• webserver

    From alterego@alterego@ALTERANT.remove-s76-this to Digital Man on Sun Oct 11 16:50:25 2020
    From Newsgroup: alt.bbs.synchronet

    To: Digital Man
    Hey DM,

    I've been hitting my webserver using an IPv6 address, and I'm getting a 400 response:

    curl -vkI https://"\[2001:8003:4c06:5742:f1d0:3:279:1fd\]"

    * Connected to 2001:8003:4c06:5742:f1d0:3:279:1fd (2001:8003:4c06:5742:f1d0:3:279:1fd) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * skipping SSL peer certificate verification
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    * Server certificate:
    * subject: CN=bbs.leenooks.net
    * start date: Aug 13 11:50:52 2020 GMT
    * expire date: Nov 11 11:50:52 2020 GMT
    * common name: bbs.leenooks.net
    * issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
    HEAD / HTTP/1.1
    User-Agent: curl/7.29.0
    Host: [2001:8003:4c06:5742:f1d0:3:279:1fd]
    Accept: */*

    < HTTP/1.1 400 Bad Request
    HTTP/1.1 400 Bad Request

    But if I use a hostname, I get the 200.

    I'm thinking the is_legal_hostname() test in webserver.c probably needs to test for '[]' ?

    ...ëîåï

    ... Between two evils, I always pick the one I never tried before.

    ---
    þ Synchronet þ Alterant | an SBBS in Docker on Pi!
    --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net
    --- Synchronet 3.19c-Linux NewsLink 1.113
  • From Digital Man@digital.man@vert.synchro.net.remove-sw2-this to alterego on Sat Oct 10 23:38:12 2020
    From Newsgroup: alt.bbs.synchronet

    To: alterego
    Re: webserver
    By: alterego to Digital Man on Sun Oct 11 2020 04:50 pm

    Hey DM,

    I've been hitting my webserver using an IPv6 address, and I'm getting a 400 response:

    curl -vkI https://"\[2001:8003:4c06:5742:f1d0:3:279:1fd\]"

    * Connected to 2001:8003:4c06:5742:f1d0:3:279:1fd (2001:8003:4c06:5742:f1d0:3:279:1fd) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    * skipping SSL peer certificate verification
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    * Server certificate:
    * subject: CN=bbs.leenooks.net
    * start date: Aug 13 11:50:52 2020 GMT
    * expire date: Nov 11 11:50:52 2020 GMT
    * common name: bbs.leenooks.net
    * issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
    HEAD / HTTP/1.1
    User-Agent: curl/7.29.0
    Host: [2001:8003:4c06:5742:f1d0:3:279:1fd]
    Accept: */*

    < HTTP/1.1 400 Bad Request
    HTTP/1.1 400 Bad Request

    But if I use a hostname, I get the 200.

    I'm thinking the is_legal_hostname() test in webserver.c probably needs to test for '[]' ?

    [] is not a valid hostname. I suspect it's because of https and the certificate verification. Did you try just using http (not https)?

    digital man

    This Is Spinal Tap quote #44:
    It really, it does disturb me, but i'll rise above it; I'm a professional. Norco, CA WX: 62.3øF, 88.0% humidity, 1 mph ESE wind, 0.00 inches rain/24hrs --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net
    --- Synchronet 3.19c-Linux NewsLink 1.113
  • From alterego@alterego@ALTERANT.remove-uc5-this to Digital Man on Mon Oct 12 09:08:34 2020
    From Newsgroup: alt.bbs.synchronet

    To: Digital Man
    Re: webserver
    By: Digital Man to alterego on Sat Oct 10 2020 11:38 pm

    [] is not a valid hostname. I suspect it's because of https and the certificate verification. Did you try just using http (not https)?

    Its valid when using an IPV6 address syntax though.

    And yes, its not certificate related - hence the -k switch to curl. (And yes it exhibits the same issue with http://)

    (If I make up a fake name in /etc/hosts, and curl -vkI https://fakename - I get a 200, and the certificate is definately not valid for fakename).

    ...ëîåï

    ... Pros are those who do their jobs well, even when they don't feel like it.

    ---
    þ Synchronet þ Alterant | an SBBS in Docker on Pi!
    --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net
    --- Synchronet 3.19c-Linux NewsLink 1.113
  • From Digital Man@digital.man@vert.synchro.net.remove-6yj-this to alterego on Sun Oct 11 18:39:59 2020
    From Newsgroup: alt.bbs.synchronet

    To: alterego
    Re: webserver
    By: alterego to Digital Man on Mon Oct 12 2020 09:08 am

    Re: webserver
    By: Digital Man to alterego on Sat Oct 10 2020 11:38 pm

    [] is not a valid hostname. I suspect it's because of https and the certificate verification. Did you try just using http (not https)?

    Its valid when using an IPV6 address syntax though.

    An IP address is not a hostname. That said, I don't know why a valid hostname is being tested for.

    And yes, its not certificate related - hence the -k switch to curl. (And yes it exhibits the same issue with http://)

    (If I make up a fake name in /etc/hosts, and curl -vkI https://fakename - I get a 200, and the certificate is definately not valid for fakename).

    Interesting.

    digital man

    Rush quote #41:
    Angels and demons dancing in my head, lunatics and monsters underneath my bed Norco, CA WX: 73.3øF, 62.0% humidity, 5 mph ENE wind, 0.00 inches rain/24hrs --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net
    --- Synchronet 3.19c-Linux NewsLink 1.113