curl / Mailing Lists / curl-library / Single Mail


Re: Does curl validate the ":authority" header of HTTP/2 PUSH_PROMISE frames?

From: Daniel Stenberg via curl-library <>
Date: Mon, 18 Feb 2019 00:49:32 +0100 (CET)

On Sun, 17 Feb 2019, Nicolas Grekas wrote:

> In my app, I implemented the trivial logic, but doing the alt names
> validation feels like risky: I'm not sure it's easy to implement properly,
> while libcurl already embeds the logic when opening the connection.
> I'd be really great if libcurl could do the validation by default!

Thanks for all the details. I've filed an issue for this bug:

I'll work on a fix.

Received on 2019-02-18