Say hello to #curl's brand new command line option number 273: --knownhosts.

curl.se/docs/manpage.html#--kn…

Watched it and yes, DOT delivered another good introduction to a useful DX tool. I know it will make me use #cURL exponentially more.

It also made me install #xh as a complement. Both because I like how colors make it easier to analyse, and for it providing a less complex command for basic stuff.

But also for its "--curl" option ;)

A small post about the upcoming support for native Apple SecTrust in curl 8.17.0.
#curl #apple

eissing.org/icing/posts/curl-a…

Also this Friday, look at this lovely #curl PR by @icing that we just merged:

github.com/curl/curl/pull/1870…

ssl: support Apple SecTrust configurations by icing · Pull Request #18703 · curl/curl

configure/cmake support for enabling the option supported in OpenSSL and GnuTLS backends when configured, Apple SecTrust is the default trust store for peer verification. When one of the CURLOPT_* ...

^GitHub

"Daniel Stenberg, Swedish Internet protocol expert and founder and lead developer of the #Curl project, speaks with SE Radio host Gavin Henry about removing Rust from Curl. They discuss why #Hyper was removed from curl, why the last five percent of making it a success was difficult"

se-radio.net/2025/10/se-radio-…

On this day nine years ago I started my collection: "screenshotted #curl credits"

daniel.haxx.se/blog/2016/10/03…

screenshotted curl credits

If you have more or better screenshots, please share! This shot is taken from the ending sequence of the PC version of the game Grand Theft Auto V. 44 minutes in! See the youtube version. Sky HD is a satellite TV box. This is a Philips TV.

^{daniel.haxx.se}

We're dropping support for OpenSSL-QUIC in #curl soon: github.com/curl/curl/pull/1882…

We're removing support for OpenSSL 1.1.1 from curl even sooner: github.com/curl/curl/pull/1882…

DEPRECATE.md: We remove the OpenSSL-QUIC backend in March 2026 by bagder · Pull Request #18820 · curl/curl

URL: https://curl.se/mail/lib-2025-10/0000.html

^GitHub

On this day in 2002, we shipped curl 7.10. The first #curl version that did certificate checks by default when speaking TLS unless specifically asked not to.

curl.se/ch/7.10.html

How I maintain release notes for #curl

daniel.haxx.se/blog/2025/10/01…

How I maintain release notes for curl

I believe a good product needs clear and thorough documentation. I think shipping a quality product requires you to provide detailed and informative release notes. I try to live up to this in the curl project, and this is how we do it. https://www.

^{daniel.haxx.se}

At exactly three weeks since the previous #curl release we have merged no less than 148 bugfixes already...

See curl.se/dev/release-notes.html

can #curl send a request that's stored in a a text file?

GET /yadayada HTTP/1.1
Host: blahblah.com

Daniel Stenberg - @bagder - is ready!
AI slop attacks on the curl project

We're all excited!

#EuroBSDCon #ebc25 #ebc2025 #curl

I started thinking about when we should adapt #curl's progress meters to deal with > 63 bit download sizes (8192 Petabytes).

I'm thinking it might not be terribly far away when people can start downloading that. In particular when doing N super huge transfers in parallel.

Got me thinking about 128 bit math...

Twenty-four years ago on this day, Mac OS X 10.1 was released which bundled #curl with their OS for the first time.

curl 7.7.2

"A conversation with Daniel Stenberg, creator and maintainer of #curl, one of the most widely used networking tools on the internet. We talk about Daniel’s journey through decades of protocol work, the story of curl, what keeps him going, and how he balances open source with real life."

netstack.fm/#episode-6

Netstack.FM — A Podcast About Networking and Rust

Interviews, monologues, and deep dives into Rust and modern networking systems.

^netstack.fm

@bagder Interesting. Was AI slop difficult to spot back in 2023?

hackerone.com/reports/2298307

#Curl #HackerOne #slop

curl disclosed on HackerOne: Buffer Overflow Vulnerability in...

## Summary: Hello security team, Hope you are doing well :) I would like to report a potential security vulnerability in the WebSocket handling code of the curl library. The issue is related to...

^HackerOne

Reminding the businesses that CRA compliance is not a problem with #curl

daniel.haxx.se/blog/2025/09/22…

CRA compliant curl

As the Cyber Resilience Act (CRA) is getting closer and companies wanting to sell digital services in goods within the EU need to step up, tighten their procedures, improve their documentation and get control over their dependencies I feel it could b…

^{daniel.haxx.se}

Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings.

I have already landed 22(!) bugfixes thanks to this, and I have over twice that amount of issues left to go through. Wade through perhaps.

Credited "Reported in Joshua's sarif data" if you want to look for yourself

If no one sponsors #curl keeping OpenSSL 1.1.1 support around, we will drop it earlier than previously planned.

Leaches be leaches.

Giant company begs tiny Open Source project to graciously spend more of our copious spare time to help them - for free.

Apparently the latest #curl release has a build problem on HarmonyOS. What a pity.

For this exact date through #curl history I have nothing at all noted.

Possibly because this is my son's 19th birthday!

(My document with curl related event dates contains >300 separate events for 205 unique dates)

Bye bye Kerberos FTP (in #curl)

daniel.haxx.se/blog/2025/09/19…

Bye bye Kerberos FTP

We are dropping support for this feature in curl 8.17.0. Kerberos5 FTP to be exact. The last Kerberos support we had for FTP.

^{daniel.haxx.se}

Working on adding Apple SecTrust support to curl (e.g. the native macOS and other Apple *OS system certificates store) and reaching out to the Homebrew/Macports people if they'd like that too or have other needs.
#curl

github.com/curl/curl/discussio…

Apple Native CA and homebrew/macports · curl curl · Discussion #18597

In the general discussion about curl's handling of a "native CA" and our addition of support for using Apple's SecTrust directly, the question arose how homebrew and macports can/wont make use of t...

^GitHub

From suspicion to published #curl #CVE. The process.

daniel.haxx.se/blog/2025/09/18…

From suspicion to published curl CVE

Every curl security report starts out with someone submitting an issue to us on https://hackerone.com/curl. The reporter tells us what they suspect and what they think the problem is.

^{daniel.haxx.se}

In this interview, Daniel Stenberg, lead developer of #cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks.

Stenberg also explains the team’s approach to handling vulnerabilities, ensuring transparency, and maintaining trust in the open-source ecosystem.

helpnetsecurity.com/2025/09/18…

Behind the scenes of cURL with its founder: Releases, updates, and security - Help Net Security

Explore how the cURL project keeps billions of devices secure, from vulnerability handling to best practices and updates.

^{Mirko Zorz (Help Net Security)}

Starting now, the #curl man page is rendered to use the long form only of the command line options in text, instead of like before insist on mentioning both the short AND long option.

This should make the text easier on the eye. I could make it this way after having fixed so that the long-option-only also renders appropriate links in the web version.

A tiny step forward.

Time to drop support for Kerberos5 FTP in #curl

github.com/curl/curl/pull/1857…

drop support for Kerberos5 FTP by bagder · Pull Request #18577 · curl/curl

It was accidentally broken in commit 0f4c439, shipped since 8.8.0 (May 2024) and yet not a single person has noticed or reported, indicating that we might as well drop support for FTP Kerberos. Krb...

^GitHub

literally the dumbest thing I've ever read
youtube.com/watch?v=-uxF4KNdTj…

#curl

literally the dumbest thing I've ever read

Please stop.https://hackerone.com/reports/3340109🏫 MY COURSESSign-up for my FREE 3-Day C Course: https://lowlevel.academy🧙‍♂️ HACK YOUR CAREERWanna learn t...

^YouTube