[ https://issues.apache.org/jira/browse/SERF-185?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Osipov updated SERF-185: -------------------------------- Description: When issues following request with {{./serf_get -H -m GET https://server.old.company.net:8443/}} the {{server_name}} value in the SNI extension is {{server.old.company.net:8443}}, but has to be {{server.old.company.net}} (stripped port). Tomcat is not able to match the input against its confguration and delivers the wrong certificate. The error is in: {code} ./test/serf_get.c:226: serf_ssl_set_hostname(conn_ctx->ssl_ctx, ctx->hostinfo); {code} where {{hostinfo}} contains hostname and port which is suitable for the {{Host}} header, but not for SNI. Subversion itself does not suffer from this issue. was: When issues following request with {{./serf_get -H -m GET https://server.old.siemens.net:8443/}} the {{server_name}} value in the SNI extension is {{server.old.siemens.net:8443}}, but has to be {{server.old.siemens.net}} (stripped port). Tomcat is not able to match the input against its confguration and delivers the wrong certificate. The error is in: {code} ./test/serf_get.c:226: serf_ssl_set_hostname(conn_ctx->ssl_ctx, ctx->hostinfo); {code} where {{hostinfo}} contains hostname and port which is suitable for the {{Host}} header, but not for SNI. Subversion itself does not suffer from this issue. > serf_get sets incorrect hostname for SNI > ---------------------------------------- > > Key: SERF-185 > URL: https://issues.apache.org/jira/browse/SERF-185 > Project: serf > Issue Type: Bug > Affects Versions: serf-1.3.9 > Environment: * IP. 192.168.1.10 > * Hostname (A record): server.ad001.company.net > * Hostname (CNAME): server.old.company.net => server.ad001.company.net > * Tomcat 8.5 with APR/OpenSSL TLS Virtual Hosting > * Default host: server.ad001.company.net > Reporter: Michael Osipov > > When issues following request with {{./serf_get -H -m GET > https://server.old.company.net:8443/}} the {{server_name}} value in the SNI > extension is {{server.old.company.net:8443}}, but has to be > {{server.old.company.net}} (stripped port). Tomcat is not able to match the > input against its confguration and delivers the wrong certificate. > The error is in: > {code} > ./test/serf_get.c:226: serf_ssl_set_hostname(conn_ctx->ssl_ctx, > ctx->hostinfo); > {code} > where {{hostinfo}} contains hostname and port which is suitable for the > {{Host}} header, but not for SNI. > Subversion itself does not suffer from this issue. -- This message was sent by Atlassian JIRA (v6.4.14#64029)