As per our conversation today @bagder - adding the much deserved OpenSSF badge :)GitHub
I found the chosen colors hard to distinguish in the key section and map to the graphs.
#curl does actually get way more PRs than issues?!
The funding of critical open-source projects of our everyday lives has becond increasingly important. The Sovereign Tech Fund has set out to improve the situation with various programs that assist these projects as @polexa explains.
We're thrilled being joined by @bagder who shares his experiences with maintaining the #curl project and the STF.
🎧 focusonlinux.podigee.io/113-so…
If there is one thing that has become increasingly important in recent years, it is the funding of critical open-source projects that have long been part of our everyday lives.FOCUS ON: Linux
It is useful to understand how #curl connects to hosts. Happy Eyeballs style.
everything.curl.dev/usingcurl/…
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
Channel Bindings are used to tie the session context to a specific TLS channel. This is to provide additional proof of valid identity, mitigating authentication relay attacks. Major web servers hav...GitHub
Daniel Stenberg on #curl's Journey: From C64 Demos to Internet Transfers. (I was on Nerding out with Viktor the other day.)
youtu.be/bTb_Rf_qkq8?si=63AvIc…
Welcome to another exciting episode of "Nerding Out with Viktor!" Today, we have a very special guest, Daniel Stenberg, the founder of Curl. For those unfami...YouTube
In #curl 8.10.0, coming on September 11, 2024, we introduce support for -vv, -vvv and -vvvv
daniel.haxx.se/blog/2024/08/12…
(thanks to @icing)
more #curl help
Get documentation for a specific option with curl -h
[option]daniel.haxx.se/blog/2024/08/09…
@markuswerle @jakob @pluralistic This is how I interpret the situation: #GitHub offers open source programs free access to GitHub actions today exactly as it did in the past. This access is limited in CPU performance and parallelism. It always was. All free CI services do this.
The #curl project was bumped to a fancier account to give us more actions powers: more CPU and more parallelism.
That is them doing us a favor and them supporting us, not the other way around.
See discussion here: #14432GitHub
with this knowledge we are pondering what we can to do make things less annoying for #curl on Windows.
What now takes a few milliseconds on my Linux machine, takes several seconds on Windows. Not ideal.
When converting WebSocket flags such as CURLWS_TEXT | CURLWS_CONT to opcodes for sending fragmented frames, we want to exclude CURLWS_CONT from the lookup so AND it out. Alternatively, this tweak c...GitHub
what people have been using for years already will start working in #curl 8.10.0: -vv, -vvv and -vvvv for more verbose logging.
Up until now, adding more vs did not do anything different.
github.com/curl/curl/pull/1397…
PR by the awesome @icing
make mentioning -v on the curl command line increase the verbosity of the trace output related discussion #13810 add trace group names for components: network, protocol, proxy. Usable in --trace-co...GitHub
Problem AWS SigV4 signing requires headers to be lexicographically ordered by name. The current implementation uses strcmp on the full header, leading to incorrect ordering when header names have i...GitHub
To my understanding the functions are nghttp3 callbacks and should therefore return NGHTTP3_ERR_CALLBACK_FAILURE. However, this is not critical as the nghttp3 documentation states for all callbacks...GitHub
Today is exactly five years since we did the first HTTP/3 transfers with #curl
My blog post from back then:
daniel.haxx.se/blog/2019/08/05…
#curl's 265th command line option is called --skip-existing. Lets you completely skip a download if there is a local file present already.
github.com/curl/curl/pull/1399…
With this option, the entire download is skipped if the selected target filename already exists when the operation is about to begin. Also works fine with "globs". code documentation test cases...GitHub
Starting now, #curl shows extended help for a given command line option if you write it after --h. Like "curl -h --location" or "curl -h -O"
Shipping in the pending curl 8.10.0 in mid September.
github.com/curl/curl/pull/1399…
First shot. The extracting of the help texts is still a little crude: because we typically have 270KB of text zlib compressed into a single blob, we have to scan for the text to show. As of now, I ...GitHub
The IP address in the example is taken out of RFC 5737.GitHub
Watch @samueloph and the Debian curl maintainer team, discussing issues and the way forward at DebConf24:
Unpopular opinion: Damn cool kids with their HTTPs 3 and QUICs and whatevers. HTTP/1.1 was good enough for everyone!
They're adding all that fancy stuff into the new #cURL version, and it causes #Transmission to crash. How am I going to seed all these Linux images now?!
github.com/transmission/transm…
github.com/curl/curl/issues/14…
I did this After #14296, curl has started to leak SIGPIPE in some cases. I‘ve noticed this since the test suite I wrote for our in-house curl-wrapper now sometimes exits which SIGPIPE (I‘d say abou...GitHub
Bugfix rate in the #curl project is currently racing to an all-time high.
(yes, presumably this also means we insert more bugs as well as there need to be something to fix...)
The original #hackerone report for #curl's CVE-2024-7264: ASN.1 date parser overread is now published:
## Summary: When a specially-crafted certificate is passed to `Curl_extract_certinfo` to parse, it may read bytes beyond the end of the buffer in which the certificate is held. According to the...HackerOne
I added a section to everything #curl about what we do to mitigate backdoor attempts:
everything.curl.dev/project/se…
Did I forget anything obvious?
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
This is a patch release done just seven days since 8.9.0. It fixes 28 bugs, and in particular a few annoying regressions and one CVE.YouTube
Welcome Joe Birr-Pixton as #curl commit author 1289: github.com/curl/curl/pull/1431…
(I deduped a few authors counted twice, so the count is a few less than previously)
The goal of this PR is to remove the rustls stanza in tests/data/DISABLED that skips some tests. That involves supporting CRLs -- we've had upstream support for a little while, but needs some plumb...GitHub
#curl 8.9.1 is here
28 bugfixes, including a low severity CVE - seven days since the previous release.
daniel.haxx.se/blog/2024/07/31…
See you at 08:00 UTC for the live-stream
I have this slide showing the 101(!) operating systems people have reported #curl to run on.
I now have a customer call scheduled about porting it to a 102nd...
In 2022 I became #curl's 1000th commit author and was congratulated as such until I had to confess to @bagder that I wasn't: I had used two distinct email addresses and was thus only the 999th.
The record (daniel.haxx.se/blog/2022/01/30…) doesn't reflect this, but it is my #sundayConfession
According to @bagder the stubborn way the #OpenSSL project is handling #QUIC implementation is directly responsible for delaying HTTP/3 adoption (1), and I tend to agree. When the project rejected the community QUIC patches and decided to go with their own design, it wasn't difficult to predict problems. This was proven right by the massive feature gaps (2) and performance issues (3) discovered by @icing when trying to marry OpenSSL QUIC to #curl. Even with API fixes released in version 3.3 the implementation is still inferior, and there is no good solution in sight.
1) lwn.net/Articles/983380/
2) github.com/openssl/openssl/dis…
3) github.com/icing/blog/blob/mai…
Contribute to icing/blog development by creating an account on GitHub.GitHub
