cookie: do not refuse cookies for localhost

Closes #658

RELEASE-NOTES

@@ -31,6 +31,7 @@ This release includes the following bugfixes:
  o gtls: fix for builds lacking encrypted key file support [11]
  o SCP: use libssh2_scp_recv2 to support > 2GB files on windows [12]
  o CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option [13]
+ o cookie: do not refuse cookies to localhost [14]
 
 This release includes the following known bugs:
 
@@ -62,3 +63,4 @@ References to bug reports and discussions on issues:
  [11] = https://curl.haxx.se/bug/?i=651
  [12] = https://curl.haxx.se/bug/?i=451
  [13] = https://curl.haxx.se/bug/?i=653
+ [14] = https://curl.haxx.se/bug/?i=658

lib/cookie.c

@@ -797,10 +797,12 @@ Curl_cookie_add(struct SessionHandle *data,
 #ifdef USE_LIBPSL
   /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
      This needs a libpsl compiled with builtin data. */
-  if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
-    if(psl_is_public_suffix(psl, co->domain)) {
-      infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
-            co->name, co->domain);
+  if(domain && co->domain && !isip(co->domain)) {
+    if(((psl = psl_builtin()) != NULL)
+        && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
+      infof(data,
+            "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
+            co->name, domain, co->domain);
       freecookie(co);
       return NULL;
     }

tests/data/test1136

@@ -58,6 +58,7 @@ http://www.example.ck/1136 http://www.ck/1136 http://z-1.compute-1.amazonaws.com
 
 .www.example.ck	TRUE	/	FALSE	0	test2	allowed2
 .www.ck	TRUE	/	FALSE	0	test4	allowed4
+.z-1.compute-1.amazonaws.com	TRUE	/	FALSE	0	test5	forbidden5
 </file>
 </verify>
 </testcase>