IPv6 address malformatted in getca requests

Question

IPv6 address malformatted in getca requests

rberkow opened this issue 2 years ago · 0 comments

When issuing a getca request to an IPv6 address such as the following:
sscep getca -u "http://[::1]/CertSrv/mscep/" -c "example.cert" -d
The HTTP request gets sent without the [ and ]characters present in the host field. Example output of the above, with debug enabled:

sscep: starting sscep, version 0.10.0
sscep: new transaction
sscep: transaction id: SSCEP transactionId
sscep: hostname: ::1
sscep: directory: CertSrv/mscep/
sscep: port: 80
sscep: SCEP_OPERATION_GETCAPS
sscep: scep request:
GET /CertSrv/mscep/?operation=GetCACaps HTTP/1.1
Host: ::1
Connection: close

(I verified the square brackets are not present in the Host field also by taking a packet capture of the resulting HTTP GET request)
The following RFCs specify the IPv6 address in Host field must be surrounded by [ and ]:
https://www.ietf.org/rfc/rfc2732.txt
https://tools.ietf.org/html/rfc7230#section-5.4
https://tools.ietf.org/html/rfc3986#section-3.2.2

My NDES server rejects HTTP requests with host IPv6 address not enclosed by square brackets, returning the error

HTTP Error 400. The request hostname is invalid.

When issuing a GET request to the same address using curl or wget the server returns 200.