From 4478a10f0d0bfbacde2c00397bb69e9c5b078c00 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 1 Apr 2026 08:51:25 +0200
Subject: [PATCH] hsts: skip expired HSTS entries read from file

Extend test 780 to verify

Closes #21186
---
 lib/hsts.c         | 5 +++++
 tests/data/test780 | 1 +
 2 files changed, 6 insertions(+)

diff --git a/lib/hsts.c b/lib/hsts.c
index 9e4710f1b1..c00481fe60 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -408,6 +408,7 @@ static CURLcode hsts_add(struct hsts *h, const char *line)
     time_t expires = 0;
     const char *hp = curlx_str(&host);
     size_t hlen;
+    time_t now = time(NULL);
 
     /* The date parser works on a null-terminated string. The maximum length
        is upheld by curlx_str_quotedword(). */
@@ -419,6 +420,10 @@ static CURLcode hsts_add(struct hsts *h, const char *line)
     else
       Curl_getdate_capped(dbuf, &expires);
 
+    if(expires <= now)
+      /* this entry already expired */
+      return CURLE_OK;
+
     if(hp[0] == '.') {
       curlx_str_nudge(&host, 1);
       hp = curlx_str(&host);
diff --git a/tests/data/test780 b/tests/data/test780
index b3a7c6f88a..70211041e2 100644
--- a/tests/data/test780
+++ b/tests/data/test780
@@ -48,6 +48,7 @@ CURL_TIME=1728465947
 
 <file name="%LOGDIR/input%TESTNUMBER">
 this.hsts.example "99991001 04:47:41"
+expired.example "20011001 04:47:41"
 </file>
 
 <name>