Remember: when you run #curl shipped by Apple with the --cacert flag it won't behave like #curl does everywhere else. As I wrote about last year. I think they're doing it wrong. They think its fine.
daniel.haxx.se/blog/2024/03/08…
tldr: Apple thinks it is fine. I do not. On December 28 2023, bugreport 12604 was filed in the curl issue tracker. We get a lot issues filed most days so this fact alone was hardly anything out of the ordinary.daniel.haxx.se
#curl release candidate 1 for the pending release is here: curl.se/rc/
We'll appreciate if you take it for a spin and report any problems you find.
There was a question posed on the #curl IRC channel whether there's ever going to be a need to raise addressing or offsets from 64-bit to something larger, such as 128-bit.
I argue there is no need to do this. 64-bit can already address a very large amount of data. For example, many operating systems and filesystems have a limit of 2**64 for file sizes. But it is difficult to wrap your head around this; how much data can such a file really hold?
Some estimates (*) say that there's going to be around 181 ZB (zettabytes) of data in the world by the end of 2025.
This is only 9812 files if each file holds 2**64 bytes.
*) rivery.io/blog/big-data-statis…
Data is growing at a faster rate than ever before. 90% percent of the world’s data was created in the last two years. And every two years, the volume of data across the world doubles in size.Kevin Bartley (Rivery)
Right now, we have less than ten open issues for the #curl project
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...GitHub
#curl roadmap 2025
Things we may see added and done in curl during 2025.YouTube
Currently, CURLWS_CONT does not function as specified by the docs. This is an attempt to modify its behavior to be more inline with documentation. This is my second attempt and attempts to implemen...GitHub
I have found this issue when trying to use the new PKCS#11 provider support in curl. I was getting the following error when trying to use a pkcs11 uri as a key, in curl 8.12.1: * crypto provider no...GitHub
The #curl roadmap 2025 webinar happens later today:
daniel.haxx.se/blog/2025/02/25…
On March 6 2025 at 18:00 UTC, I am doing a curl roadmap webinar, talking through a set of features and things I want to see happen in curl during 2025. Figure out my local time.daniel.haxx.se
Let me give you another peek into the everyday work of the #curl security team. A reported UAF we deem not a security problem:
## Summary: [summary of the vulnerability] There is a use after free in `curl_multi_perform` when DoH resolver timeouts and `CURLOPT_PROXY` is used (see reproducer and stack trace) I found it via...HackerOne
Without this, any usage of sendbuf_hds_len on a retried request is wrong. We noticed by getting debug callbacks with incorrect header len. We did not figure out how to trigger the retries in a test...GitHub
Three years ago today, the --json option shipped in a #curl release for the first time.
daniel.haxx.se/blog/2022/02/02…
The curl "cockpit" is yet again extended with a new command line option: --json. The 245th command line option.daniel.haxx.se
Adds support for specifying upload flags, to allow e.g. uploading mail via IMAP without the Seen flag. e.g. curl imap://example.com:993/MAILBOX -u 'user@example.com' --upload-file /some/fil...GitHub
Hi! 👋 A small quality-of-life improvement, I think. Do tell if I'm missing something here, and there were any reason not to print out the conn->user value that ends-up used for the connectio...GitHub
Ten years ago on this day we went full GitHub model in #curl: pull-request style development. We have since handled over 10,700 PRs in an increasing amount of activity.
daniel.haxx.se/blog/2015/03/03…
Pull requests and issues filed on github are most welcome! The curl project has been around for a long time by now and we've been through several different version control systems.daniel.haxx.se
Today is also two years since "the nuget story" where I struggled to get a ten year old and vulnerable #curl version delisted:
daniel.haxx.se/blog/2023/03/02…
Recently there has been an interesting debate in the Open Source world where people have objected to being called "Suppliers" as in Supply Chain Security when you are but an Open Source developer offering your code to the world for free and at no cos…daniel.haxx.se
This PR fixes the comment issue in lib533. Test 546 also depends on lib533. curl/tests/data/test546 Lines 34 to 36 in 049352d ...GitHub
Adding #curl release candidates
daniel.haxx.se/blog/2025/02/28…
Heading towards curl release number 266 we have decided to spice up our release cycle with release candidates in an attempt to help us catch regressions better earlier.daniel.haxx.se
I know it is often repeated, but #curl is not a one man factory:
everything.curl.dev/project/de…
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
How to do a #curl release has now been viewed 20K times!
Daniel makes the curl 8.12.0 release. Shows how a curl release is done. This is the 264th curl release. Shows the scripts, the procedures and the general pro...YouTube
Join me for a small presentation next week on what we want for #curl in 2025...
daniel.haxx.se/blog/2025/02/25…
On March 6 2025 at 18:00 UTC, I am doing a curl roadmap webinar, talking through a set of features and things I want to see happen in curl during 2025. Figure out my local time.daniel.haxx.se
closes #16468 This PR improves null check to avoid segfault when a certificate doesn't contain a public key. infof_certstack is used for debug/information purposes so this PR doesn't create...GitHub
I think it builds on stable (or beta, at least), so there's no reason to use nightly. Also, use the minimal profile to skip installing the docs. It probably won't make a difference (because...GitHub
If you use a curl built with GnuTLS (debian sid, for example), specifying --ciphers now does nothing.
But some people have need of that option to work. Here you can chime in on how it should be supported:
github.com/curl/curl/discussio…
#curl
Some people migrating from curl+openssl to a curl+gnutls notice that their --ciphers arguments simply are ignored. First, this is documented and not a bug. Fine. But some of these users have a need...GitHub
A second #curl distro meeting 2025
daniel.haxx.se/blog/2025/02/24…
We are doing a rerun of last year's successful curl + distro online meeting. A two-hour discussion, meeting, workshop for curl developers and curl distro maintainers.daniel.haxx.se
Follows-up b22f906, which added a new contributor with a different casing for "github" than the others. Given that there hasn't been a release yet that adds this to the THANKS file, i...GitHub
A year ago the third #curl security audit completed, that time covering our HTTP/3 implementation.
It revealed **no** major discoveries or security problems.
daniel.haxx.se/blog/2024/02/23…
An external security audit focused especially on curl's HTTP/3 components and associated source code was recently concluded by Trail of Bits.daniel.haxx.se
Sunday surprise!
A friend of mine found an old email from me dated January 17 1997
Attached in this mail was the #httpget 0.2 source code. Previously believed to be lost, now the oldest httpget code I have.
165 lines long. 110 lines code, 30 lines comments, 25 blank lines.
This morning, #curl was 174,854 lines of code, not counting blank lines but comments.
1248 times larger over 28 years.
#curl website traffic Feb 2025
Data without logs sure leaves us open for speculations.
daniel.haxx.se/blog/2025/02/22…
Data without logs sure leaves us open for speculations. I took a quick look at what the curl.se website traffic situation looks like right now. Just as curiosity.daniel.haxx.se
How about a #curl distros meeting again in 2025?
curl.se/mail/distros-2025-02/0…
The report from last year:
daniel.haxx.se/blog/2024/03/25…
On March 21 2024 we had a curl distro meeting where people from at least ten different distros and curl project members had a video meeting and talked curl and distro related topics for a while.daniel.haxx.se
