Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-51821

Qt sends malformed SNI host names

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 5.3.2
    • Fix Version/s: 5.6.1
    • Component/s: Network: SSL
    • Labels:
      None
    • Environment:
      Debian 8, Arora Web browser
    • Commits:
      5fe0e41e79030d14d8e32bda7fb5412d8c335c52

      Description

      To quote a couple specifications:
      <https://tools.ietf.org/html/rfc6066#section-3> (SNI)
      "HostName" contains the fully qualified DNS hostname of the server,
      as understood by the client. The hostname is represented as a byte
      string using ASCII encoding without a trailing dot.

      <https://tools.ietf.org/html/rfc7230#section-5.4> (HTTP)
      A client MUST send a Host header field in all HTTP/1.1 request
      messages. If the target URI includes an authority component, then a
      client MUST send a field-value for Host that is identical to that
      authority component, excluding any userinfo subcomponent and its "@"
      delimiter (Section 2.7.1).

      That means that the SNI host name and HTTP Host header do not always match. The SNI host name must never have a trailing dot, but the HTTP Host header must reflect a host name that is identical to the host name of the URI, so if the URI's host has a trailing dot, the HTTP Host header must include that trailing dot.

      For example, if the URI of a page is <https://sni.velox.ch./>, the following values should be sent by the Web browser:
      SNI host: sni.velox.ch
      HTTP host: sni.velox.ch.

      However, Qt sends "sni.velox.ch." as the SNI host name, causing the server to throw an error.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              richmoore Richard Moore (qtnetwork)
              Reporter:
              y.st. Yst
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes