In testing our application linked with libcurl-7.30.0 we encountered some problems with cookies when using IPv6 addresses directly. Upon inspecting the source code in lib/cookie.c, I (believe I) identified two immediate problems:
/`*` Here's a quick check to eliminate normal HTTP-headers from this `*`/ if(!firstptr || strchr(firstptr, ':')) { free(co); return NULL; }
This "of course" not only throws HTTP-headers away, but also leads to ignore IPv6 addresses.
The result is that I'm unable to set cookies that should be send to a specific IPv6 host. Using curl_easy_getinfo(.., CURLINFO_COOKIELIST,...), I obtain something like e.g. "#HttpOnly_2001:0db8:85a3:08d3:1319:8a2e:0370:7344\tFALSE\t
Assuming this gets fixed, there might be another problem waiting in Curl_cookie_getlist, where I don't really know whether or not the host passed in still has the square brackets or not - checking 2001:0db8:85a3:08d3:1319:8a2e:0370:7344 against [2001:0db8:85a3:08d3:1319:8a2e:0370:7344] with Curl_raw_equal wouldn't work, would it.
Thanks a lot for your detailed and thorough report. I believe I've these problems now in commit 85b9dc80232d1d7. Unfortunately I haven't yet added any test cases that verify this so I'll appreciate if you give this a test and see if it works for you now!