curl -vkI https://"\[2001:8003:4c06:5742:f1d0:3:279:1fd\]"
HEAD / HTTP/1.1
User-Agent: curl/7.29.0
Host: [2001:8003:4c06:5742:f1d0:3:279:1fd]
Accept: */*
Hey DM,
I've been hitting my webserver using an IPv6 address, and I'm getting a 400 response:
curl -vkI https://"\[2001:8003:4c06:5742:f1d0:3:279:1fd\]"
* Connected to 2001:8003:4c06:5742:f1d0:3:279:1fd (2001:8003:4c06:5742:f1d0:3:279:1fd) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate:
* subject: CN=bbs.leenooks.net
* start date: Aug 13 11:50:52 2020 GMT
* expire date: Nov 11 11:50:52 2020 GMT
* common name: bbs.leenooks.net
* issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
HEAD / HTTP/1.1
User-Agent: curl/7.29.0
Host: [2001:8003:4c06:5742:f1d0:3:279:1fd]
Accept: */*
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
But if I use a hostname, I get the 200.
I'm thinking the is_legal_hostname() test in webserver.c probably needs to test for '[]' ?
[] is not a valid hostname. I suspect it's because of https and the certificate verification. Did you try just using http (not https)?
Re: webserver
By: Digital Man to alterego on Sat Oct 10 2020 11:38 pm
[] is not a valid hostname. I suspect it's because of https and the certificate verification. Did you try just using http (not https)?
Its valid when using an IPV6 address syntax though.
And yes, its not certificate related - hence the -k switch to curl. (And yes it exhibits the same issue with http://)
(If I make up a fake name in /etc/hosts, and curl -vkI https://fakename - I get a 200, and the certificate is definately not valid for fakename).
Sysop: | Chris Crash |
---|---|
Location: | Huntington Beach, CA. |
Users: | 585 |
Nodes: | 8 (0 / 8) |
Uptime: | 28:55:39 |
Calls: | 10,757 |
Files: | 5 |
Messages: | 452,141 |