`ResolveAddress` field to pre-resolve DNS names is not effective with curl older than v7.64
When clients for various RPCs set the ResolveAddress
field in several of our RPCs, then we should pre-resolve DNS names for them. We do this by populating the CURLOPT_RESOLVE
option with an entry *:$port:$resolved_ip
. We have discovered though that this does not seem to work as expected as FIPS tests have started to fail here.
As it turns out using wilcards for the host field is only supported in curl v7.64 and newer. Our FIPS build images use curl v7.61 though, and thus curl's pre-populated cache entry is not used at all. Consequentially, the vulnerability still exists on such systems.