No longer considered experimental.
Closes #6700
option(CURL_DISABLE_ALTSVC "to disable alt-svc support" OFF)
mark_as_advanced(CURL_DISABLE_ALTSVC)
+option(CURL_DISABLE_HSTS "to disable HSTS support" OFF)
+mark_as_advanced(CURL_DISABLE_HSTS)
option(CURL_DISABLE_COOKIES "to disable cookies support" OFF)
mark_as_advanced(CURL_DISABLE_COOKIES)
option(CURL_DISABLE_CRYPTO_AUTH "to disable cryptographic authentication" OFF)
_add_if("SSPI" USE_WINDOWS_SSPI)
_add_if("GSS-API" HAVE_GSSAPI)
_add_if("alt-svc" NOT CURL_DISABLE_ALTSVC)
+_add_if("HSTS" NOT CURL_DISABLE_HSTS)
# TODO SSP1 missing for SPNEGO
_add_if("SPNEGO" NOT CURL_DISABLE_CRYPTO_AUTH AND
(HAVE_GSSAPI OR USE_WINDOWS_SSPI))
curl_rtmp_msg="no (--with-librtmp)"
curl_mtlnk_msg="no (--with-libmetalink)"
curl_psl_msg="no (--with-libpsl)"
- curl_altsvc_msg="enabled";
+ curl_altsvc_msg="enabled (--disable-alt-svc)"
+ curl_hsts_msg="enabled (--disable-hsts)"
ssl_backends=
curl_h1_msg="enabled (internal)"
curl_h2_msg="no (--with-nghttp2, --with-hyper)"
curl_h3_msg="no (--with-ngtcp2, --with-quiche)"
enable_altsvc="yes"
+enable_hsts="yes"
dnl
dnl Save some initial values the user might have provided
AC_SUBST(CURL_DISABLE_RTSP, [1])
dnl toggle off alt-svc too when HTTP is disabled
AC_DEFINE(CURL_DISABLE_ALTSVC, 1, [disable alt-svc])
+ AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable HSTS])
curl_h1_msg="no (--enable-http, --with-hyper)"
curl_altsvc_msg="no";
+ curl_hsts_msg="no (--enable-hsts)";
enable_altsvc="no"
+ enable_hsts="no"
;;
*) AC_MSG_RESULT(yes)
;;
AC_MSG_RESULT(no)
)
-dnl ************************************************************
-dnl switch on/off hsts
-dnl
-curl_hsts_msg="no (--enable-hsts)";
-AC_MSG_CHECKING([whether to support HSTS])
-AC_ARG_ENABLE(hsts,
-AS_HELP_STRING([--enable-hsts],[Enable HSTS support])
-AS_HELP_STRING([--disable-hsts],[Disable HSTS support]),
-[ case "$enableval" in
- no)
+dnl only check for HSTS if there's SSL present
+if test -n "$SSL_ENABLED"; then
+
+ dnl ************************************************************
+ dnl switch on/off hsts
+ dnl
+ AC_MSG_CHECKING([whether to support HSTS])
+ AC_ARG_ENABLE(hsts,
+ AS_HELP_STRING([--enable-hsts],[Enable HSTS support])
+ AS_HELP_STRING([--disable-hsts],[Disable HSTS support]),
+ [ case "$enableval" in
+ no)
AC_MSG_RESULT(no)
+ enable_hsts="no"
;;
- *) AC_MSG_RESULT(yes)
- curl_hsts_msg="enabled";
- enable_hsts="yes"
+ *) AC_MSG_RESULT(yes)
;;
- esac ],
+ esac ],
AC_MSG_RESULT(no)
-)
+ )
+else
+ AC_MSG_NOTICE([disables HSTS due to lack of SSL])
+ enable_hsts="no"
+fi
-if test "$enable_hsts" = "yes"; then
- AC_DEFINE(USE_HSTS, 1, [to enable HSTS])
- experimental="$experimental HSTS"
+if test "x$enable_hsts" != "xyes"; then
+ curl_hsts_msg="no (--enable-hsts)";
+ AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable alt-svc])
fi
dnl *************************************************************
Metalink: ${curl_mtlnk_msg}
PSL: ${curl_psl_msg}
Alt-svc: ${curl_altsvc_msg}
+ HSTS: ${curl_hsts_msg}
HTTP1: ${curl_h1_msg}
HTTP2: ${curl_h2_msg}
HTTP3: ${curl_h3_msg}
Disable the GOPHER protocol.
+## CURL_DISABLE_HSTS
+
+Disable the HTTP Strict Transport Security support.
+
## CURL_DISABLE_HTTP
Disable the HTTP(S) protocols. Note that this then also disable HTTP proxy
- The Hyper HTTP backend
- HTTP/3 support and options
- CURLSSLOPT_NATIVE_CA (No configure option, feature built in when supported)
- - HSTS support and options
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#include "curl_setup.h"
#if !defined(CURL_DISABLE_COOKIES) || !defined(CURL_DISABLE_ALTSVC) || \
- defined(USE_HSTS)
+ !defined(CURL_DISABLE_HSTS)
#include "curl_get_line.h"
#include "curl_memory.h"
(void)Curl_altsvc_load(outcurl->asi, outcurl->set.str[STRING_ALTSVC]);
}
#endif
-#ifdef USE_HSTS
+#ifndef CURL_DISABLE_HSTS
if(data->hsts) {
outcurl->hsts = Curl_hsts_init();
if(!outcurl->hsts)
*/
#include "curl_setup.h"
-#if !defined(CURL_DISABLE_HTTP) && defined(USE_HSTS)
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
#include <curl/curl.h>
#include "urldata.h"
#include "llist.h"
#include "parsedate.h"
#include "rand.h"
#include "rename.h"
+#include "strtoofft.h"
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
char *timestr = getenv("CURL_TIME");
(void)unused;
if(timestr) {
- unsigned long val = strtol(timestr, NULL, 10) + deltatime;
+ curl_off_t val;
+ (void)curlx_strtoofft(timestr, NULL, 10, &val);
+
+ val += (curl_off_t)deltatime;
return (time_t)val;
}
return time(NULL);
e.namelen = strlen(sts->host);
e.includeSubDomains = sts->includeSubDomains;
- result = Curl_gmtime(sts->expires, &stamp);
+ result = Curl_gmtime((time_t)sts->expires, &stamp);
if(result)
return result;
static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
{
struct tm stamp;
- CURLcode result = Curl_gmtime(sts->expires, &stamp);
+ CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
if(result)
return result;
expires = Curl_getdate_capped(e.expire);
else
expires = TIME_T_MAX; /* the end of time */
- result = hsts_create(h, e.name, e.includeSubDomains, expires);
+ result = hsts_create(h, e.name,
+ /* bitfield to bool conversion: */
+ e.includeSubDomains ? TRUE : FALSE,
+ expires);
if(result)
return result;
}
return hsts_pull(data, h);
}
-#endif /* CURL_DISABLE_HTTP || USE_HSTS */
+#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
***************************************************************************/
#include "curl_setup.h"
-#if !defined(CURL_DISABLE_HTTP) && defined(USE_HSTS)
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
#include <curl/curl.h>
#include "llist.h"
struct Curl_llist_element node;
const char *host;
bool includeSubDomains;
- time_t expires; /* the timestamp of this entry's expiry */
+ curl_off_t expires; /* the timestamp of this entry's expiry */
};
/* The HSTS cache. Needs to be able to tailmatch host names. */
#define Curl_hsts_cleanup(x)
#define Curl_hsts_loadcb(x,y)
#define Curl_hsts_save(x,y,z)
-#endif /* CURL_DISABLE_HTTP || USE_HSTS */
+#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
#endif /* HEADER_CURL_HSTS_H */
}
}
-#ifdef USE_HSTS
+#ifndef CURL_DISABLE_HSTS
/* If enabled, the header is incoming and this is over HTTPS */
else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) &&
(conn->handler->flags & PROTOPT_SSL)) {
data->set.trailer_data = va_arg(param, void *);
#endif
break;
-#ifdef USE_HSTS
+#ifndef CURL_DISABLE_HSTS
case CURLOPT_HSTSREADFUNCTION:
data->set.hsts_read = va_arg(param, curl_hstsread_callback);
break;
return CURLE_OUT_OF_MEMORY;
}
-#ifdef USE_HSTS
+#ifndef CURL_DISABLE_HSTS
if(data->hsts && strcasecompare("http", data->state.up.scheme)) {
if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) {
char *url;
curl_conv_callback convtonetwork;
/* function to convert from UTF-8 encoding: */
curl_conv_callback convfromutf8;
-#ifdef USE_HSTS
+#ifndef CURL_DISABLE_HSTS
curl_hstsread_callback hsts_read;
void *hsts_read_userp;
curl_hstswrite_callback hsts_write;
NOTE that the 'cookie' field in the
UserDefined struct defines if the "engine"
is to be used or not. */
-#ifdef USE_HSTS
+#ifndef CURL_DISABLE_HSTS
struct hsts *hsts;
#endif
#ifndef CURL_DISABLE_ALTSVC
#ifndef CURL_DISABLE_ALTSVC
| CURL_VERSION_ALTSVC
#endif
-#if defined(USE_HSTS)
+#ifndef CURL_DISABLE_HSTS
| CURL_VERSION_HSTS
#endif
#if defined(USE_GSASL)
</server>
<features>
HSTS
+proxy
</features>
<file name="log/input%TESTNUMBER">
curl_global_cleanup();
}
-#if defined(CURL_DISABLE_HTTP) || !defined(USE_HSTS)
+#if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_HSTS)
UNITTEST_START
{
return 0; /* nothing to do when HTTP or HSTS are disabled */
projects / thirdparty / curl.git / commitdiff
