rpms / pki-core

Clone
Source Code
GIT

Files

10.6 el5 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f23
  2.   pki-core-sslget-must-set-host-HTTP-header.patch
Blob Blame History Raw 
From 6de1a9e02372d34a3386259265f14f7117e73498 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Wed, 25 Nov 2015 20:42:17 +0100
Subject: [PATCH] sslget must set Host HTTP header

The sslget tool sends a TLS SNI header. Apache doesn't like server name
indication without a matching HTTP header. Requests without a Host
header are refused with

HTTP/1.1 400 Bad Request
Hostname example.org provided via SNI, but no hostname provided in HTTP request

sslget now sets a Host HTTP header for all requests.

https://fedorahosted.org/pki/ticket/1704

Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
 base/native-tools/src/sslget/sslget.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/base/native-tools/src/sslget/sslget.c b/base/native-tools/src/sslget/sslget.c
index c453096babaadd2fa5b5554652e6803417a868fa..bd631c6fb44e67dd4811afcdb26714370040fba7 100644
--- a/base/native-tools/src/sslget/sslget.c
+++ b/base/native-tools/src/sslget/sslget.c
@@ -299,14 +299,6 @@ printSecurityInfo(PRFileDesc *fd)
 
 PRBool useModelSocket = PR_TRUE;
 
-static const char outHeader[] = {
-    "HTTP/1.0 200 OK\r\n"
-    "Server: Netscape-Enterprise/2.0a\r\n"
-    "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
-    "Content-type: text/plain\r\n"
-    "\r\n"
-};
-
 
 PRInt32
 do_writes(
@@ -703,18 +695,23 @@ client_main(
 
 
 SECStatus
-createRequest(char * url, char *post)
+createRequest(
+    char * url,
+    char *post,
+    const char *hostName,
+    unsigned short port)
 {
 	char * newstr;
 
     if (post == NULL) {
         newstr = PR_smprintf(
-			"GET %s HTTP/1.0\r\n\r\n",
-			url);
+			"GET %s HTTP/1.0\r\nHost: %s:%u\r\n\r\n",
+			url, hostName, (PRUintn)port);
     } else {
         int len = strlen(post);
         newstr = PR_smprintf(
-			"POST %s HTTP/1.0\r\nContent-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n%s", url, len, post);
+			"POST %s HTTP/1.0\r\nHost: %s:%u\r\nContent-Length: %d\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n%s",
+                        url, hostName, (PRUintn)port, len, post);
     }
 
     bigBuf.data = (unsigned char *)newstr;
@@ -833,7 +830,7 @@ main(int argc, char **argv)
 	Usage(progName);
     }
 
-    createRequest(url, post);
+    createRequest(url, post, hostName, port);
 
 	if (passwdfile) {
 		fp = fopen(passwdfile,"r");
-- 
2.4.3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.