classification
Title: By default, HTTPSConnection should send header "Host: somehost" instead of "Host: somehost:443"
Type: behavior Stage:
Components: Library (Lib) Versions: Python 2.5
process
Status: closed Resolution: accepted
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: gregory.p.smith, orsenthil, steven.k.wong
Priority: normal Keywords: easy, patch

Created on 2008-06-12 20:01 by steven.k.wong, last changed 2008-07-07 05:10 by gregory.p.smith. This issue is now closed.

Files
File name Uploaded Description Edit
httplib.py.patch steven.k.wong, 2008-06-12 20:01 patch file for httplib.py
Messages (5)
msg68079 - (view) Author: Steven K. Wong (steven.k.wong) Date: 2008-06-12 20:01
Communicating over HTTPS at the default port of 443:

import httplib
conn = httplib.HTTPSConnection("my-secure-domain.com")
conn.request("GET", "/")
res = conn.getresponse()

In the current implementation, the Host header sent in the request is:

  Host: my-secure-domain.com:443

The ":443" is unnecessary because the default port of HTTPS is 443. The
attached patch file fixes this so that the Host header sent is simply:

  Host: my-secure-domain.com
msg68118 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2008-06-13 02:13
The HTTPSConnection class derives from HTTPConnection and the methods in
the HTTPConnection assume that 1) It is either over the default HTTP
port or 2) Over a different port (be it different HTTP port(8080?) or
443 for HTTPS etc) and in that case it sends the port along in the
request header. Thats it. So, there is no bug here.

Morever, RFC 2818 states that, for HTTPS default port is 443, but the
implementation are free to choose any other ports over TLS as well.

Invalid bug can be closed.

Thanks.
msg68125 - (view) Author: Steven K. Wong (steven.k.wong) Date: 2008-06-13 05:08
Clarification: I am not saying that sending "Host: somehost:443" for an
HTTPS connection at port 443 is a bug. It is in fact legal. Sending
"Host: somehost" is also legal in this situation, and IMHO is the
preferred behavior, because ":port" is redundant and not required when
the default port of the protocol (HTTPS here) is being used.
msg68130 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2008-06-13 07:03
Yes, you are correct. I misunderstood the issue and the patch. 
Patch seems good to fix that. Sorry for the confusion and thank you.
msg69379 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2008-07-07 05:10
fixed in trunk r64771.

(and indeed the previous behavior was buggy in the extreemly rare event
that someone ran a https server on port 80 the :80 should have been
supplied).
History
Date User Action Args
2008-07-07 05:10:12gregory.p.smithsetstatus: open -> closed
nosy: + gregory.p.smith
messages: + msg69379
assignee: gregory.p.smith
keywords: + easy
resolution: accepted
2008-06-13 07:03:32orsenthilsetmessages: + msg68130
2008-06-13 05:08:34steven.k.wongsetmessages: + msg68125
2008-06-13 02:13:24orsenthilsetnosy: + orsenthil
messages: + msg68118
2008-06-12 20:01:23steven.k.wongcreate