From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 19 Dec 2022 07:36:55 +0000 (+0100)
Subject: http: use the IDN decoded name in HSTS checks
X-Git-Tag: curl-7_87_0~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e71901634e276dd050481c4320f046bebb1bc28;p=thirdparty%2Fcurl.git

http: use the IDN decoded name in HSTS checks

Otherwise it stores the info HSTS into the persistent cache for the IDN
name which will not match when the HSTS status is later checked for
using the decoded name.

Reported-by: Hiroki Kurosawa

Closes #10111
---

diff --git a/lib/http.c b/lib/http.c
index 85528a2218..a784745a8d 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -3646,7 +3646,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn,
 #endif
             )) {
     CURLcode check =
-      Curl_hsts_parse(data->hsts, data->state.up.hostname,
+      Curl_hsts_parse(data->hsts, conn->host.name,
                       headp + strlen("Strict-Transport-Security:"));
     if(check)
       infof(data, "Illegal STS header skipped");