GitXplorerGitXplorer
m

libhsts

public
0 stars
0 forks
0 issues

Commits

List of commits on branch master.
Unverified
9cd45342e2821e596515c6f17dfdde36932805cf

tests/test-hsts.c: Use at.search.yahoo.com for include_subdomains=FALSE

rrockdaboot committed 5 years ago
Unverified
74b1cafbed9bf5448ec58ebfec54961a264fbb8f

Fix typos

rrockdaboot committed 6 years ago
Unverified
d5c04a14ad18da12fefeadc6829c149f3dff187d

Remove old comment from contrib/mingw [skip ci]

rrockdaboot committed 6 years ago
Unverified
7a99d79251b0ad774948d72a0a665fb62501de8a

Use sed without -i (portability to OSX/macOS)

rrockdaboot committed 6 years ago
Unverified
afd42d00d7bc9f8d945806a1218813d30e0b1437

Mention autoconf-archive in README.md [skip ci]

rrockdaboot committed 6 years ago
Unverified
a7fb7d6085b49e2a415b2de43d07a8e2041bf872

Release v0.1.0

rrockdaboot committed 6 years ago

README

The README file for this repository.

Build status Coverage status

libhsts - C library to access the HSTS preload list

The HSTS preload list is a list of domains that support HTTPS. The list is compiled by Google and is utilised by Chrome, Firefox and others.

With this information, a HTTP client may contact a website without trying a plain-text HTTP connection first. It prevents interception with redirects that take place over HTTP. None of the sent data will ever be unencrypted.

A good explananation of HSTS and HSTS preloading has been written by Scott Helme - HSTS Preloading.

The DAFSA code has been taken from Chromium Project.

API Documentation

You find the current API documentation here.

Quick API example

#include <stdio.h>
#include <libhsts.h>

int main(void)
{
	const char *domain = "example.com";
	hsts_t *hsts;

	if (hsts_load_file(SRCDIR "/hsts.dafsa", &hsts) == HSTS_SUCCESS) {
		hsts_entry_t *e;

		if (hsts_search(hsts, domain, 0, &e) == HSTS_SUCCESS)
			printf("%s is in the HSTS preload list\n", domain);
		else
			printf("Failed to find %s in the HSTS preload list\n", domain);
	}
	hsts_free(hsts);

	return 0;
}

Command Line Tool

Libhsts comes with a tool 'hsts' that gives you access to most of the library API via command line.

$ hsts --help

prints the usage.

Convert HSTS into DAFSA

The DAFSA format is a compressed representation of strings. Here we use it to reduce the whole HSTS to about 350k in size.

The current HSTS Preload list can be retrieved, prepared and generated with:

$ wget 'https://raw.github.com/chromium/chromium/master/net/http/transport_security_state_static.json'

$ sed 's/^ *\/\/.*$//g' transport_security_state_static.json >hsts.json

$ src/hsts-make-dafsa --output-format=binary hsts.json hsts.dafsa

Test the result (example)

$ tools/hsts --load-hsts-file hsts.dafsa example.com

License

Libhsts is made available under the terms of the MIT license.
See the LICENSE file that accompanies this distribution for the full text of the license.

src/hsts-make-dafsa and src/lookup_string_in_fixed_set.c are licensed under the term written in src/LICENSE.chromium.

Building from git

You should have python2.7+ installed.

Download project and prepare sources with

	git clone https://gitlab.com/rockdaboot/libhsts
	autoreconf -fi
	./configure
	make
	make check

If you see errors about AX_CHECK_COMPILE_FLAG during ./configure, make sure you have the autoconf-archive installed.

E.g. on Debian via apt-get install autoconf-archive.

Mailing List

Mailing List Archive

Mailing List

To join the mailing list send an email to

libhsts-bugs+subscribe@googlegroups.com

and follow the instructions provided by the answer mail.

Or click join.