I suggest to change this line to if (strcasecmp(host, servername)) Thanks you very much for your help and wonderful work at Apache. Best Regards, Mayank
What browser are you using? I am curious why it sents the hostname in the SNI extension in a different case than in the HTTP host header.
Hi Ruediger, This is a Set Top Box device that uses latest version of cURL and OpenSSL libraries. Strangely it seems that cURL is sending the following HTTP request after the TLS connection setup and the host name looks correct in it: GET /ukdtt2/IC008/PATH/file HTTP/1.1 Host: DTGTEST.ORG User-Agent: UK-MHEG/2 S&TITK/001 MHGS&T/260 Cache-Control: no-transform Regards, Mayank
I can't see any harm from doing that, even if it is pretty odd behaviour on the client's part. Hostnames are generally supposed to be compared case-insensitively. Committed in r1082189 - thanks.
This bug is still in the current version 2.2.19. In line 139 of the file ssl_engine_kernel.c the comparisson is still case sensitive.
This change was not applied to the 2.2.x branch. Can we have this in the next 2.2.x release?
Does FixedInTrunk mean that it has been fixed in the 2.2 branch or the 2.4 branch?
It is currently only fixed in 2.4.x and trunk.
AFAICT this issue is purely an Apache problem, not the client, since the Host is lowercased by vhost.c - fix_hostname() and then compared with strcmp() in ssl_engine_kernel.c ssl_hook_ReadReq()
Fixed in 2.2.x: http://svn.apache.org/r1515565