From 78a00b5b880f4b3d7476f1ce57aadb0882427502 Mon Sep 17 00:00:00 2001 From: deepend Date: Wed, 4 Feb 2026 11:57:54 -0700 Subject: [PATCH] Updated STS policy handling to preserve any existing stored port on secure updates rather than overwriting it from the current TLS port, keeping secure-path updates focused on duration/preload. --- src/common/sts.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/common/sts.c b/src/common/sts.c index 6dd4869f..17ea0823 100644 --- a/src/common/sts.c +++ b/src/common/sts.c @@ -607,14 +607,15 @@ sts_handle_capability (struct server *serv, const char *value) time_t now = time (NULL); time_t expires_at = now + (time_t) duration; guint16 effective_port = 0; + sts_profile *existing_profile; sts_profile *profile; - if (serv->port <= 0) + existing_profile = sts_profile_lookup (hostname, now); + if (existing_profile) { - return FALSE; + effective_port = existing_profile->port; } - effective_port = (guint16) serv->port; profile = sts_profile_new (hostname, effective_port, expires_at, duration, has_preload ? preload : FALSE); sts_profile_store (profile);