Skip to content
This repository was archived by the owner on Jun 1, 2026. It is now read-only.
This repository was archived by the owner on Jun 1, 2026. It is now read-only.

[http_client] CN checking against caller-specified Host header doesn't strip a port number #1790

Open
Open
[http_client] CN checking against caller-specified Host header doesn't strip a port number#1790
@garethsb

Description

@garethsb
garethsb
opened on Feb 23, 2024

Related to #832.

Both calc_cn_host in cpprestsdk/Release/src/http/client/http_client_asio.cpp and winhttp_client::send_request in cpprestsdk/Release/src/http/client/http_client_winhttp.cpp cause the entire Host header value to be compared with the certificate Common Name which causes an SSL handshake error if the caller passes a Host header including a port number, e.g. when non-default.

cpprestsdk/Release/src/http/client/http_client_asio.cpp

Line 103 in 411a109

encResult = &hostHeader->second;

cpprestsdk/Release/src/http/client/http_client_winhttp.cpp

Line 1110 in 411a109

const auto& requestHost = hostHeader->second;

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions