Lines Matching +full:- +full:- +full:hsts
21 * SPDX-License-Identifier: curl
25 * The Strict-Transport-Security header is defined in RFC 6797:
34 #include "hsts.h"
76 struct hsts *Curl_hsts_init(void) in Curl_hsts_init()
78 struct hsts *h = calloc(sizeof(struct hsts), 1); in Curl_hsts_init()
80 Curl_llist_init(&h->list, NULL); in Curl_hsts_init()
87 free((char *)e->host); in hsts_free()
91 void Curl_hsts_cleanup(struct hsts **hp) in Curl_hsts_cleanup()
93 struct hsts *h = *hp; in Curl_hsts_cleanup()
97 for(e = h->list.head; e; e = n) { in Curl_hsts_cleanup()
98 struct stsentry *sts = e->ptr; in Curl_hsts_cleanup()
99 n = e->next; in Curl_hsts_cleanup()
102 free(h->filename); in Curl_hsts_cleanup()
113 static CURLcode hsts_create(struct hsts *h, in hsts_create()
131 if(duphost[hlen - 1] == '.') in hsts_create()
133 duphost[--hlen] = 0; in hsts_create()
135 sts->host = duphost; in hsts_create()
136 sts->expires = expires; in hsts_create()
137 sts->includeSubDomains = subdomains; in hsts_create()
138 Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node); in hsts_create()
142 CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname, in Curl_hsts_parse()
161 if(strncasecompare("max-age=", p, 8)) { in Curl_hsts_parse()
180 /* invalid max-age */ in Curl_hsts_parse()
210 /* max-age is mandatory */ in Curl_hsts_parse()
217 Curl_llist_remove(&h->list, &sts->node, NULL); in Curl_hsts_parse()
223 if(CURL_OFF_T_MAX - now < expires) in Curl_hsts_parse()
233 sts->expires = expires; in Curl_hsts_parse()
234 sts->includeSubDomains = subdomains; in Curl_hsts_parse()
243 * Return TRUE if the given host name is currently an HSTS one.
248 struct stsentry *Curl_hsts(struct hsts *h, const char *hostname, in Curl_hsts()
261 if(hostname[hlen-1] == '.') in Curl_hsts()
263 --hlen; in Curl_hsts()
267 for(e = h->list.head; e; e = n) { in Curl_hsts()
268 struct stsentry *sts = e->ptr; in Curl_hsts()
269 n = e->next; in Curl_hsts()
270 if(sts->expires <= now) { in Curl_hsts()
272 Curl_llist_remove(&h->list, &sts->node, NULL); in Curl_hsts()
276 if(subdomain && sts->includeSubDomains) { in Curl_hsts()
277 size_t ntail = strlen(sts->host); in Curl_hsts()
279 size_t offs = hlen - ntail; in Curl_hsts()
280 if((hostname[offs-1] == '.') && in Curl_hsts()
281 strncasecompare(&hostname[offs], sts->host, ntail)) in Curl_hsts()
285 if(strcasecompare(hostname, sts->host)) in Curl_hsts()
293 * Send this HSTS entry to the write callback.
305 e.name = (char *)sts->host; in hsts_push()
306 e.namelen = strlen(sts->host); in hsts_push()
307 e.includeSubDomains = sts->includeSubDomains; in hsts_push()
309 if(sts->expires != TIME_T_MAX) { in hsts_push()
310 result = Curl_gmtime((time_t)sts->expires, &stamp); in hsts_push()
321 sc = data->set.hsts_write(data, &e, i, in hsts_push()
322 data->set.hsts_write_userp); in hsts_push()
328 * Write this single hsts entry to a single output line
333 if(sts->expires != TIME_T_MAX) { in hsts_out()
334 CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp); in hsts_out()
338 sts->includeSubDomains ? ".": "", sts->host, in hsts_out()
344 sts->includeSubDomains ? ".": "", sts->host, UNLIMITED); in hsts_out()
350 * Curl_https_save() writes the HSTS cache to file and callback.
352 CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h, in Curl_hsts_save()
366 if(!file && h->filename) in Curl_hsts_save()
367 file = h->filename; in Curl_hsts_save()
369 if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0]) in Curl_hsts_save()
370 /* marked as read-only, no file or zero length file name */ in Curl_hsts_save()
375 fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n" in Curl_hsts_save()
378 for(e = h->list.head; e; e = n) { in Curl_hsts_save()
379 struct stsentry *sts = e->ptr; in Curl_hsts_save()
380 n = e->next; in Curl_hsts_save()
394 if(data->set.hsts_write) { in Curl_hsts_save()
397 i.total = h->list.size; in Curl_hsts_save()
399 for(e = h->list.head; e; e = n) { in Curl_hsts_save()
400 struct stsentry *sts = e->ptr; in Curl_hsts_save()
402 n = e->next; in Curl_hsts_save()
413 static CURLcode hsts_add(struct hsts *h, char *line) in hsts_add()
443 if(expires > e->expires) in hsts_add()
444 e->expires = expires; in hsts_add()
454 * Load HSTS data from callback.
457 static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h) in hsts_pull()
459 /* if the HSTS read callback is set, use it */ in hsts_pull()
460 if(data->set.hsts_read) { in hsts_pull()
467 e.namelen = sizeof(buffer)-1; in hsts_pull()
471 sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp); in hsts_pull()
497 * Load the HSTS cache from the given file. The text based line-oriented file
498 * format is documented here: https://curl.se/docs/hsts.html
500 * This function only returns error on major problems that prevent hsts
504 static CURLcode hsts_load(struct hsts *h, const char *file) in hsts_load()
510 /* we need a private copy of the file name so that the hsts cache file in hsts_load()
512 free(h->filename); in hsts_load()
513 h->filename = strdup(file); in hsts_load()
514 if(!h->filename) in hsts_load()
538 Curl_safefree(h->filename); in hsts_load()
544 * Curl_hsts_loadfile() loads HSTS from file
547 struct hsts *h, const char *file) in Curl_hsts_loadfile()
555 * Curl_hsts_loadcb() loads HSTS from callback
557 CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h) in Curl_hsts_loadcb()
566 struct curl_slist *l = data->set.hstslist; in Curl_hsts_loadfiles()
571 (void)Curl_hsts_loadfile(data, data->hsts, l->data); in Curl_hsts_loadfiles()
572 l = l->next; in Curl_hsts_loadfiles()