diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-11-02 23:17:01 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-11-03 16:08:42 +0100 |
| commit | 7385610d0c74c6a254fea5e4cd6e1d559d848c8c (patch) | |
| tree | 3b572bcf972062b7cc1315ac23fdb547e7216463 /src | |
| parent | 9f43b28f783cc8f7464492a0b5b9dd35c1625fde (diff) | |
| download | curl-7385610d0c74c6a254fea5e4cd6e1d559d848c8c.tar.gz | |
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle
Closes #5896
Diffstat (limited to 'src')
| -rw-r--r-- | src/tool_cfgable.c | 1 | ||||
| -rw-r--r-- | src/tool_cfgable.h | 1 | ||||
| -rw-r--r-- | src/tool_getparam.c | 7 | ||||
| -rw-r--r-- | src/tool_help.c | 4 | ||||
| -rw-r--r-- | src/tool_operate.c | 3 | ||||
| -rw-r--r-- | src/tool_setopt.c | 5 | ||||
| -rw-r--r-- | src/tool_setopt.h | 2 |
7 files changed, 23 insertions, 0 deletions
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c index e99602c4f..3c0bbfa64 100644 --- a/src/tool_cfgable.c +++ b/src/tool_cfgable.c @@ -54,6 +54,7 @@ static void free_config_fields(struct OperationConfig *config) Curl_safefree(config->egd_file); Curl_safefree(config->useragent); Curl_safefree(config->altsvc); + Curl_safefree(config->hsts); Curl_safefree(config->cookie); Curl_safefree(config->cookiejar); Curl_safefree(config->cookiefile); diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 489f9ca0e..ac4c7fadc 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -58,6 +58,7 @@ struct OperationConfig { char *cookiejar; /* write to this file */ char *cookiefile; /* read from this file */ char *altsvc; /* alt-svc cache file name */ + char *hsts; /* HSTS cache file name */ bool cookiesession; /* new session? */ bool encoding; /* Accept-Encoding please */ bool tr_encoding; /* Transfer-Encoding please */ diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 910a5a2f9..d2e4eb498 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -219,6 +219,7 @@ static const struct LongShort aliases[]= { {"A", "user-agent", ARG_STRING}, {"b", "cookie", ARG_STRING}, {"ba", "alt-svc", ARG_STRING}, + {"bb", "hsts", ARG_STRING}, {"B", "use-ascii", ARG_BOOL}, {"c", "cookie-jar", ARG_STRING}, {"C", "continue-at", ARG_STRING}, @@ -1291,6 +1292,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ else return PARAM_LIBCURL_DOESNT_SUPPORT; break; + case 'b': /* --hsts */ + if(curlinfo->features & CURL_VERSION_HSTS) + GetStr(&config->hsts, nextarg); + else + return PARAM_LIBCURL_DOESNT_SUPPORT; + break; default: /* --cookie string coming up: */ if(nextarg[0] == '@') { nextarg++; diff --git a/src/tool_help.c b/src/tool_help.c index 544dbbab0..0833a0d23 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -328,6 +328,9 @@ static const struct helptxt helptext[] = { {" --hostpubmd5 <md5>", "Acceptable MD5 hash of the host public key", CURLHELP_SFTP | CURLHELP_SCP}, + {" --hsts <file name>", + "Enable HSTS with this cache file", + CURLHELP_HTTP}, {" --http0.9", "Allow HTTP 0.9 responses", CURLHELP_HTTP}, @@ -862,6 +865,7 @@ static const struct feat feats[] = { {"MultiSSL", CURL_VERSION_MULTI_SSL}, {"PSL", CURL_VERSION_PSL}, {"alt-svc", CURL_VERSION_ALTSVC}, + {"HSTS", CURL_VERSION_HSTS}, }; static void print_category(curlhelp_t category) diff --git a/src/tool_operate.c b/src/tool_operate.c index 4ad5052ff..e0fde724b 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -2072,6 +2072,9 @@ static CURLcode single_transfer(struct GlobalConfig *global, if(config->altsvc) my_setopt_str(curl, CURLOPT_ALTSVC, config->altsvc); + if(config->hsts) + my_setopt_bitmask(curl, CURLOPT_HSTS_CTRL, CURLHSTS_ENABLE); + #ifdef USE_METALINK if(!metalink && config->use_metalink) { outs->metalink_parser = metalink_parser_context_new(); diff --git a/src/tool_setopt.c b/src/tool_setopt.c index 0dd7a57a2..2159db6cd 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -62,6 +62,11 @@ const struct NameValue setopt_nv_CURL_SOCKS_PROXY[] = { NVEND, }; +const struct NameValueUnsigned setopt_nv_CURLHSTS[] = { + NV(CURLHSTS_ENABLE), + NVEND, +}; + const struct NameValueUnsigned setopt_nv_CURLAUTH[] = { NV(CURLAUTH_ANY), /* combination */ NV(CURLAUTH_ANYSAFE), /* combination */ diff --git a/src/tool_setopt.h b/src/tool_setopt.h index 3db88c6bf..f8d3320d3 100644 --- a/src/tool_setopt.h +++ b/src/tool_setopt.h @@ -64,8 +64,10 @@ extern const struct NameValueUnsigned setopt_nv_CURLSSLOPT[]; extern const struct NameValue setopt_nv_CURL_NETRC[]; extern const struct NameValue setopt_nv_CURLPROTO[]; extern const struct NameValueUnsigned setopt_nv_CURLAUTH[]; +extern const struct NameValueUnsigned setopt_nv_CURLHSTS[]; /* Map options to NameValue sets */ +#define setopt_nv_CURLOPT_HSTS_CTRL setopt_nv_CURLHSTS #define setopt_nv_CURLOPT_HTTP_VERSION setopt_nv_CURL_HTTP_VERSION #define setopt_nv_CURLOPT_HTTPAUTH setopt_nv_CURLAUTH #define setopt_nv_CURLOPT_SSLVERSION setopt_nv_CURL_SSLVERSION |