1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_HSTS 5Section: 3 6Source: libcurl 7Protocol: 8 - HTTP 9See-also: 10 - CURLOPT_ALTSVC (3) 11 - CURLOPT_HSTS_CTRL (3) 12 - CURLOPT_RESOLVE (3) 13Added-in: 7.74.0 14--- 15 16# NAME 17 18CURLOPT_HSTS - HSTS cache filename 19 20# SYNOPSIS 21 22~~~c 23#include <curl/curl.h> 24 25CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTS, char *filename); 26~~~ 27 28# DESCRIPTION 29 30Make the *filename* point to a filename to load an existing HSTS cache 31from, and to store the cache in when the easy handle is closed. Setting a file 32name with this option also enables HSTS for this handle (the equivalent of 33setting *CURLHSTS_ENABLE* with CURLOPT_HSTS_CTRL(3)). 34 35If the given file does not exist or contains no HSTS entries at startup, the 36HSTS cache simply starts empty. Setting the filename to NULL allows HSTS 37without reading from or writing to any file. NULL also makes libcurl clear the 38list of files to read HSTS data from, if any such were previously set. 39 40If this option is set multiple times, libcurl loads cache entries from each 41given file but only stores the last used name for later writing. 42 43# FILE FORMAT 44 45The HSTS cache is saved to and loaded from a text file with one entry per 46physical line. Each line in the file has the following format: 47 48 [host] [stamp] 49 50[host] is the domain name for the entry and the name is dot-prefixed if it is 51an entry valid for all subdomains to the name as well or only for the exact 52name. 53 54[stamp] is the time (in UTC) when the entry expires and it uses the format 55"YYYYMMDD HH:MM:SS". 56 57Lines starting with "#" are treated as comments and are ignored. There is 58currently no length or size limit. 59 60# DEFAULT 61 62NULL, no filename 63 64# SECURITY CONCERNS 65 66libcurl cannot fully protect against attacks where an attacker has write 67access to the same directory where it is directed to save files. This is 68particularly sensitive if you save files using elevated privileges. 69 70# %PROTOCOLS% 71 72# EXAMPLE 73 74~~~c 75int main(void) 76{ 77 CURL *curl = curl_easy_init(); 78 if(curl) { 79 curl_easy_setopt(curl, CURLOPT_HSTS, "/home/user/.hsts-cache"); 80 curl_easy_perform(curl); 81 } 82} 83~~~ 84 85# %AVAILABILITY% 86 87# RETURN VALUE 88 89curl_easy_setopt(3) returns a CURLcode indicating success or error. 90 91CURLE_OK (0) means everything was OK, non-zero means an error occurred, see 92libcurl-errors(3). 93