hsts: add support for Strict-Transport-Security

- enable in the build (configure) - header parsing - host name lookup - unit tests for the above - CI build - CURL_VERSION_HSTS bit - curl_version_info support - curl -V output - curl-config --features - CURLOPT_HSTS_CTRL - man page for CURLOPT_HSTS_CTRL - curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl) - man page for --hsts - save cache to disk - load cache from disk - CURLOPT_HSTS - man page for CURLOPT_HSTS - added docs/HSTS.md - fixed --version docs - adjusted curl_easy_duphandle Closes #5896
author: Daniel Stenberg <daniel@haxx.se> 2020-11-02 23:17:01 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2020-11-03 16:08:42 +0100
commit: 7385610d0c74c6a254fea5e4cd6e1d559d848c8c (patch)
tree: 3b572bcf972062b7cc1315ac23fdb547e7216463 /lib/hsts.h
parent: 9f43b28f783cc8f7464492a0b5b9dd35c1625fde (diff)
download: curl-7385610d0c74c6a254fea5e4cd6e1d559d848c8c.tar.gz
1 files changed, 60 insertions, 0 deletions
diff --git a/lib/hsts.h b/lib/hsts.h
new file mode 100644
index 000000000..60b3c2df7
--- /dev/null
+++ b/lib/hsts.h
@@ -0,0 +1,60 @@
+#ifndef HEADER_CURL_HSTS_H
+#define HEADER_CURL_HSTS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_HSTS)
+#include <curl/curl.h>
+#include "llist.h"
+
+#ifdef DEBUGBUILD
+extern time_t deltatime;
+#endif
+
+struct stsentry {
+  struct Curl_llist_element node;
+  const char *host;
+  bool includeSubDomains;
+  time_t expires; /* the timestamp of this entry's expiry */
+};
+
+/* The HSTS cache. Needs to be able to tailmatch host names. */
+struct hsts {
+  struct Curl_llist list;
+  char *filename;
+  unsigned int flags;
+};
+
+struct hsts *Curl_hsts_init(void);
+void Curl_hsts_cleanup(struct hsts **hp);
+CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
+                         const char *sts);
+struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
+                           bool subdomain);
+CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
+                        const char *file);
+CURLcode Curl_hsts_load(struct hsts *h, const char *file);
+#else
+#define Curl_hsts_cleanup(x)
+#endif /* CURL_DISABLE_HTTP || USE_HSTS */
+#endif /* HEADER_CURL_HSTS_H */
author	Daniel Stenberg <daniel@haxx.se>	2020-11-02 23:17:01 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2020-11-03 16:08:42 +0100
commit	7385610d0c74c6a254fea5e4cd6e1d559d848c8c (patch)
tree	3b572bcf972062b7cc1315ac23fdb547e7216463 /lib/hsts.h
parent	9f43b28f783cc8f7464492a0b5b9dd35c1625fde (diff)
download	curl-7385610d0c74c6a254fea5e4cd6e1d559d848c8c.tar.gz