HSTS is allowed for IP addresses when it should not #7146
I did this
Note: --insecure is used here to avoid need to set up PKI for the PoC, it doesn't change the outcome however.
Also later the HSTS applies to the IP address, while it should not.
I expected the following
libcurl implementing https://datatracker.ietf.org/doc/html/rfc6797 design, specifically:
curl 7.77.1-DEV (x86_64-pc-linux-gnu) libcurl/7.77.1-DEV OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.9 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.4.57
Linux anonymized 5.10.0-6-amd64 #1 SMP Debian 5.10.28-1 (2021-04-09) x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: