| /external/curl/tests/data/ |
| D | test446 | 1 <?xml version="1.0" encoding="ISO-8859-1"?>
7 HSTS
8 trailing-dot
21 Content-Length: 6
22 Strict-Transport-Security: max-age=604800
24 -foo-
28 Content-Length: 6
29 Strict-Transport-Security: max-age=6048000
31 -baa-
38 http-proxy
[all …]
|
| D | test1660 | 5 HSTS
15 HSTS
19 # Your HSTS cache. https://curl.se/docs/hsts.html
31 HSTS
34 -
41 'old.example' is not HSTS
42 'readfrom.example' is not HSTS
51 'this.example' is not HSTS
58 'foo.xample.com' is not HSTS
59 'forexample.net' is not HSTS
[all …]
|
| D | test440 | 6 HSTS
7 trailing-dot
17 Server: test-server/fake
18 Content-Length: 6
20 Funny-head: yesyes
22 -foo-
31 HSTS
38 this.hsts.example "99991001 04:47:41"
42 HSTS with trailing-dot host name in URL but none in hsts file
45 -x http://%HOSTIP:%HTTPPORT http://this.hsts.example./%TESTNUMBER --hsts log/input%TESTNUMBER -w '%…
[all …]
|
| D | test493 | 6 HSTS
17 Server: test-server/fake
18 Content-Length: 6
20 Funny-head: yesyes
22 -foo-
31 HSTS
37 .hsts.example "99991001 04:47:41"
41 HSTS and %{url_effective} after upgrade
44 -x http://%HOSTIP:%HTTPPORT http://this.hsts.example/%TESTNUMBER --hsts log/input%TESTNUMBER -w '%{…
49 # we let it CONNECT to the server to confirm HSTS but deny from there
[all …]
|
| D | test441 | 6 HSTS
7 trailing-dot
17 Server: test-server/fake
18 Content-Length: 6
20 Funny-head: yesyes
22 -foo-
31 HSTS
38 this.hsts.example. "99991001 04:47:41"
42 HSTS with no t-dot host name in URL but t-dot in file
45 -x http://%HOSTIP:%HTTPPORT http://this.hsts.example/%TESTNUMBER --hsts log/input%TESTNUMBER -w '%{…
[all …]
|
| D | test1915 | 5 HSTS
10 # Server-side
14 # Client-side
17 HSTS
24 # require debug so that alt-svc can work over plain old HTTP
26 HSTS read/write callbacks
33 http://%HOSTIP:%NOLISTENPORT/not-there/%TESTNUMBER
|
| /external/curl/docs/ |
| D | HSTS.md | 1 # HSTS support
3 HTTP Strict-Transport-Security. Added as experimental in curl
12 libcurl features an in-memory cache for HSTS hosts, so that subsequent
13 HTTP-only requests to a host name present in the cache will get internally
18 - `CURLOPT_HSTS_CTRL` - enable HSTS for this easy handle
19 - `CURLOPT_HSTS` - specify file name where to store the HSTS cache on close
24 - `--hsts [filename]` - enable HSTS, use the file as HSTS cache. If filename
25 is `""` (no length) then no file will be used, only in-memory cache.
27 ## HSTS cache file format
31 For each hsts entry:
[all …]
|
| /external/curl/lib/ |
| D | hsts.c | 21 * SPDX-License-Identifier: curl
25 * The Strict-Transport-Security header is defined in RFC 6797:
34 #include "hsts.h"
76 struct hsts *Curl_hsts_init(void) in Curl_hsts_init()
78 struct hsts *h = calloc(sizeof(struct hsts), 1); in Curl_hsts_init()
80 Curl_llist_init(&h->list, NULL); in Curl_hsts_init()
87 free((char *)e->host); in hsts_free()
91 void Curl_hsts_cleanup(struct hsts **hp) in Curl_hsts_cleanup()
93 struct hsts *h = *hp; in Curl_hsts_cleanup()
97 for(e = h->list.head; e; e = n) { in Curl_hsts_cleanup()
[all …]
|
| D | hsts.h | 23 * SPDX-License-Identifier: curl
43 /* The HSTS cache. Needs to be able to tailmatch host names. */
44 struct hsts { struct
50 struct hsts *Curl_hsts_init(void); argument
51 void Curl_hsts_cleanup(struct hsts **hp);
52 CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
54 struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
56 CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
59 struct hsts *h, const char *file);
61 struct hsts *h);
|
| D | share.c | 21 * SPDX-License-Identifier: curl
32 #include "hsts.h"
44 share->magic = CURL_GOOD_SHARE; in curl_share_init()
45 share->specifier |= (1<<CURL_LOCK_DATA_SHARE); in curl_share_init()
46 Curl_init_dnscache(&share->hostcache, 23); in curl_share_init()
66 if(share->dirty) in curl_share_setopt()
84 if(!share->cookies) { in curl_share_setopt()
85 share->cookies = Curl_cookie_init(NULL, NULL, NULL, TRUE); in curl_share_setopt()
86 if(!share->cookies) in curl_share_setopt()
96 if(!share->hsts) { in curl_share_setopt()
[all …]
|
| /external/curl/docs/cmdline-opts/ |
| D | hsts.d | 2 SPDX-License-Identifier: curl
3 Long: hsts
6 Help: Enable HSTS with this cache file
9 Example: --hsts cache.txt $URL
10 See-also: proto
12 ---
13 This option enables HSTS for the transfer. If the file name points to an
14 existing HSTS cache file, that will be used. After a completed transfer, the
18 exists in the HSTS cache, it upgrades the transfer to use HTTPS. Each HSTS
23 just handle HSTS in memory.
|
| /external/curl/docs/libcurl/opts/ |
| D | CURLOPT_HSTS.3 | 21 .\" * SPDX-License-Identifier: curl
27 CURLOPT_HSTS \- HSTS cache file name
35 Make the \fIfilename\fP point to a file name to load an existing HSTS cache
37 name with this option will also enable HSTS for this handle (the equivalent of
40 If the given file does not exist or contains no HSTS entries at startup, the
41 HSTS cache will simply start empty. Setting the file name to NULL or "" will
42 only enable HSTS without reading from or writing to any file.
47 The HSTS cache is saved to and loaded from a text file with one entry per
52 [host] is the domain name for the entry and the name is dot-prefixed if it is
69 curl_easy_setopt(curl, CURLOPT_HSTS, "/home/user/.hsts-cache");
|
| D | CURLOPT_HSTS_CTRL.3 | 21 .\" * SPDX-License-Identifier: curl
27 CURLOPT_HSTS_CTRL \- control HSTS behavior
38 HSTS (HTTP Strict Transport Security) means that an HTTPS server can instruct
39 the client to not contact it again over clear-text HTTP for a certain period
42 knowledge in an in-memory cache.
45 libcurl how to handle HSTS for the transfers using this handle.
48 Enable the in-memory HSTS cache for this handle.
50 Make the HSTS file (if specified) read-only - makes libcurl not save the cache
53 0. HSTS is disabled by default.
|
| D | CURLOPT_HSTSREADFUNCTION.3 | 21 .\" * SPDX-License-Identifier: curl
27 CURLOPT_HSTSREADFUNCTION \- read callback for HSTS hosts
36 char expire[18]; /* YYYYMMDD HH:MM:SS [null-terminated] */
47 in-memory HSTS cache.
54 bytes). Make it null-terminated. Set \fIincludeSubDomains\fP to TRUE or
64 This option does not enable HSTS, you need to use \fICURLOPT_HSTS_CTRL(3)\fP to
67 NULL - no callback.
73 /* set HSTS read callback */
|
| D | CURLOPT_HSTSWRITEFUNCTION.3 | 21 .\" * SPDX-License-Identifier: curl
27 CURLOPT_HSTSWRITEFUNCTION \- write callback for HSTS hosts
36 char expire[18]; /* YYYYMMDD HH:MM:SS [null-terminated] */
53 application to store the in-memory HSTS cache when libcurl is about to discard
61 terminated. The \fIincludeSubDomains\fP field is non-zero if the entry matches
62 subdomains. The \fIexpire\fP string is a date stamp null-terminated string
69 This option does not enable HSTS, you need to use \fICURLOPT_HSTS_CTRL(3)\fP to
72 NULL - no callback.
78 /* set HSTS read callback */
|
| D | CURLOPT_HSTSWRITEDATA.3 | 21 .\" * SPDX-License-Identifier: curl
27 CURLOPT_HSTSWRITEDATA \- pointer passed to the HSTS write callback
35 Data \fIpointer\fP to pass to the HSTS write function. If you use the
39 This option does not enable HSTS, you need to use \fICURLOPT_HSTS_CTRL(3)\fP to
|
| D | CURLOPT_HSTSREADDATA.3 | 21 .\" * SPDX-License-Identifier: curl
27 CURLOPT_HSTSREADDATA \- pointer passed to the HSTS read callback
35 Data \fIpointer\fP to pass to the HSTS read function. If you use the
39 This option does not enable HSTS, you need to use \fICURLOPT_HSTS_CTRL(3)\fP to
|
| /external/cronet/net/http/ |
| D | transport_security_state_static_unittest_default.json | 2 // Use of this source code is governed by a BSD-style license that can be
5 // This is a HSTS preload list for net_unittests. Use or add entries in this
13 { "name": "hsts-preloaded.test", "policy": "test", "mode": "force-https" },
14 …{ "name": "include-subdomains-hsts-preloaded.test", "policy": "test", "mode": "force-https", "incl…
15 { "name": "example", "policy": "test", "mode": "force-https", "include_subdomains": true },
17 { "name": "no-rejected-pins-pkp.preloaded.test", "policy": "test" },
18 { "name": "with-report-uri-pkp.preloaded.test", "policy": "test" },
20 { "name": "hsts-hpkp-preloaded.test", "policy": "test", "mode": "force-https" },
|
| D | transport_security_state.h | 2 // Use of this source code is governed by a BSD-style license that can be
31 #include "third_party/abseil-cpp/absl/types/optional.h"
55 // This object manages the in-memory store. Register a Delegate with
58 // HTTP strict transport security (HSTS) is defined in
59 // http://tools.ietf.org/html/ietf-websec-strict-transport-sec.
105 // |chain| are not guaranteed to be in the same order - that is, the first
158 const HashedHost& hostname() const { return iterator_->first; } in hostname()
159 const STSState& domain_state() const { return iterator_->second; } in domain_state()
197 // Optional; hashes of static known-bad SubjectPublicKeyInfos which MUST
242 // Content-Type header as specified in
[all …]
|
| D | transport_security_state_static_unittest1.json | 2 // Use of this source code is governed by a BSD-style license that can be
5 // This is a HSTS preloaded list used by the unittests. For more information
12 "name": "hsts.example.com",
14 "mode": "force-https",
|
| D | transport_security_state_static_unittest2.json | 2 // Use of this source code is governed by a BSD-style license that can be
5 // This is a HSTS preloaded list used by the unittests. For more information
12 "name": "hsts.example.com",
14 "mode": "force-https"
21 "mode": "force-https",
|
| D | transport_security_state_static_unittest1_pins.json | 2 // Use of this source code is governed by a BSD-style license that can be
5 // This is a HSTS preloaded list used by the unittests. For more information
28 "name": "hsts.example.com",
|
| /external/cronet/net/tools/transport_security_state_generator/ |
| D | README.md | 20 * [HTTP Strict Transport Security (HSTS)](https://tools.ietf.org/html/rfc6797)
42 `[build-folder]/gen/net/http/transport_security_state_static*.h`.
48 `transport_security_state_generator <json-file> <pins-file> <template-file> <output-file> [--v=1]`
50 * **json-file**: JSON file containing all preload configurations (e.g.
52 * **pins-file**: file containing the public key information for the pinsets
53 referenced from **json-file** (e.g.
55 * **template-file**: contains the global structure of the header file with
58 * **output-file**: file to write the output to
59 * **--v**: verbosity level
67 lives in `net/extras/preload_data/decoder.cc`. The HSTS specific implementation
[all …]
|
| D | input_file_parsers_unittest.cc | 2 // Use of this source code is governed by a BSD-style license that can be
23 " \"name\": \"hsts.example.com\"," in TEST()
25 " \"mode\": \"force-https\", " in TEST()
28 " \"name\": \"hsts-no-subdomains.example.com\"," in TEST()
30 " \"mode\": \"force-https\", " in TEST()
36 " \"name\": \"hpkp-no-subdomains.example.com\"," in TEST()
48 " \"report_uri\": \"https://hpkp-log.example.com\"" in TEST()
56 " \"name\": \"hpkp-no-subdomains.example.com\"," in TEST()
60 " \"name\": \"hpkp-no-hsts.example.com\"," in TEST()
75 EXPECT_EQ("test", pinset->second->name()); in TEST()
[all …]
|
| /external/curl/tests/unit/ |
| D | unit1660.c | 21 * SPDX-License-Identifier: curl
27 #include "hsts.h"
44 return 0; /* nothing to do when HTTP or HSTS are disabled */
51 const char *chost; /* if non-NULL, use to lookup with */
58 { "-", "readfrom.example", NULL, CURLE_OK},
59 { "-", "old.example", NULL, CURLE_OK},
61 { "readfrom.example", NULL, "max-age=\"0\"", CURLE_OK},
63 { "example.com", NULL, "max-age=\"31536000\"\r\n", CURLE_OK },
64 { "example.com", NULL, "max-age=\"21536000\"\r\n", CURLE_OK },
65 { "example.com", NULL, "max-age=\"21536000\"; \r\n", CURLE_OK },
[all …]
|