Re: Thoughts on HSTS

On Wed, 2 Sep 2020, Stefan Eissing wrote:

> But the persistence seems not usable. I cannot specify a file to libcurl, as
> process privileges will change during the lifetime of the server and also
> because it will live in several child processes.
>
> Would it be an idea to let the hosting application provide some sort of
> persistence callbacks? Or is there already such a thing?

I've considered providing a way to store the hsts cache as something else than
a file, perhaps with a callback - which would match up fine with a
corresponding API to preload a set of host names (== load the cache from a
custom place).

I do however ponder on leaving that idea for "later", unless someone speaks up
and has a real use case for it already. This, because I suspect most
applications will manage fine to without custom cache persistance and just
preloading a list of host names on startup that it *knows* are HTTPS-only.

-- 
  / daniel.haxx.se | Commercial curl support up to 24x7 is available!
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html