Re: Trailing dot in FQDN TLS SNI/HTTP HostName

Mon, 05 May 2014 04:58:09 -0700 

On Mon, 28 Apr 2014, Leon Winter wrote:
While I agree with the idea of normalizing the domain name as a first step, we need to take the higher level protocols into consideration. Every protocol on top of TLS can cause problems. Considering HTTP let us look into RFC 2616 section 3.2.2 [0]: 


I actually can't think of any reason to keep the trailing dot. If the URL is 
to be passed to the proxy like when doing HTTP over a proxy, that dot won't be 
stripped off.



I'm leaning towards committing a change that normalizes the host name for all 
uses (except in the full URL sent over a http proxy) - and see if anyone 
reports any problems. Normalize in the way that it strips off one single 
trailing dot if there is one. My basic local testing hasn't shown any 
problems. See attachment for the patch.


Anyone who objects?

--

 / daniel.haxx.se
From 5b3f15ba0aff0b3b437962800395cd404f738b63 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <[email protected]>
Date: Mon, 5 May 2014 13:47:52 +0200
Subject: [PATCH] fix_hostname: strip off a single trailing dot from host name

Primarily for SNI, we need the host name without a trailing dot.
"https://www.example.com."; resolves fine but fails on SNI unless the dot
is removed.

Reported-by: Leon Winter
Bug: http://curl.haxx.se/mail/lib-2014-04/0161.html
---
 lib/url.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/url.c b/lib/url.c
index 5952a9b..c933921 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3500,13 +3500,21 @@ static void fix_hostname(struct SessionHandle *data,
   (void)data;
   (void)conn;
 #elif defined(CURL_DISABLE_VERBOSE_STRINGS)
   (void)conn;
 #endif
+  size_t len;
 
   /* set the name we use to display the host name */
   host->dispname = host->name;
+
+  len = strlen(host->name);
+  if(host->name[len-1] == '.')
+    /* strip off a single trailing dot if present, primarily for SNI but
+       there's no use for it */
+    host->name[len-1]=0;
+
   if(!is_ASCII_name(host->name)) {
 #ifdef USE_LIBIDN
   /*************************************************************
    * Check name for non-ASCII and convert hostname to ACE form.
    *************************************************************/
-- 
2.0.0.rc0


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html





















					Reply via email to