httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: 2.4.17-protocols-http2/ - SNI issue
Date Fri, 18 Sep 2015 09:36:01 GMT
I think I found it. Just writing a test case to confirm...

> Am 18.09.2015 um 11:35 schrieb Steffen <info@apachelounge.com>:
> 
> Debug log attached.
> 
> 
>  
> On Wednesday 16/09/2015 at 12:06, Plüm wrote: 
>> 
>> 
>>> -----Original Message-----
>>> From: Stefan Eissing [mailto:stefan.eissing@greenbytes.de]
>>> Sent: Mittwoch, 16. September 2015 11:38
>>> To: dev@httpd.apache.org
>>> Subject: Re: 2.4.17-protocols-http2/ - SNI issue
>>> 
>>> Good point. Limited online today. If someone wants to give this a shot,
>>> please.
>>> 
>>>> Am 16.09.2015 um 11:36 schrieb Yann Ylavic <ylavic.dev@gmail.com>:
>>>> 
>>>> On Wed, Sep 16, 2015 at 11:24 AM, Plüm, Rüdiger, Vodafone Group
>>>> <ruediger.pluem@vodafone.com> wrote:
>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: Steffen
>>>>>> Sent: Mittwoch, 16. September 2015 11:14
>>>>>> To: dev@httpd.apache.org
>>>>>> Subject: 2.4.17-protocols-http2/ - SNI issue
>>>> []
>>>>>> 
>>>>>> [ssl:error] [pid 3428:tid 3952] AH02032: Hostname http://www.apachelounge.com
>>>>>> provided via SNI and hostname http://www.apachelounge.com provided
via HTTP
>>>>>> are different
>>>>> 
>>>>> The above is very weird as both times we see http://www.apachelounge.com.
Can
>>> you please check the logs with some kind of hex tool if there is really no
>>> difference between both strings? The logic to detect a difference in the
>>> code is just a usual strcasecmp. So I sense some hidden characters
>>> somewhere, which might give us a hint where things go really wrong.
>> 
>> Ahh I did miss that he used Stefans branch and not the 2.4.x branch.
>> 
>>>> 
>>>> ISTM that the test should be:
>>>>              if (strcasecmp(host, servername)
>>>>                  || (sslconn->server
>>>>                      && !ssl_util_vhost_matches(host, sslconn->server)))
>>>> 
>>>> instead of:
>>>>             if (strcasecmp(host, servername)
>>>>                  || !sslconn->server
>>>>                  || !ssl_util_vhost_matches(host, sslconn->server))
>>>> 
>>>> Not sure sslconn->server isn't NULL here for the first request.
>> 
>> I shouldn't be. Maybe setting the loglevel to Debug could help to see the other SNI
stuff that was going on before and if it correctly identified the correct vhost via SNI.
>> 
>> Regards
>> 
>> Rüdiger
> 
> <serror.log>

<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782




Mime
View raw message