Re: SNI vs Host: and a trailing dot

> On 16 Mar 2016, at 10:17 PM, Daniel Stenberg <daniel@haxx.se> wrote:
> 
> Heya HTTP peeps!
> 
> Input "HTTPS://example.com./". A URI using a hostname with a trailing dot. How to behave?
> 
> 1. RFC 6066 section 3 says the hostname in SNI string should be sent "without a trailing dot"
> 
> 2. RFC 7230 secion 5.4 says about Host: "MUST send a field-value for Host that is identical to that authority component" - which then would include the trailing dot.
> 
> Following these specs, we should send different names in SNI vs Host when a trailing dot is used. I don't like that as I suspect HTTPS servers will use the SNI field to serve contents

They shouldn't be doing that (if indeed they do); SNI is only for selecting the certificate, not anything to do with what happens inside HTTP.

Cheers,

--
Mark Nottingham   https://www.mnot.net/

Received on Wednesday, 16 March 2016 23:02:46 UTC