curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Verification of :authority in push promise requests too strict?

From: Christoph M. Becker via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 16 Sep 2019 16:14:17 +0200

On 13.09.2019 at 16:59, Daniel Stenberg wrote:

> On Wed, 11 Sep 2019, Christoph M. Becker via curl-library wrote:
>
>> As of curl 7.64.1 one test case[1] in the PHP test suite is failing,
>> which is caused by
>> <https://github.com/curl/curl/pull/3581/commits/228cb2511e00badc78eb2356232b40eee54d0dbc>.
>>
>>
>> The problem is that the server sends
>>
>> :authority http2.golang.org
>>
>> while libcurl expects
>>
>> :authority http2.golang.org:443
>>
>> So obviously only the (default) port number is missing. I wonder
>> whether the check for the :authority pseudo is too strict.
>
> I certainly seems so. Without a port number present it is supposed to be
> the default for the scheme so for a typical HTTPS URL "http2.golang.org"
> and "http2.golang.org:443" should match for all I can see.
>
> Do you agree? You up to work on a fix?

Yes, I agree, and submitted <https://github.com/curl/curl/pull/4365>.

--
Christoph M. Becker
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2019-09-16

This message: [ Message body ]
Next message: Nguyen Hoang Tuan \(Hubble Vietnam\) via curl-library: "Curl coredump after re-use connection"
Previous message: Daniel Stenberg via curl-library: "Re: http/3 and libcurl-multi"
In reply to: Daniel Stenberg via curl-library: "Re: Verification of :authority in push promise requests too strict?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]