Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Video presentations Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Does curl validate the ":authority" header of HTTP/2 PUSH_PROMISE frames?

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 18 Feb 2019 00:49:32 +0100 (CET)

On Sun, 17 Feb 2019, Nicolas Grekas wrote:

> In my app, I implemented the trivial logic, but doing the alt names
> validation feels like risky: I'm not sure it's easy to implement properly,
> while libcurl already embeds the logic when opening the connection.
>
> I'd be really great if libcurl could do the validation by default!

Thanks for all the details. I've filed an issue for this bug:
https://github.com/curl/curl/issues/3577

I'll work on a fix. 

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-02-18