From 779f320b96245df03a86576ba4cf56750d0e30f6 Mon Sep 17 00:00:00 2001
From: Ander Juaristi <address@hidden>
Date: Wed, 6 Apr 2016 13:31:41 +0200
Subject: [PATCH 3/3] Strictly comply with RFC 6797

 * src/hsts.c (hsts_store_entry): strictly comply with RFC 6797.

RFC 6797 states in section 8.1 that the UA's cached information should
only be updated if:

    "either or both of the max-age and includeSubDomains header field
    value tokens are conveying information different than that already
    maintained by the UA."
---
 src/hsts.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/hsts.c b/src/hsts.c
index af7ade1..ef6d444 100644
--- a/src/hsts.c
+++ b/src/hsts.c
@@ -426,9 +426,8 @@ hsts_store_entry (hsts_store_t store,
             hsts_remove_entry (store, kh);
           else if (max_age > 0)
             {
-              entry->include_subdomains = include_subdomains;
-
-              if (entry->max_age != max_age)
+              if (entry->max_age != max_age ||
+                  entry->include_subdomains != include_subdomains)
                 {
                   /* RFC 6797 states that 'max_age' is a TTL relative to the reception of the STS header
                      so we have to update the 'created' field too */
@@ -436,6 +435,7 @@ hsts_store_entry (hsts_store_t store,
                   if (t != -1)
                     entry->created = t;
                   entry->max_age = max_age;
+                  entry->include_subdomains = include_subdomains;
                 }
             }
           /* we ignore negative max_ages */
-- 
2.1.4