Today is exactly twelve years ago since we created the lib/http2.c source file in the #curl source tree, and doing HTTP would never be the same again.
The paradigm shift going from one transfer per connection to possibly multiple transfers per connection was massive and took many years until most of the bugs were ironed out.
On September 28, I will speak at #EuroBSDCon in Zagreb Croatia.
But more importantly, I will bring #curl stickers.
I noticed the typo in the --retry-max-time docs and decide to do a quick search for staring which lead to three more places where this typo made its way into the docs.GitHub
In the curl release after the next, there is a nice feature coming for event-based applications: notifications.
Some numbers on possible performance/cpu use improvements in the PR, ymmv.
#curl
github.com/curl/curl/pull/1843…
An implementation of the discussion #17817, adding a "notification" feature to the multi handle. Notification types INFO_READ and EASY_DONE implemented Notification types expected to gro...GitHub
Default handshake timeout is hardcoded (10 seconds) and doesn't respect --connect-timeout parameter. In some cases 10 seconds can be not enough or too long to "establish a connection"...GitHub
Hello curl community, I'd like to discuss the possibility of adding openHiTLS as a new cryptographic backend for curl. About openHiTLS openHiTLS is an open-source cryptographic library that provide...GitHub
#curl is dropping support for OpenSSL 1.x soon
daniel.haxx.se/blog/2025/08/28…
curl added support for OpenSSL immediately when it was first released, as they switched away from SSLeay, in the late 1990s. We have since supported it over the decades as both OpenSSL and curl have developed.daniel.haxx.se
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...GitHub
We are thirteen days away from next #curl release.
We have 17 changes and 225 bugfixes logged so far for this.
One low severity CVE will be published in sync with this release.
Thanks for flying curl.
Today we celebrate seven years of #curl shipping official Windows executables, thanks to @vsz's awesome work.
Blog post from back then:
daniel.haxx.se/blog/2018/08/27…
The curl project is happy to introduce official and blessed curl builds for Windows for download on the curl web site. This means we have a set of recommended curl packages that we advice users on Windows to download.daniel.haxx.se
It took me 4 seconds to figure out that the grey elements are not partvof the graph (to indicate trends or something) but the curl logo.
#curl
"Yesterday, Wikipedia received over 45 million requests made with #curl, from 113 distinct curl releases."
Inspired by the BBC Tech report from @tdp_org, I looked at Wikipedia.
Yesterday, Wikipedia received over 45 million requests made with curl, from 113 distinct curl releases.
Of these, 32 million use the default UA (e.g. curl CLI). The other 13 million embed libcurl with a longer UA string containing curl (e.g. GuzzleHttp/PHP, PycURL, UnityPlayer)
At 12 million, most are curl/7.88.1.
Raw data, queries, and scrub/cleaning parameters:
gitlab.wikimedia.org/-/snippet…
#browserstats #curl #wikipedia
Github interprets ../docs/CONTRIBUTE.md correctly when clicked from https://github.com/curl/curl/blob/master/.github/CONTRIBUTING.md, but does not if clicked on the repo landing page on https://git...GitHub
I have an open meeting setup this morning. Open for everyone. If you have any question, comment, thought about #curl or related subjects, or just want to hang out for a while. Join here:
Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers.meet.google.com
Help me create quiz questions about #curl over here:
Questions about curl for a quiz. Contribute to curl/quiz development by creating an account on GitHub.GitHub
Fun with `pthread_cancel()` in curl. How I got that working and what challenges I encountered.
#curl #dns #pthreads
eissing.org/icing/posts/pthrea…
You probably know about threads and most likely header of pthreads, but have you ever used pthread_cancel()? Well, I had not before last week and it was a little bit of a journey.icing's blog
This adds (1) HTTP/3 proxy CONNECT support and (2) MASQUE CONNECT-UDP support for OpenSSL QUIC stack. Usage: curl -k -4 --http1.1 --proxy-insecure --proxytunnel --proxy-http3 --proxy https://GitHub
With PHP 8.5 we get Connection, DNS and SSL Sessions sharing across requests with cURL.
I made a video showing how this works and discuss the performance potential youtube.com/watch?v=wr_Jnrc2ha… - a short @mnapoli cameo included
Try our PHP Profiler: https://tideways.com/profiler/features?utm_source=yt&utm_campaign=yt-curl-shareSubscribe to my newsletter for PHP performance content: ...YouTube
"Pretend that a ping pong ball represents a single #curl installation somewhere in the world..."
(blog post from 2020)
daniel.haxx.se/blog/2020/08/20…
Pretend that a ping pong ball represents a single curl installation somewhere in the world. Here's a picture of one to help you get an image in your head.daniel.haxx.se
### Summary A malicious WebSocket server can send a fragmented message (FIN=0) followed by a flood of continuation frames, causing the client (curl) to continuously allocate memory while waiting...HackerOne
Yesterday we saw 161 different versions of #curl make just over 1 million requests to www.bbc.co.uk & www.bbc.com.
The oldest version is 7.0.0 (1 request).
The newest version is 8.15.0 (18,969 requests).
I'd spotted a load of different cURL versions in something else so was curious how many versions we see.
sftp_download_stat, sftp_upload_init, sftp_quote_stat, sftp_readdir will translate LIBSSH2_ERROR_EAGAIN to CURLE_OK and set *block to TRUE, but outer loop do not check *block, result in busy loopGitHub
Meanwhile, if you abuse the API and don't comply, asan might complain but that's not a #curl security problem.
## Summary A **Use-After-Free (UAF)** vulnerability was discovered in `curl` at **`curl_trc.c:195`**. When processing specially crafted input, the code accesses memory after it has already been...HackerOne
The first release candidate for the pending #curl 8.16.0 release is up and if you have a chance, do try it out and report any and all issues you experience:
If the cookie returned by the server is expired, curl_easy_getinfo(curl, CURLINFO_COOKIELIST, &cookies) will still retrieve one expired cookie(Only the last one). Below is the test code: server...GitHub
