Re: Support_better_than_MD5_hostkey

> On 8 Jul 2021, at 14:05, Mats Lindestam via curl-library > wrote: > I am trying to implement support for SHA256 public keys. I have been able to > reach as far as the lib/vssh/libssh2.c file and the ssh_check_fingerprint > function. Now I have no idea on how to calculate the SHA156 public

Re: Enter feature freeze

> On 3 Mar 2021, at 23:16, Michael Kolechkin via curl-library > wrote: > Sorry for asking by email, but could you please let me know if PR 6464 > (https://github.com/curl/curl/pull/6464) is part of the next release? PR6464 has not been merged in this feature window, so it will not be shipped

Re: Add support for option CURLOPT_SSL_CIPHER_LIST for DarwinSSL

> On 19 Nov 2020, at 09:29, Daniel Stenberg via curl-library > wrote: > > On Wed, 18 Nov 2020, Michael Kolechkin via curl-library wrote: > >> Does it make sense to add the CURLOPT_SSL_CIPHER_LIST option support in >> sectransp.c code and limit client cipher suites to its value? > > Sounds

Re: curl protection for password at process memory

> On 30 Sep 2020, at 16:12, ⁨מעיין בן חיים via curl-library⁩ > <⁨curl-library@cool.haxx.se⁩> wrote: > As part of "defence in depth" strategy, I want to protect my process from > core dump attacks. If generating and reading a dump file is the attack vector, can you elaborate on how you envision

Re: Considering a version 8 at some point...

> On 30 Jun 2020, at 13:48, Daniel Stenberg via curl-library > wrote: > What do you think? Before bumping to version 8 at an arbitrarily chosen point in time (for some value of arbitrary given the 200th release), I think it's worth settling what the version scheme will look like post-8. Are

Re: Funding curl up attendance

> On 27 Nov 2019, at 09:41, Daniel Stenberg wrote: > > On Wed, 27 Nov 2019, James Fuller wrote: > >> what about using this kind of thing to sponsor students to attend ? > > Yes, I think students could apply too as per the second bullet under "Who is > eligible". > > I still want students who

Re: Remove check for MacOS 10.0 to 10.3 as we are at 10.14?

> On 17 Jul 2019, at 11:19, Christian Schmitz via curl-library > wrote: > Maybe this test should be removed as MacOS < 10.4 is no longer used? > Or the condition could be changed? This is an upstream issue in libtool, removing it from curl would require us to patch it via buildconf until fixed

Re: no feature window yet

> On 7 Jun 2019, at 23:26, Daniel Stenberg via curl-library > wrote: > I'm inclined to just not allow any features at all in this cycle. I’m not opposed to this idea. cheers ./daniel --- Unsubscribe:

Re: A quick follow-up release next week

> On 25 May 2019, at 11:40, Daniel Stenberg via curl-library > wrote: > > On Sat, 25 May 2019, Ray Satiro wrote: > >> I prefer either of A) branch off and revert; or D) revert in master. My >> suggestion is if you are going to revert then roll them up into 1 like I did >> rather than have 5

Re: Nominating polarssl for deprecation

> On 15 May 2019, at 06:54, Dan Fandrich via curl-library > wrote: > > On Tue, May 14, 2019 at 04:48:31PM +0200, Daniel Stenberg via curl-library > wrote: >> Hi, >> >> The polarssl TLS library has not had an update in over three years. The last >> release was done on January 7 2019 [1]. > >

Re: "experimental features"

> On 5 Feb 2019, at 15:53, Daniel Stenberg wrote: > > On Tue, 5 Feb 2019, Daniel Gustafsson wrote: > >> +1 to “offer” experimental features. Does it make sense to have a separate >> snapshot where all experimental features are turned on, to lower the barrier >> for testing? > > Snapshot for

Re: "experimental features"

> On 4 Feb 2019, at 10:46, Daniel Stenberg via curl-library > wrote: > > Hi! > > Going forward, I'd like us to mark some features *experimental* so that even > if we include source code for them in a released version, they default to > being disabled and are discouraged from getting used in

Re: docs: curl-related videos

> On 01 Feb 2019, at 08:59, Daniel Stenberg wrote: > >> On Thu, 31 Jan 2019, Daniel Gustafsson wrote: >> >> The tags lacks the alt= attribute to make the page validate as HTML >> 4.01. > > I couldn't think of what to put in the alt takes to make them sensible! Just > repeating the video

Re: docs: curl-related videos

> On 31 Jan 2019, at 16:03, Daniel Stenberg via curl-library > wrote: > > Hello! > > I'm happy to announce a new page in the documentation section of the curl web > site dedicated to video presentations about curl and related topics: > > https://curl.haxx.se/docs/videos/ Very cool, thanks!

Re: curl, governance, money and the future

> On 11 Jan 2019, at 17:15, Daniel Stenberg via curl-library > wrote: > > On Fri, 11 Jan 2019, Christian Schmitz wrote: > >>> The main "problem" this solves is handling of money related to the project. >> >> Than start a Limited or a non-profit to run CURL and fund it. > > That's a lot of

Re: Disallow HTTP/0.9 ?

> On 17 Dec 2018, at 16:00, Daniel Stenberg via curl-library > wrote: > I believe this is not what most users would expect and that's why I propose > that we modify this behavior and let users opt-in to that treatment with the > help of these new options. > > A more conservative route would

Re: libcurl leaks information in freed memory

> On 19 Oct 2018, at 10:55, Gabriel Zachmann via curl-library > wrote: > > On 19.10.18 08:58, Gabriel Zachmann via curl-library wrote: > >> get the length. But yes, if all allocated memory should be freed, we have to >> keep track of the size. A simple way to do so is using an custom

Parallelizing tests

I was poking a little at parallelizing the test suite in order to try and shave some time off the total runtime. But before sinking time into that I wanted to ask if there are/have been any other attempts at this? Has anyone hacked on this and if so, are there any learnings that can be shared?