cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Patch: OpenSSL Server Name Indication value should match custom Host header

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 5 Nov 2010 08:58:29 +0100 (CET)

On Fri, 5 Nov 2010, Daniel Stenberg wrote:

> curl https://207.97.227.239/ -H "Host: github.com"

Suddenly I realize what Peter is talking about and why this may be
problematic.

We then need to make sure this connection internally is considered as a HTTPS
connection to github.com so that it only gets re-used for that, and not for
any other random host name that happens to be on the same IP. But that's a
bit "weird" for a HTTP header to dictate those rules over the connection and
SSL, especially if you for example do subsequent requests on the same handle
but change Host: again... :-/

This smells like a potential can of worms.

Perhaps we need to do this case with a new host name option for the SNI and
server cert name check.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2010-11-05

This message: [ Message body ]
Next message: Peter Sylvester: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
Previous message: Daniel Stenberg: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"
In reply to: Daniel Stenberg: "Re: Patch: OpenSSL Server Name Indication value should match custom Host header"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]