diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-11-02 23:17:01 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-11-03 16:08:42 +0100 |
commit | 7385610d0c74c6a254fea5e4cd6e1d559d848c8c (patch) | |
tree | 3b572bcf972062b7cc1315ac23fdb547e7216463 /lib/http.c | |
parent | 9f43b28f783cc8f7464492a0b5b9dd35c1625fde (diff) | |
download | curl-7385610d0c74c6a254fea5e4cd6e1d559d848c8c.tar.gz |
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle
Closes #5896
Diffstat (limited to 'lib/http.c')
-rw-r--r-- | lib/http.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/http.c b/lib/http.c index 3a0a32df4..4db1c9589 100644 --- a/lib/http.c +++ b/lib/http.c @@ -77,6 +77,7 @@ #include "connect.h" #include "strdup.h" #include "altsvc.h" +#include "hsts.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -3990,6 +3991,23 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, } } } + +#ifdef USE_HSTS + /* If enabled, the header is incoming and this is over HTTPS */ + else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) && + (conn->handler->flags & PROTOPT_SSL)) { + CURLcode check = + Curl_hsts_parse(data->hsts, data->state.up.hostname, + &headp[ sizeof("Strict-Transport-Security:") -1 ]); + if(check) + infof(data, "Illegal STS header skipped\n"); +#ifdef DEBUGBUILD + else + infof(data, "Parsed STS header fine (%d entries)\n", + data->hsts->list.size); +#endif + } +#endif #ifndef CURL_DISABLE_ALTSVC /* If enabled, the header is incoming and this is over HTTPS */ else if(data->asi && checkprefix("Alt-Svc:", headp) && |