33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 9e71901634e276dd050481c4320f046bebb1bc28 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Mon, 19 Dec 2022 08:36:55 +0100
|
|
Subject: [PATCH 1/2] http: use the IDN decoded name in HSTS checks
|
|
|
|
Otherwise it stores the info HSTS into the persistent cache for the IDN
|
|
name which will not match when the HSTS status is later checked for
|
|
using the decoded name.
|
|
|
|
Reported-by: Hiroki Kurosawa
|
|
|
|
Closes #10111
|
|
---
|
|
lib/http.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/http.c b/lib/http.c
|
|
index 85528a221..a784745a8 100644
|
|
--- a/lib/http.c
|
|
+++ b/lib/http.c
|
|
@@ -3646,7 +3646,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
|
|
else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) &&
|
|
(conn->handler->flags & PROTOPT_SSL)) {
|
|
CURLcode check =
|
|
- Curl_hsts_parse(data->hsts, data->state.up.hostname,
|
|
+ Curl_hsts_parse(data->hsts, conn->host.name,
|
|
headp + strlen("Strict-Transport-Security:"));
|
|
if(check)
|
|
infof(data, "Illegal STS header skipped");
|
|
--
|
|
2.33.0
|
|
|