I just uploaded the second #curl 8.13.0 release candidate to curl.se/rc Enjoy!
Search
Items tagged with: cURL
Did you know that YOU can sponsor this year's #curl up? curl up is the annual curl developers meetup, this year taking place in May in Prague.
You can have your company name associated with the event while at the same time funding critical Internet infrastructure and one of the world's most widely used software components.
Just saying.
on this day, only twenty-five years ago, we shipped #curl 6.5 which introduced the fancy -w option
everything.curl.dev/usingcurl/…
Write out - everything curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
I had forgotten this. Six years ago I researched the Refresh HTTP header field and came to the conclusion that #curl doesn't need to bother.
daniel.haxx.se/blog/2019/03/12…
Looking for the Refresh header
The other day someone filed a bug on curl that we don't support redirects with the Refresh header. This took me down a rabbit hole of Refresh header research and I've returned to share with you what I learned down there.daniel.haxx.se
Two years since the big #curl 25 year celebration I'm looking at project numbers from back then and compare them with current ones.
19,800 more lines of code
23 additional man pages
428 new test cases
83 more CI jobs
229 new authors
30,800 USD more in bug bounties
18 new command line options
14 more operating systems
4557 commits more
We're not slowing down.
I like #curl. I am using curl on the command-line while working on software projects and Hammer curl turing workout.
Raised an issue to discuss how to improve curl's MQTT message output.
github.com/curl/curl/issues/16…
Comments and insight requested to plan a possible PR as I can't see a way to fix it without it being a breaking change to current behaviour.
No way to parse multiple MQTT messages from the output stream · Issue #16633 · curl/curl
I did this I ran curl mqtt://test.mosquitto.org/curl/test --output test.out -N Then in a different terminal curl mqtt://test.mosquitto.org/curl/test -d "helloWorld" curl mqtt://test.mosquitto.org/c...GitHub
Remember: when you run #curl shipped by Apple with the --cacert flag it won't behave like #curl does everywhere else. As I wrote about last year. I think they're doing it wrong. They think its fine.
daniel.haxx.se/blog/2024/03/08…
the Apple curl security incident 12604
tldr: Apple thinks it is fine. I do not. On December 28 2023, bugreport 12604 was filed in the curl issue tracker. We get a lot issues filed most days so this fact alone was hardly anything out of the ordinary.daniel.haxx.se
#curl release candidate 1 for the pending release is here: curl.se/rc/
We'll appreciate if you take it for a spin and report any problems you find.
There was a question posed on the #curl IRC channel whether there's ever going to be a need to raise addressing or offsets from 64-bit to something larger, such as 128-bit.
I argue there is no need to do this. 64-bit can already address a very large amount of data. For example, many operating systems and filesystems have a limit of 2**64 for file sizes. But it is difficult to wrap your head around this; how much data can such a file really hold?
Some estimates (*) say that there's going to be around 181 ZB (zettabytes) of data in the world by the end of 2025.
This is only 9812 files if each file holds 2**64 bytes.
*) rivery.io/blog/big-data-statis…
Big data statistics: How much data is there in the world?
Data is growing at a faster rate than ever before. 90% percent of the world’s data was created in the last two years. And every two years, the volume of data across the world doubles in size.Kevin Bartley (Rivery)
Right now, we have less than ten open issues for the #curl project
Issues · curl/curl
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...GitHub
#curl roadmap 2025
curl roadmap 2025 - with Daniel Stenberg
Things we may see added and done in curl during 2025.YouTube
Welcome Ethan Wilkes as #curl commit author 1354: github.com/curl/curl/pull/1651…
CURLWS_CONT bugfix by roberte777 · Pull Request #16512 · curl/curl
Currently, CURLWS_CONT does not function as specified by the docs. This is an attempt to modify its behavior to be more inline with documentation. This is my second attempt and attempts to implemen...GitHub
Welcome Martxel as #curl commit author 1352: github.com/curl/curl/pull/1659…
Fix pkcs11 uri checking for key files. by martxel · Pull Request #16591 · curl/curl
I have found this issue when trying to use the new PKCS#11 provider support in curl. I was getting the following error when trying to use a pkcs11 uri as a key, in curl 8.12.1: * crypto provider no...GitHub
The #curl roadmap 2025 webinar happens later today:
daniel.haxx.se/blog/2025/02/25…
The curl roadmap webinar 2025
On March 6 2025 at 18:00 UTC, I am doing a curl roadmap webinar, talking through a set of features and things I want to see happen in curl during 2025. Figure out my local time.daniel.haxx.se
Let me give you another peek into the everyday work of the #curl security team. A reported UAF we deem not a security problem:
curl disclosed on HackerOne: Use after free (read) in...
## Summary: [summary of the vulnerability] There is a use after free in `curl_multi_perform` when DoH resolver timeouts and `CURLOPT_PROXY` is used (see reproducer and stack trace) I found it via...HackerOne
Welcome Ondřej Hlavatý as #curl commit author 1351: github.com/curl/curl/pull/1657…
request: clear sendbuf_hds_len when resetting request bufq by Aearsis · Pull Request #16573 · curl/curl
Without this, any usage of sendbuf_hds_len on a retried request is wrong. We noticed by getting debug callbacks with incorrect header len. We did not figure out how to trigger the retries in a test...GitHub
Three years ago today, the --json option shipped in a #curl release for the first time.
daniel.haxx.se/blog/2022/02/02…
curl dash-dash-json
The curl "cockpit" is yet again extended with a new command line option: --json. The 245th command line option.daniel.haxx.se
Welcome tiymat as #curl commit author 1350: github.com/curl/curl/pull/1597…
src: add CURLOPT_UPLOAD_FLAGS by tiymat · Pull Request #15970 · curl/curl
Adds support for specifying upload flags, to allow e.g. uploading mail via IMAP without the Seen flag. e.g. curl imap://example.com:993/MAILBOX -u 'user@example.com' --upload-file /some/fil...GitHub
Welcome Samuel Dionne-Riel as #curl commit author 1349: github.com/curl/curl/pull/1643…
libssh2: Print user with verbose flag by samueldr · Pull Request #16430 · curl/curl
Hi! 👋 A small quality-of-life improvement, I think. Do tell if I'm missing something here, and there were any reason not to print out the conn->user value that ends-up used for the connectio...GitHub
Ten years ago on this day we went full GitHub model in #curl: pull-request style development. We have since handled over 10,700 PRs in an increasing amount of activity.
daniel.haxx.se/blog/2015/03/03…
curl: embracing github more
Pull requests and issues filed on github are most welcome! The curl project has been around for a long time by now and we've been through several different version control systems.daniel.haxx.se
@thomas_klopf sometimes you must really want to get something done and put in the extra effort to make sure it happens. Being captain of the #curl ship takes me to many such places...
Today is also two years since "the nuget story" where I struggled to get a ten year old and vulnerable #curl version delisted:
daniel.haxx.se/blog/2023/03/02…
The curl nuget story
Recently there has been an interesting debate in the Open Source world where people have objected to being called "Suppliers" as in Supply Chain Security when you are but an Open Source developer offering your code to the world for free and at no cos…daniel.haxx.se
Welcome Zhaoming Luo as #curl commit author 1348: github.com/curl/curl/pull/1652…
lib533.c: Comment fixed by ChenW12 · Pull Request #16523 · curl/curl
This PR fixes the comment issue in lib533. Test 546 also depends on lib533. curl/tests/data/test546 Lines 34 to 36 in 049352d ...GitHub
Adding #curl release candidates
daniel.haxx.se/blog/2025/02/28…
Adding curl release candidates
Heading towards curl release number 266 we have decided to spice up our release cycle with release candidates in an attempt to help us catch regressions better earlier.daniel.haxx.se
I know it is often repeated, but #curl is not a one man factory:
everything.curl.dev/project/de…
The development team - everything curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
everything.curl.dev/ is 114,836 words of #curl documentation for you
Everything curl - everything curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
How to do a #curl release has now been viewed 20K times!
How to do a curl release - with Daniel Stenberg
Daniel makes the curl 8.12.0 release. Shows how a curl release is done. This is the 264th curl release. Shows the scripts, the procedures and the general pro...YouTube
Join me for a small presentation next week on what we want for #curl in 2025...
daniel.haxx.se/blog/2025/02/25…
The curl roadmap webinar 2025
On March 6 2025 at 18:00 UTC, I am doing a curl roadmap webinar, talking through a set of features and things I want to see happen in curl during 2025. Figure out my local time.daniel.haxx.se
Welcome Tianyi Song as #curl commit author 1346: github.com/curl/curl/pull/1646…
openssl: check return value of X509_get0_pubkey by tysg · Pull Request #16469 · curl/curl
closes #16468 This PR improves null check to avoid segfault when a certificate doesn't contain a public key. infof_certstack is used for debug/information purposes so this PR doesn't create...GitHub
Welcome Laurențiu Nicola as #curl commit author 1345: github.com/curl/curl/pull/1644…
ci: use stable Rust toolchain for `rustls` and skip installing the docs by lnicola · Pull Request #16447 · curl/curl
I think it builds on stable (or beta, at least), so there's no reason to use nightly. Also, use the minimal profile to skip installing the docs. It probably won't make a difference (because...GitHub
If you use a curl built with GnuTLS (debian sid, for example), specifying --ciphers now does nothing.
But some people have need of that option to work. Here you can chime in on how it should be supported:
github.com/curl/curl/discussio…
#curl
TLS ciphers and GnuTLS priorities · curl curl · Discussion #16364
Some people migrating from curl+openssl to a curl+gnutls notice that their --ciphers arguments simply are ignored. First, this is documented and not a bug. Fine. But some of these users have a need...GitHub
A second #curl distro meeting 2025
daniel.haxx.se/blog/2025/02/24…
A second curl distro meeting 2025
We are doing a rerun of last year's successful curl + distro online meeting. A two-hour discussion, meeting, workshop for curl developers and curl distro maintainers.daniel.haxx.se