curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Verification of :authority in push promise requests too strict?

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 13 Sep 2019 16:59:39 +0200 (CEST)

On Wed, 11 Sep 2019, Christoph M. Becker via curl-library wrote:

> As of curl 7.64.1 one test case[1] in the PHP test suite is failing,
> which is caused by
> <https://github.com/curl/curl/pull/3581/commits/228cb2511e00badc78eb2356232b40eee54d0dbc>.
>
> The problem is that the server sends
>
> :authority http2.golang.org
>
> while libcurl expects
>
> :authority http2.golang.org:443
>
> So obviously only the (default) port number is missing. I wonder whether
> the check for the :authority pseudo is too strict.

I certainly seems so. Without a port number present it is supposed to be the
default for the scheme so for a typical HTTPS URL "http2.golang.org" and
"http2.golang.org:443" should match for all I can see.

Do you agree? You up to work on a fix?

-- 
  / daniel.haxx.se | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-13