Vet a host (authority host, optionally bracketed / with a :port suffix)
against policy for a raw-TCP connect, returning the address to connect to
and the SNI/Host name to present. tls records whether the connection uses
TLS; the http-vs-loopback scheme restriction itself is enforced by the
caller's scheme gate (secureRequestHTTP), not here.
blockInternal: public hosts pass; an explicit literal-loopback host
(localhost, 127.x in any encoding, [::1]) passes as the dev-loopback
allowance; everything else — including a registered name that DNS-resolves to
loopback — is rejected (classifyHost demotes resolved loopback to private).
allowUserConfigured: every classifiable host passes (loopback and private
included); only a fail-closed classification (unresolvable / malformed)
is rejected.
The returned pinnedIp has any :port suffix stripped and bracketing
preserved for IPv6 so the caller pins the connection to the vetted address.
@safe.
Vet a host (authority host, optionally bracketed / with a :port suffix) against policy for a raw-TCP connect, returning the address to connect to and the SNI/Host name to present. tls records whether the connection uses TLS; the http-vs-loopback scheme restriction itself is enforced by the caller's scheme gate (secureRequestHTTP), not here.
blockInternal: public hosts pass; an explicit literal-loopback host (localhost, 127.x in any encoding, [::1]) passes as the dev-loopback allowance; everything else — including a registered name that DNS-resolves to loopback — is rejected (classifyHost demotes resolved loopback to private). allowUserConfigured: every classifiable host passes (loopback and private included); only a fail-closed classification (unresolvable / malformed) is rejected.
The returned pinnedIp has any :port suffix stripped and bracketing preserved for IPv6 so the caller pins the connection to the vetted address. @safe.