hsts: skip expired HSTS entries read from file

Extend test 780 to verify Closes #21186
2026-04-11 12:01:42 +08:00 · 2026-04-01 08:51:25 +02:00 · 2026-04-01 08:51:25 +02:00 · 4478a10f0d
commit 4478a10f0d
parent 8e8bdd3604
2 changed files with 6 additions and 0 deletions
--- a/lib/hsts.c
+++ b/lib/hsts.c
@ -408,6 +408,7 @@ static CURLcode hsts_add(struct hsts *h, const char *line)
    time_t expires = 0;
    const char *hp = curlx_str(&host);
    size_t hlen;
+    time_t now = time(NULL);

    /* The date parser works on a null-terminated string. The maximum length
       is upheld by curlx_str_quotedword(). */
@ -419,6 +420,10 @@ static CURLcode hsts_add(struct hsts *h, const char *line)
    else
      Curl_getdate_capped(dbuf, &expires);

+    if(expires <= now)
+      /* this entry already expired */
+      return CURLE_OK;
+
    if(hp[0] == '.') {
      curlx_str_nudge(&host, 1);
      hp = curlx_str(&host);
--- a/tests/data/test780
+++ b/tests/data/test780
@ -48,6 +48,7 @@ CURL_TIME=1728465947

 <file name="%LOGDIR/input%TESTNUMBER">
 this.hsts.example "99991001 04:47:41"
+expired.example "20011001 04:47:41"
 </file>

 <name>