serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SERF-185) serf_get sets incorrect hostname for SNI
Date Fri, 29 Sep 2017 11:29:00 GMT

     [ https://issues.apache.org/jira/browse/SERF-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Osipov updated SERF-185:
--------------------------------
    Description: 
When issues following request with {{./serf_get -H -m GET https://server.old.company.net:8443/}}
the {{server_name}} value in the SNI extension is {{server.old.company.net:8443}}, but has
to be {{server.old.company.net}} (stripped port). Tomcat is not able to match the input against
its confguration and delivers the wrong certificate.

The error is in:

{code}
./test/serf_get.c:226:        serf_ssl_set_hostname(conn_ctx->ssl_ctx, ctx->hostinfo);
{code}

where {{hostinfo}} contains hostname and port which is suitable for the {{Host}} header, but
not for SNI.

Subversion itself does not suffer from this issue.

  was:
When issues following request with {{./serf_get -H -m GET https://server.old.siemens.net:8443/}}
the {{server_name}} value in the SNI extension is {{server.old.siemens.net:8443}}, but has
to be {{server.old.siemens.net}} (stripped port). Tomcat is not able to match the input against
its confguration and delivers the wrong certificate.

The error is in:

{code}
./test/serf_get.c:226:        serf_ssl_set_hostname(conn_ctx->ssl_ctx, ctx->hostinfo);
{code}

where {{hostinfo}} contains hostname and port which is suitable for the {{Host}} header, but
not for SNI.

Subversion itself does not suffer from this issue.


> serf_get sets incorrect hostname for SNI
> ----------------------------------------
>
>                 Key: SERF-185
>                 URL: https://issues.apache.org/jira/browse/SERF-185
>             Project: serf
>          Issue Type: Bug
>    Affects Versions: serf-1.3.9
>         Environment: * IP. 192.168.1.10
> * Hostname (A record): server.ad001.company.net
> * Hostname (CNAME): server.old.company.net => server.ad001.company.net
> * Tomcat 8.5 with APR/OpenSSL TLS Virtual Hosting
> * Default host:  server.ad001.company.net
>            Reporter: Michael Osipov
>
> When issues following request with {{./serf_get -H -m GET https://server.old.company.net:8443/}}
the {{server_name}} value in the SNI extension is {{server.old.company.net:8443}}, but has
to be {{server.old.company.net}} (stripped port). Tomcat is not able to match the input against
its confguration and delivers the wrong certificate.
> The error is in:
> {code}
> ./test/serf_get.c:226:        serf_ssl_set_hostname(conn_ctx->ssl_ctx, ctx->hostinfo);
> {code}
> where {{hostinfo}} contains hostname and port which is suitable for the {{Host}} header,
but not for SNI.
> Subversion itself does not suffer from this issue.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message