Bug#771199: apache2: SNI hostname comparison against Host header is not case-insensitive
Package: apache2
Version: 2.2.22-13+deb7u3
Severity: normal
Dear Maintainer,
apache2 on debian using SSL returns error 400 when using ssl vhosts with SNI and
some capital letters. A similar bug is reported on Ubuntu[1] with instructions
on how to reproduce. I can confirm it happens when hosting several ssl sites on
debian stable too. And take into account, as the upstream bug[2] says, that RFC
4366 specifies that all the URI comparison shall be case-insensitive.
Also, as the ubuntu bug says, there is a bug upstream[2] and a fix for 2.2 is
commited. The fix seems to be applied in Ubuntu without any issue and the patch
seems REALLY simple, you can see it here[3].
Please apply the patch, as several production sites I'm running now are failing
because of this and it affects all SSL+SNI debian users using apache.
Thanks a lot,
Rodrigo
[1]: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1298273
[2]: https://issues.apache.org/bugzilla/show_bug.cgi?id=49491
[3]: https://svn.apache.org/viewvc?view=revision&revision=r1515565
Reply to: