mirror of
https://github.com/curl/curl.git
synced 2026-06-13 20:15:39 +03:00
2a606c68fa
- GHA/windows: drop redundant double-quotes. - CMake/PickyWarnings: improve/shorten comment. - INTERNALS: fix typo in LibreSSL release date. - drop redundant parentheses from single variables and sole `#if` expressions. - cf-ip-happy: fix missing space from error string. - telnet: fix parentheses in commented PP code. - lib1922: fix typo test output text. - smbserver: unfold lines. - smbserver: use f-string. - smbserver: initialize binary string as b``. - fix typos in comments. Closes #21972
91 lines
1.9 KiB
XML
91 lines
1.9 KiB
XML
<?xml version="1.0" encoding="US-ASCII"?>
|
|
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
HTTP proxy
|
|
HSTS
|
|
curl_easy_duphandle
|
|
</keywords>
|
|
</info>
|
|
|
|
<reply>
|
|
<!-- Response to the original handle's direct HTTP request.
|
|
Strict-Transport-Security header populates the live HSTS cache. -->
|
|
<data nocheck="yes" crlf="headers">
|
|
HTTP/1.1 200 OK
|
|
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake
|
|
Content-Type: text/plain
|
|
Content-Length: 5
|
|
Strict-Transport-Security: max-age=31536000
|
|
|
|
Hello
|
|
</data>
|
|
|
|
<!-- Response to the dup handle's proxy CONNECT attempt.
|
|
The CONNECT to port 443 proves the copied
|
|
HSTS cache upgraded the dup's HTTP URL to HTTPS. -->
|
|
<connect crlf="headers">
|
|
HTTP/1.1 403 Forbidden
|
|
Content-Length: 0
|
|
Connection: close
|
|
|
|
</connect>
|
|
</reply>
|
|
|
|
<client>
|
|
<features>
|
|
HSTS
|
|
https
|
|
Debug
|
|
proxy
|
|
</features>
|
|
<server>
|
|
http
|
|
http-proxy
|
|
</server>
|
|
<setenv>
|
|
CURL_HSTS_HTTP=yes
|
|
</setenv>
|
|
<name>
|
|
curl_easy_duphandle copies HSTS cache, auto upgrading HTTP to HTTPS.
|
|
</name>
|
|
<tool>
|
|
lib%TESTNUMBER
|
|
</tool>
|
|
<command>
|
|
- %HOSTIP %HTTPPORT %PROXYPORT
|
|
</command>
|
|
</client>
|
|
|
|
<verify>
|
|
# First request: original handle GETs from the http server; the response
|
|
# carries Strict-Transport-Security, populating the live HSTS cache that
|
|
# the dup inherits.
|
|
<protocol crlf="headers">
|
|
GET /%TESTNUMBER HTTP/1.1
|
|
Host: hsts.example.com:%HTTPPORT
|
|
Accept: */*
|
|
|
|
</protocol>
|
|
# Second request: dup handle upgraded HTTP to HTTPS by copied HSTS cache,
|
|
# proxy receives CONNECT to port 443 proving the upgrade happened
|
|
<proxy crlf="headers">
|
|
CONNECT hsts.example.com:443 HTTP/1.1
|
|
Host: hsts.example.com:443
|
|
Proxy-Connection: Keep-Alive
|
|
|
|
</proxy>
|
|
<stdout>
|
|
First request: HSTS cache populated
|
|
Dup effective URL: https://hsts.example.com/%TESTNUMBER
|
|
</stdout>
|
|
# CURLE_COULDNT_CONNECT (7) is intentional: The proxy rejects the CONNECT
|
|
# to port 443, collapsing the tunnel. All that is being validated is the
|
|
# CONNECT to port 443 itself.
|
|
<errorcode>
|
|
7
|
|
</errorcode>
|
|
</verify>
|
|
</testcase>
|