curl supports getting built with eleven different TLS libraries. Six of these libraries are OpenSSL or forks of OpenSSL. Allow me to give you a glimpse of their differences, similarities and some insights into what it takes to support them all.
TIL #curl help categories. When invoked with cli flag '-h' curl can provide you infos about command-line flags related to certain categories, e.g. http, smtp, ... Thanks for that @bagder
We had already triaged a #curl security report and deemed it a vulnerability, and would just earlier today create a test case to work on a fix. As the test case refused not reproduce the issue we slowly realized... it isn't actually a security problem! Hooray!
Implements a seperate read thread for STDIN on Windows when curl is run with -T/--upload-file .
This uses a similar technique to the nmap/ncat project, spawning a seperate thread which creates a lo...
In INSTALL.md file, the link that points to CURL-DISABLE was broken, so I fixed this issue changing the link from only "CURL-DISABLE.md" to "https://github.com/curl/curl/blob/master/...
Allow prequotes to be sent after curl has changed the working directory, just before the listing command if the URL is a directory.
FTP state machine is updated with the new FTP_LIST_PREQUOTE state...
What follows is a public spec related to the Ubuntu Server seeds. It does not contain specific definitions about seeds, how they relate to the ISOs, nor a long history. It is an implementation spec to show changes planned for 25.10.
So today it is Friday the 13th and apparently I should have stayed in my bed.
Just spent way too much time troubleshooting why the curl requests I got from Firefox by using "copy request to cUrl" did not work. Turns out it is a Firefox bug. For unknown reason it adds a caret "^" before each parameter separator in the query string in the curl request, breaking everything. 😞
I ran strace on curl and noticed that it is doing a lot of very short reads, of exactly 5 bytes, followed by a larger read.
strace Before
recvfrom(4, "\27\3\3@\30", 5, 0, NULL, NULL) = 5
...
I ran strace on curl and noticed that it is doing a lot of very short reads, of exactly 5 bytes, followed by a larger read.
strace Before
recvfrom(4, "\27\3\3@\30", 5, 0, NULL, NULL) = 5
...
Thanks to Calvin Ruocco, Dan Fandrich, Daniel Stenberg, denandz on github, Ethan Everett, Jacob Mealey, Jeremy Drake, Jeroen Ooms, John Bampton, Kadambini Nema, Michael Kaufmann, Rasmus Melchior Jacobsen, Ray Satiro, Samuel Henrique, Stefan Eissing, Viktor Szakats, x-xiang on github, Yedaya Katsman, Yuyi Wang, z2_
This is a patch-release done only a week since the previous version with no changes merged only bugfixes. Because some of the regressions in 8.14.0 were a little too annoying to leave unattended for a full cycle.
On Cygwin, it is unsafe to call POSIX functions from DllMain, which OPENSSL_thread_stop does. Additionally, it should be unnecessary as OpenSSL uses pthread_key_create to register a thread destruc...
If I'm going to be totally honest: implementing anything in #curl is about fourteen times easier and more fun than the thread- and object-spaghetti that is #Firefox code... But don't tell anyone I said this.
I did this Tried to download a resource with --http2 parameter. I expected the following The Windows build, available via winget (winget install cURL.cURL), has neither HTTP/2 nor HTTP/3 (QUIC) sup...
Hi everyone! I started working on a Network.framework backend for curl a bit ago.
I had a few motivations for writing this:
Wanting to use curl with system SSL without compiling anything on iOS/wa...
FTP is quite unique in the #curl collection of protocols due to its (weird) mandatory use of a separate TCP connection for the data transfer (and the fact that it can be setup in either direction, client to server or server to client) . It is complicated for users, for sysadmins and it is a complication in source code and internal curl TCP management as well.
So yeah, it also keeps causing us headaches to this day.
FTP is going out of style. The Chrome team has previously announced that they are deprecating and removing support for FTP. Mozilla also announced their plan for the deprecation of FTP in Firefox.
(Clearly a much better word than simplification.) I believe we generally accept the truth that we should write simple and easy to read code in order to make it harder to create bugs and cause security problems.
Missing sdk files to link to LibreSSL and nghttp2 on MacOS - GitHub - jeroen/apple-libressl-sdk: Missing sdk files to link to LibreSSL and nghttp2 on MacOS
Yes! curl user survey 2025 The time has come for you to once again do your curl community duty. Run over and fill in the curl user survey and tell us about how you use curl etc.
How can #OpenSource and #security be interconnected? What will be the future of funding the open source-dependent public digital infrastructure?
These and many other questions will guide the discussion of our panelists: 🔸@bagder from #cURL 🔸@melanierieback from @ros 🔸Matteo Mole from @EuropeanCyber SecurityOrganisation 🔸Nicholas Gates from @OpenForumEurope 🔸Mirko Boehm from #TheLinuxFoundation
