New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow --resolve <host:*:address> #1264

Closed
jidanni opened this Issue Feb 15, 2017 · 7 comments

Comments

Projects
None yet
5 participants
@jidanni

jidanni commented Feb 15, 2017

Man page has

       --resolve <host:port:address>
              Provide a custom address for a  specific  host  and  port  pair.
              Using  this,  you  can make the curl requests(s) use a specified
              address and prevent the otherwise normally resolved  address  to
              be  used.  Consider it a sort of /etc/hosts alternative provided

Real /etc/hosts doesn't require a separate entry for each port number!

              on the command line. The port number should be the  number  used
              for  the  specific  protocol the host will be used for. It means
              you need several entries if you want to provide address for  the
              same host but different ports.

I.e., 65536 entries if one wants to cover all 65536 ports!

So please allow e.g., --resolve <host:*:address> if one wants to cover
all ports.

And --resolve <hostA:*:address1> --resolve <hostA:4444:address2> ...
to allow making all ports go to address1 except certain ones to address2...

If <host:*:address> is ugly, then perhaps use <host::address> or <host:address> or all three.

@gvanem

This comment has been minimized.

Member

gvanem commented Feb 16, 2017

Couldn't this be a security issue? I.e. downgrading a https url to http. Like in:

curl  --resolve secure-site.com:80:<non-secure-site-ip> https://secure-site.com

This seems impossible now.

@jidanni

This comment has been minimized.

jidanni commented Feb 16, 2017

@bagder

This comment has been minimized.

Member

bagder commented Feb 16, 2017

Real /etc/hosts doesn't require a separate entry for each port number!

Which is why it says it is a sort of alternative.

The other main reason is that the internal DNS cache already uses host name + port number in the lookup so doing it independent of port number needs more work. I'm not against the idea, I just think it is a fairly niche use case so I will probably not work on this myself.

I don't think it has a security impact, as it only changes what IP to use for a given name + port provided in the URL. That can already be changed by changing /etc/hosts. For proper HTTPS, there's still certificate verification that needs to be passed.

@mkauf

This comment has been minimized.

Contributor

mkauf commented Feb 18, 2017

The option --connect-to works with empty strings instead of *, so please consider --resolve <host::address> instead of --resolve <host:*:address>

@bagder bagder closed this in 73ef4ed Feb 20, 2017

@bagder

This comment has been minimized.

Member

bagder commented Feb 20, 2017

Thank you, this idea is now mentioned in the TODO document!

@Alexander--

This comment has been minimized.

Alexander-- commented Jul 28, 2017

I am currently trying to get libcurl working with c-ares, and I am interested in implementing this feature to get localhost urls working

@bagder Pre-filled DNS entries should work with c-ares, right?

@Alexander--

This comment has been minimized.

Alexander-- commented Jul 28, 2017

Disregard that, I just read the source code and this looks a bit… more interesting than expected. I guess, I will have to look into #1386 or something

@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.