From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 8 Apr 2016 11:21:52 +0000 (+0200)
Subject: KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS
X-Git-Tag: curl-7_49_0~164
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca6f0a56ca7b86ae697e156472b9a6cc8a601715;p=thirdparty%2Fcurl.git

KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS

Closes #543
---

diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index ec2a6e4e65..6e99ef7000 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -71,6 +71,9 @@ problems may have been fixed or changed somewhat since this was written!
  10.3 FTPS over SOCKS
  10.4 active FTP over a SOCKS
 
+ 11. Internals
+ 11.1 Curl leaks .onion hostnames in DNS
+
 ==============================================================================
 
 1. HTTP
@@ -393,3 +396,14 @@ problems may have been fixed or changed somewhat since this was written!
 10.4 active FTP over a SOCKS
 
  libcurl doesn't support active FTP over a SOCKS proxy
+
+
+11. Internals
+
+11.1 Curl leaks .onion hostnames in DNS
+
+ Curl sends DNS requests for hostnames with a .onion TLD. This leaks
+ information about what the user is attempting to access, and violates this
+ requirement of RFC7686: https://tools.ietf.org/html/rfc7686
+
+ Issue: https://github.com/curl/curl/issues/543