Bug#1114620: htdig does not use SNI on https requests
Package: htdig
Version: 1:3.2.0b6-19
Severity: important
Tags: upstream
Dear Maintainer,
The htdig indexer does not use SNI when making HTTPS requests. This makes
it fail when trying to index HTTPS sites that share an IP address but
have different virtual host names. I am seeing the following in my
Apache logs when htdig tries to index my site (hostnames and IP mildly
redacted):
[Sun Sep 07 12:24:52.993754 2025] [ssl:error] [pid 325518:tid 325518]
[client 192.168.100.6:49344] AH02032: Hostname www.example.com
(default host as no SNI was provided) and hostname www2.example.org
provided via HTTP have no compatible SSL setup
htdig is using: Host: www2.example.org, but not using SNI,
and if there's no SNI my server defaults to www.example.com
Regards,
Dianne.
-- System Information:
Debian Release: 12.12
APT prefers oldstable-security
APT policy: (500, 'oldstable-security'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.16.5 (SMP w/1 CPU thread; PREEMPT)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages htdig depends on:
ii debconf [debconf-2.0] 1.5.82
ii libc6 2.36-9+deb12u13
ii libssl3 3.0.17-1~deb12u2
ii libstdc++6 12.2.0-14+deb12u1
ii lockfile-progs 0.1.19
ii perl 5.36.0-7+deb12u3
ii zlib1g 1:1.2.13.dfsg-1
htdig recommends no packages.
Versions of packages htdig suggests:
ii apache2 [httpd] 2.4.65-1~deb12u1
pn htdig-doc <none>
-- Configuration Files:
/etc/htdig/footer.html changed [not included]
/etc/htdig/header.html changed [not included]
/etc/htdig/htdig.conf changed [not included]
/etc/htdig/nomatch.html changed [not included]
-- debconf information excluded
Reply to: