From b09e6a54055b39928dfa4928db0c7684eee76bb8 Mon Sep 17 00:00:00 2001 From: deepend Date: Wed, 4 Feb 2026 10:30:13 -0700 Subject: [PATCH] Updated STS policy handling to require an active connection port when already on TLS, ignoring any advertised port token before storing the profile. --- src/common/sts.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/common/sts.c b/src/common/sts.c index 9d57a905..010904dc 100644 --- a/src/common/sts.c +++ b/src/common/sts.c @@ -593,14 +593,15 @@ sts_handle_capability (struct server *serv, const char *value) { time_t now = time (NULL); time_t expires_at = now + (time_t) duration; - guint16 effective_port = serv->port > 0 ? (guint16) serv->port : port; + guint16 effective_port = 0; sts_profile *profile; - if (effective_port == 0) + if (serv->port <= 0) { return FALSE; } + effective_port = (guint16) serv->port; profile = sts_profile_new (hostname, effective_port, expires_at, duration, has_preload ? preload : FALSE); sts_profile_store (profile);