Re: curl_multi_socket_action takes longer when using HTTPS

On Tue, 28 May 2024, Richa Shah wrote: - Is it possible the time spent in pruning dead connections is getting counted towards DNS resolution? Since thats the very first latency that curl tracks for handles, my guess is anything curl does before actually reaching the

Re: Where is curlx_dyn_addn defined?

On Tue, 28 May 2024, Bill Pierce via curl-library wrote: I grabbed the sources from github using Git Bash on May 24, 2024, but when I tried to compile a test program with selected libcurl files, curlx_dyn_addn was undefined. I recommend you use one of the provided ways to build libcurl. You

WebSockets going non-experimental by September 2024

Hello, Unless someone identifies and reports an issue with the current API, we consider WebSocket working by September 2024 when it has been stewing as EXPERIMENTAL for two years. (Language to this effect was already added to the EXPERIMENTAL.md document a while ago, I'm sending this email

Re: Downloading from SFTP: my code vs. curl

On Wed, 22 May 2024, Alexander Dyagilev via curl-library wrote: curl fails to download with error message: curl (60) SSL peer certificate or SSH remote key was not OK. Probably this: curl_easy_setopt(hnd, CURLOPT_SSH_KNOWNHOSTS ) ... and then that file does not contain the details

[RELEASE] curl 8.8.0

Hello! It is with a great deal of pleasure I present to you this brand new curl release today. You find it as always on https://curl.se/ Enjoy! curl and libcurl 8.8.0 Public curl releases: 257 Command line options: 259 curl_easy_setopt() options: 305 Public functions

Reminder: curl user survey 2024

Hello! If you have not already done so, please donate a few minutes of your time and tell us how you use curl and what you think of it. The blog post about it: https://daniel.haxx.se/blog/2024/05/14/curl-user-survey-2024/ Go straight to the survey: https://forms.gle/FYBtP1otwaMvej797

Re: Increase in CPU usage in 8.7.1 vs 8.6.0 for rate-limited downloads

On Wed, 15 May 2024, David Pfitzner via curl-library wrote: From testing, this change appears to be due to this commit: https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b So just reverting this single commit makes it "good" again? Perhaps it would be useful for a

curl user survey 2024

Hello friends! Welcome to the annual curl user survey 2024. Please donate a few minutes of your time and tell us how you use curl and what you think of it. The blog post about it: https://daniel.haxx.se/blog/2024/05/14/curl-user-survey-2024/ Go straight to the survey:

Re: Setting up the user survey 2024

On Tue, 7 May 2024, Daniel Stenberg via curl-library wrote: Anything else I should remember to include/remove/ask ? Adding a question about Windows architecture: https://github.com/curl/curl-for-win/discussions/68#discussioncomment-9366808 -- / daniel.haxx.se | Commercial curl support up

Re: Setting up the user survey 2024

On Wed, 8 May 2024, Jimmy Sjölund via curl-library wrote: Would it be useful with a followup free text question/comment? Such as "Depends on the cost" or any reason why or why not to continue on GitHub? Free text fields are difficult (to gather the answers from). I am personally primarily

Re: Setting up the user survey 2024

On Tue, 7 May 2024, Daniel Stenberg via curl-library wrote: New questions so far: Should curl remain hosted on GitHub? - Yes - No - Indifferent - I don't know -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new

Re: Setting up the user survey 2024

On Tue, 7 May 2024, Stefan Eissing wrote: - When analysing problems with curl or your application using libcurl, what additional features would be helpful? We added more verbose tracing via `--trace-config` recently. Are there any areas where expanding this might help you? I think the

Re: Setting up the user survey 2024

On Tue, 7 May 2024, Patrick Monnerat wrote: I always just run 'ssh -D' to create a SOCKS proxy that curl can use... I was rather thinking of something like 'ssh -L' provides, but without using intermediate local sockets. Okay, I understand. It is indeed a fair idea, but asking users in the

Re: Setting up the user survey 2024

On Tue, 7 May 2024, jim.ful...@webcomposite.com wrote: A few suggestions: - Have you used curl container ? - Do you prefer quay, docker hub or GitHub repository ? How about asking about it like this in a single queetion: Have you used a curl container and if so, which do you prefer? Yes

Re: Setting up the user survey 2024

On Tue, 7 May 2024, Patrick Monnerat via curl-library wrote: For "Which of these features would you like to see curl support?" - ssh proxy/tunnel What exactly does this mean though? I've been proxying curl fine indirectly over SSH for decades, but I always just run 'ssh -D' to create a

Setting up the user survey 2024

Hello, I have started to work on the 2024 version of the user survey. If things go well, we can run it two weeks later in May. As per usual, I copied the version from last year and I have edited it slightly - mostly based on the feedback from last year as listed in my analysis document [1].

Re: When will we make TLS 1.3 support a mandatory requirement?

On Mon, 6 May 2024, Brad King wrote: On Thu, Mar 7, 2024 at 3:15 AM Daniel Stenberg wrote: libraries that curl supports do not do TLS 1.3 ... Secure Transport. For reference, that was discussed in https://github.com/curl/curl/issues/4524 The conclusion was that curl should add support for

Re: When will we make TLS 1.3 support a mandatory requirement?

On Thu, 7 Mar 2024, Daniel Stenberg via curl-library wrote: I would like to discuss the possibility that we set a flag day on which we cut off support for all TLS libraries that do not play TLS 1.3. I'm proposing that day is one year from now: https://github.com/curl/curl/pull/13544

The curl up 2024 presentations

Hello, We ended curl up 2024 yesterday. The twelve recorded presentations are now available to watch on YouTube. I link them all in my blog post about the past weekend: https://daniel.haxx.se/blog/2024/05/06/i-survived-curl-up-2024/ Enjoy! -- / daniel.haxx.se | Commercial curl support

Re: curl.exe runs fine, but same request hangs up in libcurl.dll (8.7.1-7 in Windows 10)

On Thu, 2 May 2024, [Quipsy] Markus Karg via curl-library wrote: (Note that curl.exe created the content-length header on its own!) If you use the --libcurl flag, you'll probably see that curl.exe sets some option(s) that your application does not. Like CURLOPT_INFILESIZE. If needed, I

Re: Supported versions of ngtcp2 and nghttp3 for HTTP3?

On Mon, 29 Apr 2024, Samuel Henrique via curl-library wrote: The documentation at https://curl.se/docs/http3.html seems to imply only the following versions are supported: ngtcp2: v1.2.0 nghttp3: v1.1.0 I say "imply" because I don't see mentions of "this version or later". Are those only the

Re: documentation

On Sat, 27 Apr 2024, Michael Brian Bentley via curl-library wrote: I downloaded the epub, pdf and played with the html version of everything-curl. On this machine (a Mac) none of the interior links (chapter links, etc) appear to work. (This makes picking up minutiae about libcurl a

feature freeze

Hello, As of today the feature window is closed for the next release. Now we only merge bugfixes until release day. curl 8.8.0 is planned to ship on May 22, 2024. -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new

Re: Hyper, is it worth it?

On Tue, 23 Apr 2024, dswij gmail via curl-library wrote: I'm just wondering: what's the requirement for Hyper to be an acceptable alternative? How much work is left to be done before we achieve that, other than the missing HTTP/2 support and the broken tests? Once we have HTTP/2 support and

Re: HTTP/2 and server push related questions

On Wed, 24 Apr 2024, Abhinav Singhal via curl-library wrote: Thanks a lot for the prompt response, Stefan. I need clarity on one more question: if HTTP/2 is enabled, is CURLMPOT_PUSHFUNCTION the only way to enable the server push feature, or is there any other (non-CLI) way to enable it?

Hyper, is it worth it?

Hello. In the end of 2020 we merged the initial experimental support for hyper as an alternative backend for libcurl HTTP functionality. It is a way to increase the ratio of memory-safe code into a libcurl build. hyper support remains experimental to this day because we still have fifteen

First version of the curl up 2024 agenda

Hi team, Based on the current set of talk proposals, I distributed them a little and created a first attempt at an agenda for curl up 2024: It is not set in stone and if someone wants to add talks or shift things around just let me know. https://github.com/curl/curl-up/wiki/2024 -- /

Re: curl history

On Thu, 11 Apr 2024, zMan via curl-library wrote: I'm trying to find a real changelog for curl that includes details of changes. Specifically, what I'm trying to figure out is when curl added RSA-4096 support (presumably through OpenSSL). curl never added support for RSA, it was always

Re: HTTP status and error codes

On Thu, 4 Apr 2024, R C via curl-library wrote: I can read the HTTP status with CURLINFO_RESPONSE_CODE,  can the actual status/error message also be printed? (are the messages available in libcurl? There is no way to get the so called "reason-phrase" using the API, no. You can extract it

Re: Set Response Code for SFTP?

On Wed, 3 Apr 2024, Christian Schmitz via curl-library wrote: So the response code could provide the last error from SFTP library before it switches to state close. To distinguish a problem uploading a file for whether disk is full, quota exceeded or the file name is invalid without parsing

Re: Set Response Code for SFTP?

On Wed, 3 Apr 2024, Christian Schmitz via curl-library wrote: Could this be changed, so SFTP also sets the field? What is a response code for SFTP? -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features |

Re: Content-Length header line

On Tue, 2 Apr 2024, R C via curl-library wrote: One of the headers am creating is a "Content-Length: 0" (because there is no body). Somehow it doesn't arrive, I suspect it was never sent. Is that known behavior? No. But also: you probably should not have to set that header yourself. --

Re: Reproducing the release tarballs

On Sat, 30 Mar 2024, Dan Fandrich via curl-library wrote: SPDX seems to be the standard SBOM format for this that tools are starting to expect. The format is able to handle complex situations, but given the very limited scope needed in curl and for source releases only, once you get a

Re: Reproducing the release tarballs

On Sat, 30 Mar 2024, Jeffrey Walton wrote: If I am not mistaken, you usually take the Autools gear that is provided by the distro. There's no need to chase m4 files. I'm talking about these m4 files: $ ls -l m4/*m4 | wc -l 28 They are our custom autoconf functions. However, you should

Re: Reproducing the release tarballs

On Sat, 30 Mar 2024, Daniel Stenberg via curl-library wrote: For the most recent curl release, my toolset that I believe might affect the results include: Since I do all releases on Debian Linux and they occasionally apply patches that make them deviate from the upstream versions

Re: Reproducing the release tarballs

On Sat, 30 Mar 2024, Howard Chu wrote: IMO only project developers should ever be touching the autotools. ... Only our release engineer ever generates the configure script, and it's committed to the repo along with everything else. For people using releases, it does not matter since the

Re: Reproducing the release tarballs

On Sat, 30 Mar 2024, jim.ful...@webcomposite.com wrote: While we are here … can we outline all processes to tarball - for example I see no signing step I did not mention signing because it does not strictly affect the tarball as the signature is separate. I gpg sign every release and have

Reproducing the release tarballs

Hello, In the light of the xz attack, I would like to mention that in order to reproduce the tarballs I upload for curl release, this is necessary: - Clone the repo and checkout the release tag - Install the same set of tools + versions I use - run "./maketgz [version]" For the most recent

RE: http.client does not finish current streams after a connection lost

On Fri, 29 Mar 2024, Sergey Bronnikov via curl-library wrote: Should I reopen curl#11769 or it is better to submit a new issue? It is always better to file a new issue since we fixed the old one. Things have changed. Conditions are different. -- / daniel.haxx.se | Commercial curl

[RELEASE] curl 8.7.1

Hi Since releasing curl is such a fun excercise I just had to do it again. Or perhaps it was because I messed up the tarballs for 8.7.0. curl 8.7.1 has the identical set of features and changes as 8.7.0 did, but the release tarballs should be better. Go get it from https://curl.se/ -- /

[SECURITY ADVISORY] curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS

TLS certificate check bypass with mbedTLS = Project curl Security Advisory, March 27th 2024 - [Permalink](https://curl.se/docs/CVE-2024-2466.html) VULNERABILITY - libcurl did not check the server certificate of TLS connections done to a host

[SECURITY ADVISORY] curl: CVE-2024-2398: HTTP/2 push headers memory-leak

HTTP/2 push headers memory-leak === Project curl Security Advisory, March 27 2024 - [Permalink](https://curl.se/docs/CVE-2024-2398.html) VULNERABILITY - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received

[SECURITY ADVISORY] curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL

QUIC certificate check bypass with wolfSSL == Project curl Security Advisory, March 27 2024 - [Permalink](https://curl.se/docs/CVE-2024-2379.html) VULNERABILITY - libcurl skips the certificate verification for a QUIC connection under certain

[SECURITY ADVISORY] curl: CVE-2024-2004: Usage of disabled protocol

Usage of disabled protocol == Project curl Security Advisory, March 27 2024 - [Permalink](https://curl.se/docs/CVE-2024-2004.html) VULNERABILITY - When a protocol selection parameter option disables all protocols without adding any then the default set of

[RELEASE] curl 8.7.0

Hello friends! I'm happy to announce another curl release! Get it as always from https://curl.se Also: see the four separate security advisories we announce in association with this release. curl and libcurl 8.7.0 Public curl releases: 255 Command line options: 258

Report from the distros meeting

Hi friends! I posted a report on my blog from the curl and distros meeting last week: https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/ I also want to especially highlight the new curl-distros mailing list we have created: https://lists.haxx.se/listinfo/curl-distros -- /

Re: SIGSEGV in curl-8.6.0/lib/http2.c:288 (curl_multi_perform->extract_if_dead->http2_data_done)

On Wed, 20 Mar 2024, Aleksander Mazur via curl-library wrote: Recently I observe my program crashing (sometimes) during system startup. (During system startup internet connection is down so a few first https/HTTP2 requests fail with CURLE_COULDNT_RESOLVE_HOST. Then internet connection goes

Re: A single request in loop on macOS

On Wed, 20 Mar 2024, Dmitry Karpov via curl-library wrote: "To me, that indicates that a resource of some sort has run out, which possibly makes curl fail to create the new socket." I think it is fair to expect that if libcurl fails to create a new socket, then it will fail the transfer

curl up 2024 Stockholm

Hello! It is time to get this ball rolling. We gather in Stockholm, Sweden over the weekend May 4-5. We will of course appreciate as many curl contributors, maintainers and fans as possible. We will fund top contributors' travel and lodging to help more people come. All event details are

Re: A single request in loop on macOS

On Tue, 19 Mar 2024, Jicea via curl-library wrote: I launch the main 4 or 5 times in a row, one process at a time. Each time, I've error the 4rth or 5th times I launch `main`: In your email snippet it stopped after about 5000*3+1370 (16370) rounds. After 16,000 or so connections (within one

everything curl now in the curl org

Hello, As of just now, https://github.com/curl/everything-curl is the new git repository home for the everything curl book. The difference from before is that it was under my user, now it is instead owned by the curl org. -- / daniel.haxx.se | Commercial curl support up to 24x7 is

gRPC over libcurl?

Hello, I am curious to learn if there are people are here who are using libcurl to do gRPC and if there are any lessons to learn from this? Like areas that libcurl needs to do better for this use case or similar? Is it just smooth sailing? Is there something (in libcurl) that makes it really

Re: When will we make TLS 1.3 support a mandatory requirement?

On Fri, 8 Mar 2024, Dave Cottlehuber wrote: Personally I agree with your position, but I can't help imagine a lot of small software projects having conniptions if they've spent 5 years using library X only to find out that it's not supported in the future. I don't think that would be our

curl’s built-in manual without nroff

Hello, We no longer use nroff in the build: https://daniel.haxx.se/blog/2024/03/07/curls-built-in-manual-without-nroff/ -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html --

Re: When will we make TLS 1.3 support a mandatory requirement?

On Thu, 7 Mar 2024, Jeffrey Walton wrote: I feel like questions like "Allow TLS 1.0 and above or not", "Allow TLS 1.2 or not" or "Require TLS 1.3" are policy decisions that the application authors should make. Businesses and application authors are in the best position to determine their

When will we make TLS 1.3 support a mandatory requirement?

Hello, The TLS 1.3 spec (RFC 8446) was published in August 2018. Over five years ago. According to radar.cloudflare.com about 93.8% of TSL-using Internet traffic is now using TLS 1.3 (or QUIC, which uses TLS 1.3 internally). At the same time, *three* of the libraries that curl supports do

Re: Appearance of CURLPROTO_SMTP

On Wed, 6 Mar 2024, Vladimir Levijev via curl-library wrote: We are working on allowing our users to build our software with older cURL libraries and we noticed that according to this page https://curl.se/libcurl/c/CURLOPT_PROTOCOLS.html the symbol CURLPROTO_SMTP was added in 7.19.4 it’s

feature window: CLOSED

Hello all. I just want to mention that the feature window is now CLOSED for the next release: https://curl.se/dev/feature-window.html This means that we will no merge any more features/changes into the master branch before the pending 8.7.0 release. curl 8.7.0 is planned to ship on March

curl HTTP/3 security audit

Hello friends! Trail of Bits recently did a security audit of curl's HTTP/3 related components and today the report went public. I think we can say that we got a good grade on this. I blogged about it here: https://daniel.haxx.se/blog/2024/02/23/curl-http-3-security-audit/ The new audit

Re: CURL where is it in usr/include/i386-linux-gnu/curl/curl.h

On Mon, 19 Feb 2024, Michael via curl-library wrote: CURL *curl; Where is the "CURL" in the header file and what are it's attributes? It has no "attributes". It is plain pointer to something your application does not know what it is. We call it a "handle". That handle represents a transfer;

Re: Warning: you build with a TLS library without TLS 1.3 support

On Thu, 8 Feb 2024, Ryan Schmidt wrote: Good idea! However I would not necessarily position it as a library that "has not bothered" to implement this. I don't know the situation with BearSSL or mbedTLS, but my understanding with Secure Transport is that Apple has deprecated it and will

Re: Libcurl with Libssh and port forwarding.

On Thu, 8 Feb 2024, Ali Nasir via curl-library wrote: 3. Problem is that the libssh does actually make a port forward. Thus further actions the tunnel need to be done via its channel_write amd channel_read operations. Question: how do i achieve thia using libcurl? Using just libcurl, you

Warning: you build with a TLS library without TLS 1.3 support

Hello! I intend to merge this PR [1] that introduces a warning message at the end of the configure run if you build curl to use a TLS library without support for TLS 1.3. The TLS 1.3 spec shipped in 2018 and it is implemented widely by many TLS libraries - but not all. I want to help

Re: TCP close issue when rebasing, maybe specific to 8.6.1 vs "openssl s_server -WWW"?

On Wed, 7 Feb 2024, Stephen Farrell wrote: Just to note that today's commits (presumably [1]) seem to have fixed this issue for me. Excellent, thanks for confirming! -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new

Re: TCP close issue when rebasing, maybe specific to 8.6.1 vs "openssl s_server -WWW"?

On Tue, 6 Feb 2024, Stephen Farrell via curl-library wrote: ``openssl s_server -WWW`` is of course a mega-basic type of not-really a proper web server but still be good if this worked as before. You problably see the same thing as reported here: https://github.com/curl/curl/issues/12885

Re: regression in 8.6.0: unexpected body leads to CURLE_WEIRD_SERVER_REPLY

On Thu, 1 Feb 2024, Sergey Bronnikov via curl-library wrote: when http server send non-empty http body in response of HEAD request Potential fix: https://github.com/curl/curl/pull/12842 -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes,

RE: [BUG] 8.6.0 Libpsl requirement is not portable

On Wed, 31 Jan 2024, Randall via curl-library wrote: Having a dependency like this, that is not trivially portable leading to security issues in future, is rather problematic, don't you agree? I don't understand why this library is not "trivially portable". If it isn't already, I figure

[SECURITY ADVISORY] curl: CVE-2024-0853 : OCSP verification bypass with TLS session reuse

OCSP verification bypass with TLS session reuse === Project curl Security Advisory, January 31 2024 - [Permalink](https://curl.se/docs/CVE-2024-0853.html) VULNERABILITY - curl inadvertently kept the SSL session ID for connections in its

[RELEASE] curl 8.6.0

Hello! Welcome to a new curl release! Get it as always from https://curl.se/ curl and libcurl 8.6.0 Public curl releases: 254 Command line options: 258 curl_easy_setopt() options: 304 Public functions in libcurl: 93 Contributors: 3078 This release

CVE-2023-52071 is bogus

Hi all, There was another bogus curl CVE filed, published today. We will try to reject it proper, but here is our official take on it: https://curl.se/docs/CVE-2023-52071.html (this CVE was filed before we become a CNA) -- / daniel.haxx.se | Commercial curl support up to 24x7 is

Re: Seek problem with curl_formadd with CURLFORM_STREAM

On Tue, 30 Jan 2024, Patrick Monnerat via curl-library wrote: As the formadd API is deprecated, this is not considered as a bug anymore and won't be fixed. It is however one of the caveats that motivated the design of the MIME API and I think the best way you fix your program is by migrating

Re: HTTP header validation

On Mon, 29 Jan 2024, Stephen Booth via curl-library wrote: A sanity check in curl would have helped me find the problem but it sounds like there are reasons I'm not aware of for not attempting any validation. In the early days of supporting custom HTTP headers, I know some users provided

curl up May 4-5 2024!

Hi friends, I propose the weekend of May 4-5 for the in-person curl up 2024. Not decided yet: country, city and venue... -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html --

Coming: a curl distros meeting

Hello friends! The curl project arranges a two hour video conference meeting on March 21, 2024, with the aim of getting together people from curl and persons packaging curl for distributions. Linux distros and others. If you distribute curl to your users, consider yourself invited! All

Re: Correct way to disable cookies temporarily

On Tue, 23 Jan 2024, Ray Satiro via curl-library wrote: You can probably do it with a curl shared object with cookies but you would have to disable the whole shared object to do it: Ah yes, clever! I believe that is possible. -- / daniel.haxx.se | Commercial curl support up to 24x7 is

Re: Correct way to disable cookies temporarily

On Tue, 23 Jan 2024, mab20...@tiscalinet.it wrote: It should be that setting the header as "Cookie;" (the syntax for header cancellation) discards all the auto engine cookies for the next connection, just as "Accept;" discards Accept: */* The semicolon version does not really "discard" the

Re: Correct way to disable cookies temporarily

On Tue, 23 Jan 2024, Max via curl-library wrote: I have not found in the documentation what is the correct way to disable an existing set of cookies (in the cookies engine) temporarily (that means for the next single connection where I do not have to send any cookie, including persistent

libcurl man pages now written in "curldown"

FYI; I just merged https://github.com/curl/curl/pull/12730 This has now changed the file format for how we document libcurl functions and options. From the former quirky nroff format, to the new almost-markdown format I call curldown. The format is documented here:

Re: problem with unpaused connection

On Mon, 22 Jan 2024, Sergey Bronnikov wrote: https://github.com/curl/curl/pull/12740 I've applied the patch and run tests 50 times in a loop without fails. Seems it is a correct fix. Thanks for confirming. This PR has now been merged and will be part of the next release. -- /

Re: problem with unpaused connection

On Thu, 18 Jan 2024, Sergey Bronnikov via curl-library wrote: curl library with enabled debug prints a message below before a test fail: readwrite, dselect_bits, early return on PAUSED This message was introduced in aforementioned commit to curl library. I wrote a patch that might be what

Re: Daily source snapshots stopped updating

On Thu, 18 Jan 2024, Marcel Raad via curl-library wrote: The daily source snapshots on https://curl.se/snapshots/ stopped updating after January 9, which stopped my autobuilds. Not sure if that would be a curl or website issue, so I'm reporting it here instead of a GitHub issue. Oops, #12661

Re: "curldown" for libcurl man pages ?

On Thu, 18 Jan 2024, jim.ful...@webcomposite.com wrote: I would have thought ascidoc sufficient There are literally dozens of available quality tools that can generate nroff from something else. That is but a small part of the task. The other details I mentioned get much more complicated to

Re: "curldown" for libcurl man pages ?

On Wed, 17 Jan 2024, Patrick Monnerat via curl-library wrote: Maybe you don't know this tool: https://hackage.haskell.org/package/pandoc-cli that can probably do 99% of what you need. We use pandoc on the website already for the markdown to HTML conversions. We also use it for everything

"curldown" for libcurl man pages ?

Hello, Writing libcurl documentation has been a bit of an uphill struggle to people over the years because of how we write the documenation in nroff/man page format. It is an inconvenient format for editing that is not well known. Today I finally decided to make an attempt to switch to an

curl is a CNA

Hello friends, As of today the curl project is a CNA, a registered CVE Numbering Authority, which now allows us to alloc and admin our own CVE Ids. On my blog: https://daniel.haxx.se/blog/2024/01/16/curl-is-a-cna/ -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! |

Re: c-ares with LD_PRELOAD ?

On Tue, 16 Jan 2024, Ben Greear via curl-library wrote: I wanted to see if anyone has c-ares working as drop-in replacement for glibc resolver logic so something like 'ping' can use c-ares resolver logic using LD_PRELOAD? If created, it sounds like an excellent testing tool to figure out the

Re: multissl with http3 support only for gnutls

On Tue, 9 Jan 2024, Samuel Henrique via curl-library wrote: Is it possible to build with MultiSSL (with openssl and gnutls), having support for http3 only when gnutls is used? In a conversation today with Stefan and Dan, we touched on this subject and this idea came alive: HTTP/3 actually

Re: Support HTTP2 Goaway Frame callback for curl multi

On Wed, 10 Jan 2024, Cao Duc Quan via curl-library wrote: If I grasp your point correctly, the statement "*curl may not process a GOAWAY immediately*" implies that there might be a delay in some of cURL's internal logic until a user initiates a request. However, I believe that my proposal

Re: Libcurl 7.86.0 issue with reverse proxy server

On Thu, 11 Jan 2024, Purvi Prajapati via curl-library wrote: We have a problem with libcurl library with big request body when IHS (IBM HTTP Server) is used as reverse proxy. So libcurl is doing a plain HTTPS POST to this server? (The fact that it is a reverse proxy is hardly something

Re: multissl with http3 support only for gnutls

On Wed, 10 Jan 2024, Samuel Henrique via curl-library wrote: Thank you for the quick response, should I do anything to log this as a feature request or having this email is enough? You can create a PR with an added entry in docs/TODO so that it won't be forgotten and increasing the chances

Re: Problems with empty header values in header API in 8.5.0/master

On Tue, 9 Jan 2024, Dmitry Karpov via curl-library wrote: I noticed a strange regression related to header API when migrated from 7.84 to 8.5.0, and I see the same issue in TOT branch. The issue is that the header API returns '\r' as a header value when some service returns a header with no

Starting now: make an active PSL decision

Hi, Starting now, curl's configure script will fail if it doesn't find libpsl and it was not explictily disabled. I elaborated on my blog: https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/ -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug

Re: multissl with http3 support only for gnutls

On Tue, 9 Jan 2024, Samuel Henrique via curl-library wrote: Is it possible to build with MultiSSL (with openssl and gnutls), having support for http3 only when gnutls is used? No. Multissl does not work for HTTP/3-enabled builds. -- / daniel.haxx.se | Commercial curl support up to 24x7 is

feature freeze starts now for 8.6.0

Hi friends, We are now officially in feature freeze in preparation for the pending release 8.6.0, due to ship on January 31. -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html --

Re: Support HTTP2 Goaway Frame callback for curl multi

On Thu, 4 Jan 2024, Cao Duc Quan via curl-library wrote: I am working on a small project where I need a callback from CURM when it receives the GOAWAY frame. I prepared a patch as follows and could get the callback for GOAWAY Please explain with more words why you need this and what it is

everythin curl: libcurl performance

Hello, I started a section in the book on what you can or should do in your libcurl application to get the best performance. What did I forget, got wrong or just did not explain properly? https://everything.curl.dev/libcurl/performance -- / daniel.haxx.se | Commercial curl support up

Re: CURLUSESSL_TRY with failing TLS negotiation

On Thu, 28 Dec 2023, Patrick Monnerat via curl-library wrote: IN IMAP/POP3/SMTP, a failing CURLUSESSL_TRY behaves as expected as long as TLS negotiation has not started, but terminates in error if the latter fails. I noticed it by reading the code and, since there is no support for STARTTLS

Re: Separate install

On Thu, 21 Dec 2023, Jeffrey Walton via curl-library wrote: Also see for a brief history and some complaints. Thanks. It certainly dragged me down into the curious and interesting rabbit hole of RPATH vs RUNPATH details! :-) -- / daniel.haxx.se |

Separate install

FYI A comment problem people seem to have, is installing a custom libcurl somewhere, only to find that their new curl executable does not use the new libcurl but instead load another/system libcurl. To help us not having to repeat ourselves as much in the future, I added a page to

Re: Question/proposal about function returning pollfds from multi handle

On Wed, 20 Dec 2023, Dmitry Karpov via curl-library wrote: The function implementation is relatively simple and small. I can create a PR for it if there are no objections. Please do, it will give us something to discuss around. Do you iterate over the sockets in the socket hash to avoid

  1   2   3   4   5   6   7   8   9   10   >