Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[http_client] CN checking against caller-specified Host header doesn't strip a port number #1790

Open
garethsb opened this issue Feb 23, 2024 · 0 comments
Open

[http_client] CN checking against caller-specified Host header doesn't strip a port number #1790

garethsb opened this issue Feb 23, 2024 · 0 comments

Comments

@garethsb
Copy link
Contributor

Related to #832.

Both calc_cn_host in cpprestsdk/Release/src/http/client/http_client_asio.cpp and winhttp_client::send_request in cpprestsdk/Release/src/http/client/http_client_winhttp.cpp cause the entire Host header value to be compared with the certificate Common Name which causes an SSL handshake error if the caller passes a Host header including a port number, e.g. when non-default.

cpprestsdk/Release/src/http/client/http_client_asio.cpp

Line 103 in 411a109

encResult = &hostHeader->second;

cpprestsdk/Release/src/http/client/http_client_winhttp.cpp

Line 1110 in 411a109

const auto& requestHost = hostHeader->second;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@garethsb