[Bug 1298273] Re: apache2 doesn't compare SNI hostname against Host header case-insensitively

Ritesh Khadgaray 1298273 at bugs.launchpad.net
Thu Mar 27 13:53:07 UTC 2014 

@racb

  This fix is in trusty. This patch ha been tested by the customer, and
I am able to successfully build against this patch.  I have added dep3
header ( I hope correctly) .


** Patch removed: "proposed patch for precise"
   https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1298273/+attachment/4046608/+files/sni.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1298273

Title:
   apache2 doesn't compare SNI hostname against Host header case-
  insensitively

Status in Apache2 Web Server:
  Unknown
Status in “apache2” package in Ubuntu:
  New

Bug description:
  [impact
  Landscape client registration is fails with the following apache error message.
  [Wed Mar 26 15:44:29 2014] [error] Hostname P122C-0-0-15680 provided via SNI and hostname p122c-0-0-15680 provided via HTTP are different.

  it is because apache2 doesn't compare SNI hostname against Host header case-insensitively.
  apache2 rejects connection request and returns 400 error code when the SNI doesn't match with requested.
  http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
  Therefore landscape client registration was failed.

  - Precise 12.04 LTS
  - apache2 : 2.2.22-1ubuntu1.4

  [Test Case]
  How reproducible is the problem?
  ( easily with the test case, intermittent, on every boot, etc)

   1. Create self-signed SSL certificate file with upper case hostname 
   2. curl https://hostname/message-system --cacert xxxx
       a. Actual Results - apache returns 400 Bad request error.
       b. Expected Results - apache should return 200

  [Regression Potential] 
  none, this has been merged into upstream and well tested. 

  [Other Info]
  The same issue has been reported to apache upstream and the bug fix was applied at Aug 19 2013.
  https://issues.apache.org/bugzilla/show_bug.cgi?id=49491
  It looks like this patch is not applied to apache2 package for precise yet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1298273/+subscriptions

More information about the Ubuntu-sponsors mailing list