Proper syntax for -header host switch

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Proper syntax for -header host switch

Ben Wilson-2

All,

 

Does anyone know what the proper syntax is for the undocumented -header host switch?  I’m getting some different responses/behaviors when I try these:

 

-header "Host" "ocsp.example.com"

-header 'Host' 'ocsp.example.com'

-header Host ocsp.example.com

 

Thanks,

 

Ben


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Proper syntax for -header host switch

OpenSSL - User mailing list

In 1.1.0 and later, the flag takes a single parameter in name=value.  Yes that’s strange, but it means that in the common case you don’t need to do any quoting:

                -header Host=ocsp.example.com

 

In 1.0.2 it takes two parameters

                -header Host ocsp.example.com

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Proper syntax for -header host switch

Viktor Dukhovni


> On May 24, 2018, at 3:21 PM, Salz, Rich via openssl-users <[hidden email]> wrote:
>
> In 1.1.0 and later, the flag takes a single parameter in name=value.  Yes that’s strange, but it means that in the common case you don’t need to do any quoting:
>                 -header Host=ocsp.example.com

In 1.1.0 and later it is documented:

   https://www.openssl.org/docs/man1.1.0/apps/ocsp.html 

--
--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Proper syntax for -header host switch

OpenSSL - User mailing list
>    In 1.1.0 and later it is documented:
 
And in 1.0.2 it was documented in January, 2017.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Proper syntax for -header host switch

JordanBrown
In reply to this post by Ben Wilson-2
On 5/24/2018 11:44 AM, Ben Wilson wrote:
-header "Host" "ocsp.example.com"
-header 'Host' 'ocsp.example.com'
-header Host ocsp.example.com


I don't know anything about the option, but I do know shell syntax.  Those three variants are identical when presented to the shell.

Quotes are only necessary - and only make a difference - if the string has characters in it that are special to the shell.  Letters and periods are not special to the shell.

In all three cases, the program will see three arguments:

-header
Host
oscp.example.com
-- 
Jordan Brown, Oracle Solaris

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Proper syntax for -header host switch

Michael Wojcik
> From: openssl-users [mailto:[hidden email]] On Behalf Of Jordan Brown
> Sent: Thursday, May 24, 2018 23:08
> Subject: Re: [openssl-users] Proper syntax for -header host switch

> On 5/24/2018 11:44 AM, Ben Wilson wrote:
> > -header "Host" "ocsp.example.com"
> > -header 'Host' 'ocsp.example.com'
> > -header Host ocsp.example.com

> I don't know anything about the option, but I do know shell syntax.  Those three variants are identical when
> presented to the shell.

True for standard Linux/UNIX shells; not necessarily true on other platforms.

The Windows cmd.exe interpreter, for example, does not perform dequoting or argument splitting - those are performed by the application, typically in the C startup code, and the Microsoft C startup code doesn't recognize the single-quote character.

Of course on Windows you have the option of using a UNIX shell such as bash, in which case you'll get the behavior Jordan describes. But it's not universal. For that matter, on Linux or UNIX a user could be running some oddball shell that doesn't support one of those quote characters - it'd be a strange thing to do, but it's possible. Or be running something like bash, but have IFS set to include the "." character.

The basic point is solid - those three variants may well be indistinguishable to the application (almost certainly if running on UNIX or Linux). But it's not 100% guaranteed.

--
Michael Wojcik
Distinguished Engineer, Micro Focus



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Proper syntax for -header host switch

JordanBrown
On 5/25/2018 4:30 AM, Michael Wojcik wrote:
On 5/24/2018 11:44 AM, Ben Wilson wrote:
-header "Host" "ocsp.example.com"
-header 'Host' 'ocsp.example.com'
-header Host ocsp.example.com

      
I don't know anything about the option, but I do know shell syntax.  Those three variants are identical when
presented to the shell.
True for standard Linux/UNIX shells; not necessarily true on other platforms.

Yes.  I tried to stay simple :-)

-- 
Jordan Brown, Oracle Solaris

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users