Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7972917BFA for ; Wed, 16 Sep 2015 09:36:26 +0000 (UTC) Received: (qmail 48926 invoked by uid 500); 16 Sep 2015 09:36:26 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 48839 invoked by uid 500); 16 Sep 2015 09:36:26 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 48829 invoked by uid 99); 16 Sep 2015 09:36:25 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Sep 2015 09:36:25 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 8D175180976 for ; Wed, 16 Sep 2015 09:36:25 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.099 X-Spam-Level: X-Spam-Status: No, score=-0.099 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id WJFRXGxJzQcY for ; Wed, 16 Sep 2015 09:36:11 +0000 (UTC) Received: from mail-qk0-f175.google.com (mail-qk0-f175.google.com [209.85.220.175]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id 122D944154 for ; Wed, 16 Sep 2015 09:36:11 +0000 (UTC) Received: by qkfq186 with SMTP id q186so83642675qkf.1 for ; Wed, 16 Sep 2015 02:36:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=EKAt5vUV9FZaCyVlsdgHPM0b7DujnkfbyGm4XDzMq9o=; b=vWQujJNFLxUWAOJSZMjxg/ROxzknGkSBuV7dWUztP30YHX0OatKHgwcEgl5eJnuUuA mhPLRCPUHzb/Tzl7jaHRqZvsu+XXosX0CAOWqiQV1VLWB/aR0N26U/DzjS0GLPTcV7DE wHhmX30iKULy/SycYhS7l32N5u2DnPZodqm+/dDgzdymKseywPr1WBi+6hz4kilDxNJo 1dDevimXfCkbIJsyAocrMK8jUyU3COlCn5fP/1485ZuIOVuhdTGl4cXugcRvi5bsk0yD Ba6gAExl3TdZmOWWhxMkzWIpjSrGp51Z89Ziwdha6fNPUMpRS7Q7jnJhJp5rylE0XEeC lO/g== MIME-Version: 1.0 X-Received: by 10.55.22.143 with SMTP id 15mr39714251qkw.38.1442396170799; Wed, 16 Sep 2015 02:36:10 -0700 (PDT) Received: by 10.55.72.20 with HTTP; Wed, 16 Sep 2015 02:36:10 -0700 (PDT) In-Reply-To: References: <55f932e5.7c4.be8.3af5@land10.nl> Date: Wed, 16 Sep 2015 11:36:10 +0200 Message-ID: Subject: Re: 2.4.17-protocols-http2/ - SNI issue From: Yann Ylavic To: dev@httpd.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Sep 16, 2015 at 11:24 AM, Pl=C3=BCm, R=C3=BCdiger, Vodafone Group wrote: > >> -----Original Message----- >> From: Steffen >> Sent: Mittwoch, 16. September 2015 11:14 >> To: dev@httpd.apache.org >> Subject: 2.4.17-protocols-http2/ - SNI issue [] >> >> [ssl:error] [pid 3428:tid 3952] AH02032: Hostname www.apachelounge.com >> provided via SNI and hostname www.apachelounge.com provided via HTTP >> are different > > The above is very weird as both times we see www.apachelounge.com. Can yo= u please check the logs with some kind of hex tool if there is really no di= fference between both strings? The logic to detect a difference in the code= is just a usual strcasecmp. So I sense some hidden characters somewhere, w= hich might give us a hint where things go really wrong. ISTM that the test should be: if (strcasecmp(host, servername) || (sslconn->server && !ssl_util_vhost_matches(host, sslconn->server))) instead of: if (strcasecmp(host, servername) || !sslconn->server || !ssl_util_vhost_matches(host, sslconn->server)) Not sure sslconn->server isn't NULL here for the first request. Regards, Yann.