I did this

Run curl -v --alt-svc cache "https://caddy.pfad.fr"

caddy.pfad.fr is a test server which replies with an Alt-svc header containing an IPv6 as alt-authority:

alt-svc: h3="[2a01:4f8:c0c:9a6d::42]:443"; ma=2592000

I expected the following

The cache file to be populated.

Instead, the cache file is empty and I see in the logs:

* Excessive alt-svc host name, ignoring.
< alt-svc: h3="[2a01:4f8:c0c:9a6d::42]:443"; ma=2592000

Triggered by this code:

Relevant specifications:

• alt-authority = quoted-string ; containing [ uri-host ] ":" port RFC7838
• uri-host = <host, see [RFC3986], Section 3.2.2> RFC7230
• host = IP-literal / IPv4address / reg-name RFC3986
• IP-literal = "[" ( IPv6address / IPvFuture ) "]" RFC3986 as well

Hence I think that h3="[2a01:4f8:c0c:9a6d::42]:443"; ma=2592000 is a valid alt-svc header value and should be correctly handled by curl.

Background information:

Each of my service listens on 1 dedicated IPv6 address on the same machine. The traffic to the shared IPv4 gets forwarded to the right service thanks to snid (which uses SNI). However this setup can't handle UDP packets, hence I make http3 only available on IPv6.

Possible workaround: publish AAAA-only DNS record and use this domain as alt-svc (so IPv4 clients will waste a bit of their resources).

curl/libcurl version

curl 8.2.1 (x86_64-pc-linux-gnu) libcurl/8.2.1 OpenSSL/3.1.2 zlib/1.3 brotli/1.0.9 zstd/1.5.5 libidn2/2.3.4 libpsl/0.21.2 (+libidn2/2.3.4) libssh2/1.11.0 nghttp2/1.55.1
Release-Date: 2023-07-26
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd

operating system

Arch Linux:
Linux 6.4.11-arch2-1 #1 SMP PREEMPT_DYNAMIC Sat, 19 Aug 2023 15:38:34 +0000 x86_64 GNU/Linux