Bug#1114620: htdig does not use SNI on https requests

To: 1114620@bugs.debian.org
Subject: Bug#1114620: htdig does not use SNI on https requests
From: Dianne Skoll <dianne@skoll.ca>
Date: Sun, 7 Sep 2025 16:44:28 -0400
Message-id: <[🔎] 20250907164428.4d3c5208@gato.skoll.ca>
Reply-to: Dianne Skoll <dianne@skoll.ca>, 1114620@bugs.debian.org
In-reply-to: <[🔎] 175726387530.354625.5415620938110568178.reportbug@dianne.skoll.ca>
References: <[🔎] 175726387530.354625.5415620938110568178.reportbug@dianne.skoll.ca>

Hi,

Ah... I just realized that the standard Debian htdig package doesn't
even support HTTPS.  I forgot that I had built my own.

Anyway: The following patch against the debian/ subdirectory adds
support for HTTPS, and also fixes the SNI issue.  Please consider
applying it to the official packages.

Regards,

Dianne.

diff -u -r -N debian.orig/control debian/control
--- debian.orig/control	2017-08-21 21:47:56.000000000 -0400
+++ debian/control	2021-11-29 13:27:04.000000000 -0500
@@ -2,12 +2,12 @@
 Section: web
 Priority: optional
 Maintainer: Debian QA Group <packages@qa.debian.org>
-Build-Depends: debhelper (>= 10), zlib1g-dev, flex, bison
+Build-Depends: debhelper (>= 10), zlib1g-dev, flex, bison, libssl-dev
 Standards-Version: 4.1.0
 
 Package: htdig
 Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}, perl, lockfile-progs, debconf (>= 1.2.9) | debconf-2.0
+Depends: ${misc:Depends}, ${shlibs:Depends}, perl, lockfile-progs, libssl3, debconf (>= 1.2.9) | debconf-2.0
 Suggests: htdig-doc, wwwoffle | httpd
 Conflicts: libmifluz0
 Description: web search and indexing system - binaries
diff -u -r -N debian.orig/patches/series debian/patches/series
--- debian.orig/patches/series	2021-11-29 13:27:00.000000000 -0500
+++ debian/patches/series	2021-11-29 13:27:04.000000000 -0500
@@ -4,3 +4,4 @@
 sourceforge_logo
 drop-bogus-assignment
 gcc-11
+support-sni
diff -u -r -N debian.orig/patches/support-sni debian/patches/support-sni
--- debian.orig/patches/support-sni	1969-12-31 19:00:00.000000000 -0500
+++ debian/patches/support-sni	2021-11-29 13:27:04.000000000 -0500
@@ -0,0 +1,14 @@
+diff -u -r htdig-3.2.0b6.orig/htnet/SSLConnection.cc htdig-3.2.0b6/htnet/SSLConnection.cc
+--- htdig-3.2.0b6.orig/htnet/SSLConnection.cc	2004-05-28 09:15:23.000000000 -0400
++++ htdig-3.2.0b6/htnet/SSLConnection.cc	2025-09-07 16:31:23.640863411 -0400
+@@ -88,6 +88,9 @@
+   //
+   ssl = SSL_new (ctx);
+ 
++  // SNI
++  SSL_set_tlsext_host_name(ssl, (char const *) server_name);
++
+   // Attach ssl to socket
+   //
+   SSL_set_fd (ssl, sock);
+Only in htdig-3.2.0b6/htnet: SSLConnection.cc~
diff -u -r -N debian.orig/rules debian/rules
--- debian.orig/rules	2018-12-01 13:00:32.000000000 -0500
+++ debian/rules	2021-11-29 13:27:04.000000000 -0500
@@ -21,6 +21,7 @@
 	LDFLAGS="$(LDFLAGS)" MV=/bin/mv ./configure \
 		--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
 		--with-pic \
+		--with-ssl \
 		--with-gnu-ld \
 		--prefix=/usr \
 		--with-cgi-bin-dir=/usr/lib/cgi-bin \

Reply to:

References:
- Bug#1114620: htdig does not use SNI on https requests
  - From: Dianne Skoll <dianne@skoll.ca>

Prev by Date: Processing of phpwebcounter_1.1-1_source.changes
Next by Date: Bug#1114620: Info received (htdig does not use SNI on https requests)
Previous by thread: Bug#1114620: htdig does not use SNI on https requests
Next by thread: Bug#1114620: Info received (htdig does not use SNI on https requests)
Index(es):
- Date
- Thread