Search
Items tagged with: cURL
I talked about #curl and #rust on the podcast "rust in production":
https://corrode.dev/podcast/s02e01-curl/
curl - Rust in Production Podcast | corrode Rust Consulting
In the season premier we talk to none other than Daniel Stenberg! We focus on integrating Rust modules in curl, their benefits, ways in which Rust and Rust crates helped improve curl, but also how curl helped those crates, and where curl is used in t…Corrode Rust Consulting
Two laptops, webcam on stand, mike, mike-stand, power for laptops, cable kit, repair kit, 12 curl mugs, eight packs with different curl stickers, carton coasters, pcb coasters, t-shirts, name tags + pens, two UCB-C to HDMI adapters
Preparing for #curl up 2024.
https://github.com/curl/curl-up/wiki/2024
My "predicting the future" slide, used in several presentations over the last few years. It involves #curl.
"everything will be networked"
cmake: FindNGHTTP2 add static lib name to find_library call by fuzzard · Pull Request #13495 · curl/curl
Adds the static library name, nghttp2_static as a name to search. This provides cmake parity with the winbuild Makefile.vc allowing the cmake build to find and allow the link to static nghttp2 libr...GitHub
How many authors have their contributions in #curl product source code? How many have had their previous work completely removed. Over time.
The first #curl release with code present authored by 200 persons was done in 2015-04-22. In that release, we had already removed all traces of contributions from 20 authors.
In the latest release, 604 authors' code is still present. 171 authors' work have been replaced.
It is already *six* years ago #curl introduced bold names when showing headers in the terminal!
https://daniel.haxx.se/blog/2018/04/28/would-you-like-some-bold-with-those-headers/
Over the last five years of #curl's bug-bounty we have received 489 submissions. For these 489 submissions the *median* first-response time has been, as calculated by Hackerone: 0 (zero) hours. If this does not ooze of awesomeness from a security team I don't know what does.
I presume they round or truncate to the nearest integer hour. Still means more than half of them got answered within an hour. Whenever or from wherever they were filed.
We take security seriously.
"#curl is being used by several hundred projects around the European Commission"
curl is everywhere for everyone
Not bad for a "hobby"!
sendf: Curl_cwriter_write: remove comment disallowing zero length by schicho · Pull Request #13477 · curl/curl
Curl_client_write calls Curl_cwriter_write, which already has this limitation in place in its comment. blen is not checked in Curl_client_write. Stumbled upon this working on my other MQTT PR.GitHub
Awesome, so much to learn wrt. libcurl! 😍 Posting links below in case anyone is looking for them ✨
📺 Getting started with libcurl
• https://youtube.com/watch?v=aS2eJDA5nSM
📺 Mastering libcurl
• https://youtube.com/watch?v=ZQXv5v9xocU
• https://youtube.com/watch?v=9KqnXsSxqGA
Mastering libcurl (2/2) with Daniel Stenberg
Transfers, Share API, TLS, Proxies, HTTP, Header API, URL API. WebSocket. Future0:00 mastering libcurl part two0:35 setup2:30 agenda4:56 Transfers5:14 Downl...YouTube
Nine years ago today, a #curl command line was prominent on an even larger display...
https://daniel.haxx.se/blog/2015/04/24/curl-on-the-nasdaq-tower/
tool_operate: don't truncate the etag save file by default by Gusted · Pull Request #13432 · curl/curl
This fixes a regression of 75d79a4. The code in tool-operate truncated the etag save file, under the assumption that the file would be written with a new etag value. However since 75d79a4 that migh...GitHub
Today we celebrate the five year anniversary of #curl's bug-bounty. It has resulted in 69 reported vulnerabilities and almost 80,000 USD payouts. Out of a total of 439 submissions. 86 of them were considered "informative", which mostly means they were handled as normal bugs.
Submit your suspected curl securirty issue here: https://hackerone.com/curl
curl - Bug Bounty Program | HackerOne
The curl Bug Bounty Program enlists the help of the hacker community at HackerOne to make curl more secure.HackerOne
Enable test 1117 for hyper HTTP backend as it currently works by Alvenix · Pull Request #13436 · curl/curl
This PR is intended to test the CICD for now, as when I tried this test with the latest hyper it worked. Edit: It seems the test is successful on CICD, so it may be enabled. (Sorry If I missed some...GitHub
If you use brew’s curl on macOS, are you really using it? I installed and had curl setup a couple of years ago. Today it appears that curl was now pointing to Apple’s version, which has this issue (https://daniel.haxx.se/blog/2024/03/08/the-apple-curl-security-incident-12604/). Looks like brew doesn’t add a symlink for curl to /opt/homebrew/bin. Running `ln -s /opt/homebrew/opt/curl/bin/curl /opt/homebrew/bin` resolved the issue.
#TLS #EncryptedClientHello #ECH support has been merged in #curl!
https://github.com/curl/curl/pull/11922
ECH experimental by sftcd · Pull Request #11922 · curl/curl
This is an (as-promised, on the mailing list) early pull request for adding HTTPS RR an ECH support to cURL, that has had so far minimal testing when using OpenSSL or wolfSSL as the TLS provider, b...GitHub
url: fix use of an uninitialized variable by jimmy-park · Pull Request #13399 · curl/curl
The following bug is detected by UndefinedBehaviorSanitizer on Apple Clang. /Users/jimmy.park/Repos/curl_client/build/.cache/curl/760adaf446db44888b0a6d906e318c6147c808ba/lib/url.c:810:10: runtime ...GitHub
Recent additions to the #CURL project from me
Anyone can contribute to an open source project. It is some effort, but you can push changes you make locally back to the project to improve it and make your improvements a part of the project.
https://www.mbsplugins.de/archive/2024-04-17/Recent_additions_to_the_CURL_p
Dockerfile for release automation by daniel-j-h · Pull Request #13250 · curl/curl
Hey @bagder 👋 I've seen your post on mastodon on how to reproduce the release tarballs. I wanted to bounce this off of you as an idea We can check in a Dockerfile build environment based on a spec...GitHub
Write function callback is called twice after resume transfer and return CURL_WRITEFUNC_ERROR · Issue #13337 · curl/curl
I did this We have the scenario when we put the transfer on pause and resume it after a while and then stop transfer with CURL_WRITEFUNC_ERROR. For that we register CURLOPT_WRITEFUNCTION callback a...GitHub
ECH experimental by sftcd · Pull Request #11922 · curl/curl
This is an (as-promised, on the mailing list) early pull request for adding HTTPS RR an ECH support to cURL, that has had so far minimal testing when using OpenSSL or wolfSSL as the TLS provider, b...GitHub
Support for RFC 9421 - HTTP Message Signatures in #curl ?
https://github.com/curl/curl/discussions/13376
Support for RFC 9421 - HTTP Message Signatures · curl curl · Discussion #13376
Hello, Is there any interest to add support for RFC 9421 - HTTP Message Signatures to curl ? I saw that curl already support AWS Signature v4 (with --aws-sigv4), and I feel this RFC is a generaliza...GitHub
docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE by the-blank-x · Pull Request #13372 · curl/curl
The bounds of the size parameter were not specified, and nor was it specified how to disable the maximum file size check. The documentation also incorrectly stated that CURLOPT_MAXFILESIZE always r...GitHub
#curl sometimes fails to access some servers. In most situations the problem is not in curl itself but on the server side. Example:
1. Fails: curl https://www.radissonhotels.com
2. Works: curl -A 'Mozilla/5.0 xx Chrome/119' https://www.radissonhotels.com
3. Fails: curl -A 'Mozilla/5.0 xx Chrome/118' https://www.radissonhotels.com
4. Fails, too: curl -A 'Mozilla/5.0 xx Chrome/1189' https://www.radissonhotels.com
Perhaps they perform #filtering to obtain improved #security? It's hard to tell, but any serious attacker surely knows how to spoof the user agent string and bypass such simple #regex