Re: [patch] reject http header without colon (:) in the header name

Nginx is the only widely-used HTTP server that ignores invalid field-lines. This behavior makes it trivial to fingerprint. I never reported this in the past because I assumed Maxim wouldn't care about that sort of thing. Now that he's out of the picture, maybe others will see things differently?

[patch] reject http header without colon (:) in the header name

hello, it appears that nginx would happily accept http header without colon (:) in the header name. the patch below tries to address this. thanks max == --- a/ports/netflix/nginx/files/nginx/src/http/ngx_http_parse.c +++ b/ports/netflix/nginx/files/nginx/src/http/ngx_http_parse.c @@ -941,14 +94

[PATCH] Tests: ssl_engine_keys.t improved

# HG changeset patch # User Oksana Deeva # Date 1715111756 -10800 # Tue May 07 22:55:56 2024 +0300 # Node ID e5014b423e1391dd1078d064361a0b28d1a488d0 # Parent 2a607a31f583add7adfa1ac434a3f793d327ca6b Tests: ssl_engine_keys.t improved diff -r 2a607a31f583 -r e5014b423e13 ssl_engine_keys.t --