Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow --resolve <host:*:address> #1264

Closed
jidanni opened this issue Feb 15, 2017 · 7 comments
Closed

Allow --resolve <host:*:address> #1264

jidanni opened this issue Feb 15, 2017 · 7 comments
Labels
feature-request

Comments

@jidanni
Copy link
Contributor

jidanni commented Feb 15, 2017

Man page has

       --resolve <host:port:address>
              Provide a custom address for a  specific  host  and  port  pair.
              Using  this,  you  can make the curl requests(s) use a specified
              address and prevent the otherwise normally resolved  address  to
              be  used.  Consider it a sort of /etc/hosts alternative provided

Real /etc/hosts doesn't require a separate entry for each port number!

              on the command line. The port number should be the  number  used
              for  the  specific  protocol the host will be used for. It means
              you need several entries if you want to provide address for  the
              same host but different ports.

I.e., 65536 entries if one wants to cover all 65536 ports!

So please allow e.g., --resolve <host:*:address> if one wants to cover
all ports.

And --resolve <hostA:*:address1> --resolve <hostA:4444:address2> ...
to allow making all ports go to address1 except certain ones to address2...

If <host:*:address> is ugly, then perhaps use <host::address> or <host:address> or all three.
@gvanem
Copy link
Contributor

gvanem commented Feb 16, 2017

Couldn't this be a security issue? I.e. downgrading a https url to http. Like in:

curl  --resolve secure-site.com:80:<non-secure-site-ip> https://secure-site.com

This seems impossible now.

@jidanni
Copy link
Contributor Author

jidanni commented Feb 16, 2017 via email

@bagder
Copy link
Member

bagder commented Feb 16, 2017

Real /etc/hosts doesn't require a separate entry for each port number!

Which is why it says it is a sort of alternative.

The other main reason is that the internal DNS cache already uses host name + port number in the lookup so doing it independent of port number needs more work. I'm not against the idea, I just think it is a fairly niche use case so I will probably not work on this myself.

I don't think it has a security impact, as it only changes what IP to use for a given name + port provided in the URL. That can already be changed by changing /etc/hosts. For proper HTTPS, there's still certificate verification that needs to be passed.

@mkauf
Copy link
Contributor

mkauf commented Feb 18, 2017

The option --connect-to works with empty strings instead of *, so please consider --resolve <host::address> instead of --resolve <host:*:address>

@bagder bagder closed this as completed in 73ef4ed Feb 20, 2017
@bagder
Copy link
Member

bagder commented Feb 20, 2017

Thank you, this idea is now mentioned in the TODO document!

@Alexander--
Copy link

Alexander-- commented Jul 28, 2017
edited

I am currently trying to get libcurl working with c-ares, and I am interested in implementing this feature to get localhost urls working

@bagder Pre-filled DNS entries should work with c-ares, right?

@Alexander--
Copy link

Alexander-- commented Jul 28, 2017
edited

Disregard that, I just read the source code and this looks a bit… more interesting than expected. I guess, I will have to look into #1386 or something

@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bagder @gvanem @Alexander-- @jidanni @mkauf