Midori sends malformed SNI host names
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Midori Web Browser |
New
|
Undecided
|
Unassigned |
Bug Description
To quote a couple specifications:
<https:/
"HostName" contains the fully qualified DNS hostname of the server,
as understood by the client. The hostname is represented as a byte
string using ASCII encoding without a trailing dot.
<https:/
A client MUST send a Host header field in all HTTP/1.1 request
messages. If the target URI includes an authority component, then a
client MUST send a field-value for Host that is identical to that
authority component, excluding any userinfo subcomponent and its "@"
delimiter (Section 2.7.1).
That means that the SNI host name and HTTP Host header do not always match. The SNI host name must never have a trailing dot, but the HTTP Host header must reflect a host name that is identical to the host name of the URI, so if the URI's host has a trailing dot, the HTTPS Host header must include that trailing dot.
For example, if the URI of a page is <https:/
SNI host: sni.velox.ch
HTTP host: sni.velox.ch.
However, Midori sends "sni.velox.ch." as the SNI host name, causing the server to throw an error.
The version information from <about:version> is as follow:
Command line midori
Midori 0.5.11 ((null)) Midori
GTK+ 2.24.25 (2.24.25) Glib 2.42.1 (2.42.1)
WebKitGTK+ 2.4.8 (2.4.9) libSoup 2.48.0
cairo 1.14.0 (1.14.0) libnotify No
gcr 3.14.0 granite No
Platform X11; Linux x86_64
Identification Mozilla/5.0 (X11; Linux) AppleWebKit/538.15 (KHTML, like Gecko) Chrome/
Video Formats H264 [x] Ogg Theora [x] WebM [x]