Search

Items tagged with: curl

You might be interested to know that @bagder also generates a fresh ePUB version of "Everything #curl" every day; it's available at daniel.haxx.se/everything-curl…

(/via mastodon.social/@bagder/111578…)

Everything curl

daniel.haxx.se

daniel:// stenberg://

2023-12-14 12:08:45


Starting now, I generate a fresh PDF version of everything #curl every day:

github.com/bagder/everything-c…



PDF · bagder/everything-curl · Discussion #323

Starting now, there is a daily updated PDF version of the book provided here: https://daniel.haxx.se/everything-curl/ It has some flaws that I still want to fix, but it is still highly readable and...
GitHub

#curl @daniel:// stenberg://

#curl

#python #coding #curl

#curl

#mozilla #curl

#curl

By my calculation I've claimed half of the #curl bounties paid.
#curl

#curl

people are also often obsessed by C vs non-C vulnerabilities, and in #curl the share of mistakes that are related to the programming language keep shrinking (just over 40% now)

This is WAY lower than what is commonly reported as a the general percentage. (60-70% is commonly repeated)

#curl

#curl has now paid 71,400 USD in bug-bounties.

For security.

Accumulated curl bug-bounty payouts since 2018
#curl

Working on a PR to make curl perform a little bit better with parallel HTTP/2 transfers.
#curl
Graph showing HTTP/2 performance for parallel transfers in curl 8.5.0 vs. current development with 36-78% improvements.
#curl

For details on the #curl PSL vulnerability, check out the #hackerone report. And if you use libpsl, double-check that your use is correct: hackerone.com/reports/2212193

Two mentioned projects in this report in particular should check their code.


curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...

## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...
HackerOne
#curl #hackerone

#curl 8.5.0 is out. This release fixes CVE-2023-46218, a #vulnerability that may allow remote sites to bypass the cookie domain Public Suffix List protection and issue supercookies. Advisory: curl.se/docs/CVE-2023-46218.ht… My HackerOne report: hackerone.com/reports/2212193

curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...

## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...
HackerOne
#vulnerability #curl

#curl

#curl 8.5.0 Windows binaries released. With faster CMake builds in "unity" mode, LibreSSL, smaller binaries, OpenSSF-recommended hardening options, and LLVM 17. (Same for Linux and macOS builds) /cc @bagder
github.com/curl/curl-for-win/c…

curl 8.5.0 · curl/curl-for-win@ab5dbb9

Since 8.4.0_10: - building curl with CMake UNITY mode (replacing GNU Make) Since 8.4.0_9: - LibreSSL 3.8.2 (replacing quictls) Since 8.4.0_8: - smaller x64 and x86 binaries ce5113aa3ca8c841a6d...
GitHub
#curl @daniel:// stenberg://

#curl

#curl

#curl

#curl #libcurl

#OpenSSL #quic #curl

next level #curl is the presentation I did at Nordic APIs on October 18, 2023: youtu.be/8b5jkr35CRQ?si=v_T2FU…

Next Level Curl

A talk given by Daniel Stenberg from wolfSSL at the 2023 Platform Summit in Stockholm.Everyone uses curl, the Swiss army knife of Internet transfers. Earlier...
YouTube
#curl

I will give away #curl coasters to everyone I meet who has authored a commit in curl. I'll bring these cuties to #FOSDEM.
#fosdem #curl

Wow... Even though a couple of them are some sort of GNU/Linux variants, that's an impressive score for #curl!
#curl

The updated 100 operating systems #curl has run on. (Dropped two, added two)
#curl

#curl

#curl

We just created a #HOWTO for how to set up dev/test servers using our #TLS #EncryptedClientHello #ECH enabled forks of #OpenSSL #nginx and #curl running on #Debian. It should be very quick to get started using a new domain: guardianproject.info/2023/11/1…

Quick set up guide for Encrypted Client Hello (ECH)

The Encrypted Client Hello (ECH) mechanism draft-spec is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that’s used as the security layer for the web.
jochensp (https://guardianproject.info)
#debian #tls #OpenSSL #howto #curl #ech #nginx #encryptedclienthello

#curl

I got the #curl coaster. I must say it’s ridiculous, but also the coolest coaster I have now 🥲
#curl

#curl

Someone mentioned another OS. #curl has run on these 93 operating systems. Do you know of one not yet mentioned?
93 operating systems
#curl

The #curl #http3 and #quic support egg.

(also from my coming Friday talk)

#http3 #quic #curl

#curl

#curl

The goal is to be curling complete. #curl
curling stones and a curling broom featuring a curl sticker
#curl

#curl

#curl

#curl

#curl