Skip to content

numerical host name not normalized #6863

Closed
@bagder

Description

@bagder

I did this

curl https://16843009 -v

16843009 is (1*256*256*256)+(1*256*256)+(1*256)+1, also known as 1.1.1.1

If you paste the URL https://16843009 into your favorite browser you will see that they handle it. The WHATWG URL Spec says this is an okay way to specify a host name in a URL. (RFC 3896 does not.) curl accepts the host name and sort of half-works with it.

If curl is built without c-ares it says this (or similar)

curl: (60) SSL: no alternative certificate subject name matches target host name '16843009'

if curl is built with c-ares it instead says this:

curl: (6) Could not resolve host: 16843009

(because c-ares doesn't do the funny conversion of the number into separate octets)

Presumably this will also do it wrong for plain HTTP or other protocols that want the host name passed on since curl will use '16843009' as host name everywhere while it probably should use "1.1.1.1" ...

I expected the following

That it would get the contents of that HTTPS server written to stdout.

curl/libcurl version

All versions

operating system

All OSes

Credit

Someone reported during a recent live-stream of mine. I'm sorry I didn't properly write down your name to give you proper credit for this.

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions