1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
/* <DESC>
* Preload domains to HSTS
* </DESC>
*/
#include <stdio.h>
#include <string.h>
#include <curl/curl.h>
struct entry {
const char *name;
const char *exp;
};
static const struct entry preload_hosts[] = {
{ "example.com", "20370320 01:02:03" },
{ "curl.se", "20370320 03:02:01" },
{ NULL, NULL } /* end of list marker */
};
struct state {
int index;
};
static void strcopy(char *dest, size_t dsize, const char *src, size_t slen)
{
if(slen < dsize) {
memcpy(dest, src, slen);
dest[slen] = 0;
}
else if(dsize)
dest[0] = 0;
}
/* "read" is from the point of the library, it wants data from us. One domain
entry per invoke. */
static CURLSTScode hstsread(CURL *curl, struct curl_hstsentry *e, void *userp)
{
const char *host;
const char *expire;
struct state *s = (struct state *)userp;
(void)curl;
host = preload_hosts[s->index].name;
expire = preload_hosts[s->index++].exp;
if(host) {
strcopy(e->name, e->namelen, host, strlen(host));
e->includeSubDomains = 0;
strcopy(e->expire, sizeof(e->expire), expire, strlen(expire));
fprintf(stderr, "HSTS preload '%s' until '%s'\n", host, expire);
}
else
return CURLSTS_DONE;
return CURLSTS_OK;
}
static CURLSTScode hstswrite(CURL *curl, struct curl_hstsentry *e,
struct curl_index *i, void *userp)
{
(void)curl;
(void)userp; /* we have no custom input */
printf("[%u/%u] %s %s\n", (unsigned int)i->index, (unsigned int)i->total,
e->name, e->expire);
return CURLSTS_OK;
}
int main(void)
{
CURL *curl;
CURLcode result = curl_global_init(CURL_GLOBAL_ALL);
if(result)
return (int)result;
curl = curl_easy_init();
if(curl) {
struct state st = { 0 };
/* enable HSTS for this handle */
curl_easy_setopt(curl, CURLOPT_HSTS_CTRL, CURLHSTS_ENABLE);
/* function to call at first to populate the cache before the transfer */
curl_easy_setopt(curl, CURLOPT_HSTSREADFUNCTION, hstsread);
curl_easy_setopt(curl, CURLOPT_HSTSREADDATA, &st);
/* function to call after transfer to store the new state of the HSTS
cache */
curl_easy_setopt(curl, CURLOPT_HSTSWRITEFUNCTION, hstswrite);
curl_easy_setopt(curl, CURLOPT_HSTSWRITEDATA, NULL);
/* use the domain with HTTP but due to the preload, it should do the
transfer using HTTPS */
curl_easy_setopt(curl, CURLOPT_URL, "http://curl.se");
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
/* Perform the request, result gets the return code */
result = curl_easy_perform(curl);
/* Check for errors */
if(result != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(result));
/* always cleanup */
curl_easy_cleanup(curl);
}
curl_global_cleanup();
return (int)result;
}
|
