httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steffen <i...@apachelounge.com>
Subject RE: 2.4.17-protocols-http2/ - SNI issue
Date Fri, 18 Sep 2015 09:35:43 GMT

Debug log attached.




On Wednesday 16/09/2015 at 12:06, Plüm wrote:
>
>
>>
>> -----Original Message-----
>> From: Stefan Eissing [mailto:stefan.eissing@greenbytes.de]
>> Sent: Mittwoch, 16. September 2015 11:38
>> To: dev@httpd.apache.org
>> Subject: Re: 2.4.17-protocols-http2/ - SNI issue
>>
>> Good point. Limited online today. If someone wants to give this a 
>> shot,
>> please.
>>
>>>
>>> Am 16.09.2015 um 11:36 schrieb Yann Ylavic <ylavic.dev@gmail.com>:
>>>
>>> On Wed, Sep 16, 2015 at 11:24 AM, Plüm, Rüdiger, Vodafone Group
>>> <ruediger.pluem@vodafone.com> wrote:
>>>>
>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Steffen
>>>>> Sent: Mittwoch, 16. September 2015 11:14
>>>>> To: dev@httpd.apache.org
>>>>> Subject: 2.4.17-protocols-http2/ - SNI issue
>>> []
>>>>
>>>>>
>>>>>
>>>>> [ssl:error] [pid 3428:tid 3952] AH02032: Hostname 
>>>>> http://www.apachelounge.com
>>>>> provided via SNI and hostname http://www.apachelounge.com provided via

>>>>> HTTP
>>>>> are different
>>>>
>>>> The above is very weird as both times we see 
>>>> http://www.apachelounge.com. Can
>> you please check the logs with some kind of hex tool if there is 
>> really no
>> difference between both strings? The logic to detect a difference in 
>> the
>> code is just a usual strcasecmp. So I sense some hidden characters
>> somewhere, which might give us a hint where things go really wrong.
>
> Ahh I did miss that he used Stefans branch and not the 2.4.x branch.
>
>>
>>>
>>>
>>> ISTM that the test should be:
>>>                        if (strcasecmp(host, servername)
>>>                                || (sslconn->server
>>>                                        && 
>>> !ssl_util_vhost_matches(host, sslconn->server)))
>>>
>>> instead of:
>>>                      if (strcasecmp(host, servername)
>>>                                || !sslconn->server
>>>                                || !ssl_util_vhost_matches(host, 
>>> sslconn->server))
>>>
>>> Not sure sslconn->server isn't NULL here for the first request.
>
> I shouldn't be. Maybe setting the loglevel to Debug could help to see 
> the other SNI stuff that was going on before and if it correctly 
> identified the correct vhost via SNI.
>
> Regards
>
> Rüdiger


Mime
View raw message