summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2020-11-02 23:17:01 +0100
committerDaniel Stenberg <daniel@haxx.se>2020-11-03 16:08:42 +0100
commit7385610d0c74c6a254fea5e4cd6e1d559d848c8c (patch)
tree3b572bcf972062b7cc1315ac23fdb547e7216463 /src
parent9f43b28f783cc8f7464492a0b5b9dd35c1625fde (diff)
downloadcurl-7385610d0c74c6a254fea5e4cd6e1d559d848c8c.tar.gz
hsts: add support for Strict-Transport-Security
- enable in the build (configure) - header parsing - host name lookup - unit tests for the above - CI build - CURL_VERSION_HSTS bit - curl_version_info support - curl -V output - curl-config --features - CURLOPT_HSTS_CTRL - man page for CURLOPT_HSTS_CTRL - curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl) - man page for --hsts - save cache to disk - load cache from disk - CURLOPT_HSTS - man page for CURLOPT_HSTS - added docs/HSTS.md - fixed --version docs - adjusted curl_easy_duphandle Closes #5896
Diffstat (limited to 'src')
-rw-r--r--src/tool_cfgable.c1
-rw-r--r--src/tool_cfgable.h1
-rw-r--r--src/tool_getparam.c7
-rw-r--r--src/tool_help.c4
-rw-r--r--src/tool_operate.c3
-rw-r--r--src/tool_setopt.c5
-rw-r--r--src/tool_setopt.h2
7 files changed, 23 insertions, 0 deletions
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c
index e99602c4f..3c0bbfa64 100644
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@@ -54,6 +54,7 @@ static void free_config_fields(struct OperationConfig *config)
Curl_safefree(config->egd_file);
Curl_safefree(config->useragent);
Curl_safefree(config->altsvc);
+ Curl_safefree(config->hsts);
Curl_safefree(config->cookie);
Curl_safefree(config->cookiejar);
Curl_safefree(config->cookiefile);
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 489f9ca0e..ac4c7fadc 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -58,6 +58,7 @@ struct OperationConfig {
char *cookiejar; /* write to this file */
char *cookiefile; /* read from this file */
char *altsvc; /* alt-svc cache file name */
+ char *hsts; /* HSTS cache file name */
bool cookiesession; /* new session? */
bool encoding; /* Accept-Encoding please */
bool tr_encoding; /* Transfer-Encoding please */
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 910a5a2f9..d2e4eb498 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -219,6 +219,7 @@ static const struct LongShort aliases[]= {
{"A", "user-agent", ARG_STRING},
{"b", "cookie", ARG_STRING},
{"ba", "alt-svc", ARG_STRING},
+ {"bb", "hsts", ARG_STRING},
{"B", "use-ascii", ARG_BOOL},
{"c", "cookie-jar", ARG_STRING},
{"C", "continue-at", ARG_STRING},
@@ -1291,6 +1292,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
else
return PARAM_LIBCURL_DOESNT_SUPPORT;
break;
+ case 'b': /* --hsts */
+ if(curlinfo->features & CURL_VERSION_HSTS)
+ GetStr(&config->hsts, nextarg);
+ else
+ return PARAM_LIBCURL_DOESNT_SUPPORT;
+ break;
default: /* --cookie string coming up: */
if(nextarg[0] == '@') {
nextarg++;
diff --git a/src/tool_help.c b/src/tool_help.c
index 544dbbab0..0833a0d23 100644
--- a/src/tool_help.c
+++ b/src/tool_help.c
@@ -328,6 +328,9 @@ static const struct helptxt helptext[] = {
{" --hostpubmd5 <md5>",
"Acceptable MD5 hash of the host public key",
CURLHELP_SFTP | CURLHELP_SCP},
+ {" --hsts <file name>",
+ "Enable HSTS with this cache file",
+ CURLHELP_HTTP},
{" --http0.9",
"Allow HTTP 0.9 responses",
CURLHELP_HTTP},
@@ -862,6 +865,7 @@ static const struct feat feats[] = {
{"MultiSSL", CURL_VERSION_MULTI_SSL},
{"PSL", CURL_VERSION_PSL},
{"alt-svc", CURL_VERSION_ALTSVC},
+ {"HSTS", CURL_VERSION_HSTS},
};
static void print_category(curlhelp_t category)
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 4ad5052ff..e0fde724b 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2072,6 +2072,9 @@ static CURLcode single_transfer(struct GlobalConfig *global,
if(config->altsvc)
my_setopt_str(curl, CURLOPT_ALTSVC, config->altsvc);
+ if(config->hsts)
+ my_setopt_bitmask(curl, CURLOPT_HSTS_CTRL, CURLHSTS_ENABLE);
+
#ifdef USE_METALINK
if(!metalink && config->use_metalink) {
outs->metalink_parser = metalink_parser_context_new();
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index 0dd7a57a2..2159db6cd 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -62,6 +62,11 @@ const struct NameValue setopt_nv_CURL_SOCKS_PROXY[] = {
NVEND,
};
+const struct NameValueUnsigned setopt_nv_CURLHSTS[] = {
+ NV(CURLHSTS_ENABLE),
+ NVEND,
+};
+
const struct NameValueUnsigned setopt_nv_CURLAUTH[] = {
NV(CURLAUTH_ANY), /* combination */
NV(CURLAUTH_ANYSAFE), /* combination */
diff --git a/src/tool_setopt.h b/src/tool_setopt.h
index 3db88c6bf..f8d3320d3 100644
--- a/src/tool_setopt.h
+++ b/src/tool_setopt.h
@@ -64,8 +64,10 @@ extern const struct NameValueUnsigned setopt_nv_CURLSSLOPT[];
extern const struct NameValue setopt_nv_CURL_NETRC[];
extern const struct NameValue setopt_nv_CURLPROTO[];
extern const struct NameValueUnsigned setopt_nv_CURLAUTH[];
+extern const struct NameValueUnsigned setopt_nv_CURLHSTS[];
/* Map options to NameValue sets */
+#define setopt_nv_CURLOPT_HSTS_CTRL setopt_nv_CURLHSTS
#define setopt_nv_CURLOPT_HTTP_VERSION setopt_nv_CURL_HTTP_VERSION
#define setopt_nv_CURLOPT_HTTPAUTH setopt_nv_CURLAUTH
#define setopt_nv_CURLOPT_SSLVERSION setopt_nv_CURL_SSLVERSION