The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Other
7.89k
stars
1.63k
forks
source link
[http_client] CN checking against caller-specified Host header doesn't strip a port number #1790
Both calc_cn_host in _cpprestsdk/Release/src/http/client/http_clientasio.cpp and winhttp_client::send_request in _cpprestsdk/Release/src/http/client/http_clientwinhttp.cpp cause the entire Host header value to be compared with the certificate Common Name which causes an SSL handshake error if the caller passes a Host header including a port number, e.g. when non-default.
Related to #832.
Both
calc_cn_hostin _cpprestsdk/Release/src/http/client/http_clientasio.cpp andwinhttp_client::send_requestin _cpprestsdk/Release/src/http/client/http_clientwinhttp.cpp cause the entireHostheader value to be compared with the certificate Common Name which causes an SSL handshake error if the caller passes aHostheader including a port number, e.g. when non-default.https://github.com/microsoft/cpprestsdk/blob/411a109150b270f23c8c97fa4ec9a0a4a98cdecf/Release/src/http/client/http_client_asio.cpp#L103
https://github.com/microsoft/cpprestsdk/blob/411a109150b270f23c8c97fa4ec9a0a4a98cdecf/Release/src/http/client/http_client_winhttp.cpp#L1110