blob: 7c617ef1db961bf0dfdc93da355b308e2036c86f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From 08aa76b7b24454a89866aaef661ea90ae3d57900 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 19 Dec 2022 08:36:55 +0100
Subject: [PATCH] http: use the IDN decoded name in HSTS checks
Otherwise it stores the info HSTS into the persistent cache for the IDN
name which will not match when the HSTS status is later checked for
using the decoded name.
Reported-by: Hiroki Kurosawa
Closes #10111
Upstream-Status: Backport [https://github.com/curl/curl/commit/9e71901634e276dd]
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
---
lib/http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/http.c b/lib/http.c
index b0ad28e..8b18e8d 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3654,7 +3654,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) &&
(conn->handler->flags & PROTOPT_SSL)) {
CURLcode check =
- Curl_hsts_parse(data->hsts, data->state.up.hostname,
+ Curl_hsts_parse(data->hsts, conn->host.name,
headp + strlen("Strict-Transport-Security:"));
if(check)
infof(data, "Illegal STS header skipped");
|