diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-11-02 23:17:01 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-11-03 16:08:42 +0100 |
commit | 7385610d0c74c6a254fea5e4cd6e1d559d848c8c (patch) | |
tree | 3b572bcf972062b7cc1315ac23fdb547e7216463 /lib/url.c | |
parent | 9f43b28f783cc8f7464492a0b5b9dd35c1625fde (diff) | |
download | curl-7385610d0c74c6a254fea5e4cd6e1d559d848c8c.tar.gz |
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle
Closes #5896
Diffstat (limited to 'lib/url.c')
-rw-r--r-- | lib/url.c | 21 |
1 files changed, 15 insertions, 6 deletions
@@ -96,6 +96,7 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "getinfo.h" #include "urlapi-int.h" #include "system_win32.h" +#include "hsts.h" /* And now for the protocols */ #include "ftp.h" @@ -411,6 +412,7 @@ CURLcode Curl_close(struct Curl_easy **datap) Curl_flush_cookies(data, TRUE); Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]); Curl_altsvc_cleanup(&data->asi); + Curl_hsts_cleanup(&data->hsts); #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH) Curl_http_auth_cleanup_digest(data); #endif @@ -1911,6 +1913,19 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, if(uc) return Curl_uc_to_curlcode(uc); + uc = curl_url_get(uh, CURLUPART_HOST, &data->state.up.hostname, 0); + if(uc) { + if(!strcasecompare("file", data->state.up.scheme)) + return CURLE_OUT_OF_MEMORY; + } + +#ifdef USE_HSTS + if(data->hsts && strcasecompare("http", data->state.up.scheme)) { + if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) + infof(data, "Switch from HTTP to HTTPS due to HSTS!\n"); + } +#endif + result = findprotocol(data, conn, data->state.up.scheme); if(result) return result; @@ -1956,12 +1971,6 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, else if(uc != CURLUE_NO_OPTIONS) return Curl_uc_to_curlcode(uc); - uc = curl_url_get(uh, CURLUPART_HOST, &data->state.up.hostname, 0); - if(uc) { - if(!strcasecompare("file", data->state.up.scheme)) - return CURLE_OUT_OF_MEMORY; - } - uc = curl_url_get(uh, CURLUPART_PATH, &data->state.up.path, 0); if(uc) return Curl_uc_to_curlcode(uc); |