Search
Items tagged with: curl
wolfssl: Allow use of certificate chain by lealem47 · Pull Request #12634 · curl/curl
Fixes ZD#17158. Customer is using a certificate chain. Leaf cert + intermediate cert.GitHub
I'm thrilled to say that we will spend #curl sponsor money on development.
First out: @icing is engaged to work on QUIC using OpenSSL and some internal HTTP refactoring/cleanups. Starting now.
Thank you sponsors! curl.se/sponsors.html
The I in LLM stands for intelligence
On how people now use AI to submit security reports on #curl.
daniel.haxx.se/blog/2024/01/02…
"Buffer Overflow Vulnerability in WebSocket Handling".
A bot? An AI? Just a silly reporter? Another fine waste of #curl maintainer time.
curl disclosed on HackerOne: Buffer Overflow Vulnerability in...
## Summary: Hello security team, Hope you are doing well :) I would like to report a potential security vulnerability in the WebSocket handling code of the curl library. The issue is related to...HackerOne
fix implicit int compile error in ipv6 detection by a-n-n-a-l-e-e · Pull Request #12607 · curl/curl
ipv6 auto detection fails on clang 16 with error: type specifier missing, defaults to 'int'; ISO C99 and later do not support implicit int [-Wimplicit-int] fix the test stub to declare a return typ...GitHub
On this day in 1999, 24 years ago, we started hosting the #curl source code on Sourceforge. Like all the cool kids. CVS baby!
In 2010 we switched to using git, hosted on #GitHub: daniel.haxx.se/blog/2010/03/23…
Documentation: Fix incorrect C string escape in CURLOPT_POSTFIELDS by haydaralaidrus · Pull Request #12588 · curl/curl
The string literal incorrectly formatted. The backslashes in the JSON string not properly escaped, leading to invalid C syntax: const char *json = "{"name": "daniel"}"; Where it should be: const ch...GitHub
Place h3 at the front of ALPN by wangfuyu · Pull Request #12576 · curl/curl
Modify the ALPN of the ngtcp2 adaptation layer and place 'h3' at the front of the ALPN, consistent with the quiche adaptation layer.GitHub
lib: fix the Memory leak: as by zengwei2000 · Pull Request #12570 · curl/curl
lib: fix the Memory leak: as Signed-off-by: zengwei zengwei1@uniontech.comGitHub
A year ago we found #curl use in this Swiss TV-series Tschugger: daniel.haxx.se/blog/2022/12/19…
Any more recent sightings?
tests: Respect $TMPDIR when creating sockets by yedayak · Pull Request #12545 · curl/curl
When running on termux, where $TMPDIR isn't /tmp, running the tests failed, since the server config tried creating sockets in /tmp, without checking the temp dir config. Use the TMPDIR variable tha...GitHub
A funny detail about Open Source projects is that they are called "projects", as if they were somehow limited in time or ever can get done.
The #cURL "project" is a number of loosely coupled individual volunteers working on writing software together with a common mission: to do reliable data transfers with Internet protocols, as Open Source.
Everything #curl, right now:
Section titles: 981
Words: 106436
Lines: 16004
Non-space bytes: 562020
Average word length: 5.28 characters
Words per section: 108
Allow the actual use of maximum method name length by miyagawa · Pull Request #12534 · curl/curl
While reviewing #12311 ("Increase the maximum request method name length from 11 to 23"), I tested a few requests and noticed that, before the change (curl 8.4.0), 11 character request method (whic...GitHub
libssh: Improve the deprecation warning dismissal by 7heo · Pull Request #12520 · curl/curl
Previous code was compiler dependant, and dismissed all deprecation warnings indiscriminately. libssh provides a way to disable the deprecation warnings for libssh only, and naturally this is the p...GitHub
If you want to help us make everything #curl even better, I've created a few issues for things that are missing from the book:
github.com/bagder/everything-c…
Issues · bagder/everything-curl
The book documenting the curl project, the curl tool, libcurl and more. Simply put: everything curl. - Issues · bagder/everything-curlGitHub
You might be interested to know that @bagder also generates a fresh ePUB version of "Everything #curl" every day; it's available at daniel.haxx.se/everything-curl…
(/via mastodon.social/@bagder/111578…)
Starting now, I generate a fresh PDF version of everything #curl every day:github.com/bagder/everything-c…
PDF · bagder/everything-curl · Discussion #323
Starting now, there is a daily updated PDF version of the book provided here: https://daniel.haxx.se/everything-curl/ It has some flaws that I still want to fix, but it is still highly readable and...GitHub
Starting now, I generate a fresh PDF version of everything #curl every day:
github.com/bagder/everything-c…
PDF · bagder/everything-curl · Discussion #323
Starting now, there is a daily updated PDF version of the book provided here: https://daniel.haxx.se/everything-curl/ It has some flaws that I still want to fix, but it is still highly readable and...GitHub
My curl commands were working.
But my equivalent ones using Python requests library were not.
I found this useful tool very useful!
Making it harder to do wrong
#curl is written in C. We try to write better C to reduce the risk of future vulnerabilities.
daniel.haxx.se/blog/2023/12/13…
people are also often obsessed by C vs non-C vulnerabilities, and in #curl the share of mistakes that are related to the programming language keep shrinking (just over 40% now)
This is WAY lower than what is commonly reported as a the general percentage. (60-70% is commonly repeated)
For details on the #curl PSL vulnerability, check out the #hackerone report. And if you use libpsl, double-check that your use is correct: hackerone.com/reports/2212193
Two mentioned projects in this report in particular should check their code.
curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...
## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...HackerOne
curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...
## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...HackerOne
#curl 8.5.0
curl 8.5.0 with Daniel Stenberg
Two changes, two CVEs, 188 bugfixes. curl 8.5.0 is here and Daniel takes you through the news.(The video is a notch worse than usual due to technical difficu...YouTube
github.com/curl/curl-for-win/c…
curl 8.5.0 · curl/curl-for-win@ab5dbb9
Since 8.4.0_10: - building curl with CMake UNITY mode (replacing GNU Make) Since 8.4.0_9: - LibreSSL 3.8.2 (replacing quictls) Since 8.4.0_8: - smaller x64 and x86 binaries ce5113aa3ca8c841a6d...GitHub