> On 12 Oct 2021, at 18:01, Daniel Stenberg via curl-library
> wrote:
> On Tue, 12 Oct 2021, Info via curl-library wrote:
>> Even clearer: https://www.openssl.org/docs/man3.0/man1/openssl-engine.html:
>> "This command has been deprecated. Providers should be used instead of
>> engines."
This
> On 13 Oct 2021, at 09:41, Michael Baentsch via curl-library
> wrote:
> 1) Looking at the curl code for engines, I'm not sure it maps well to
> providers: Correct me if I'm wrong, but it looks like there can only be one
> engine active at any one time whereas there can be arbitrarily many pro
> On 10 Nov 2021, at 15:10, ellie via curl-library
> wrote:
> I have also noticed as a side note that for a Windows build with autotools,
> it seems to be impossible to avoid including code that needs a link to
> crypt32/wincrypt, even when I want to use OpenSSL & custom cert store only.
> If
> On 3 Dec 2021, at 23:22, Daniel Stenberg via curl-library
> wrote:
> If you are a curl maintainer (ie you have push rights to git in one or more
> repositories) who would like a (free) MFA auth token, please let me know or
> respond directly in the issue below.
Yes please, that would be nic
> On 18 Jan 2022, at 00:37, Daniel Stenberg via curl-library
> wrote:
> I plan to generate and upload a new gource [1] video from the curl repo when
> we celebrate our first 1,000 committers (there are only 5 to go!). This time
> a little more fancy than before: with captions.
Very cool!
> I
> On 28 Jan 2022, at 16:07, Howard Chu via curl-library
> wrote:
> OpenLDAP dropped support of it recently as well.
Out of curiosity, what was the main driver for dropping the moznss support from
OpenLDAP?
--
Daniel Gustafsson https://vmware.com/
--
Unsubscribe: https://lists.h
> On 31 Jan 2022, at 23:07, Jason Proctor via curl-library
> wrote:
> Not to say one way or the other on deprecating NSS support, but the NSPR
> functions it calls do still have some documentation online --
>
> https://www-archive.mozilla.org/projects/nspr/
While thats true, that site is also
> On 21 Mar 2022, at 23:40, Daniel Stenberg via curl-library
> wrote:
> As of a few hours ago, the forth CVE is no longer present on that page. In an
> email response to me they say they've also requested a rejection of that CVE
> to MITRE.
>
> This certainly leaves questions unanswered, but
> On 12 Apr 2022, at 23:56, Tuomas Kaikkonen via curl-library
> wrote:
>
> I had to comment out few lines that check Windows NT version number in order
> to get curl mutual auth to work with 90m/CAC cards (Windows certificates).
>
> Without this change, the curl would close TLS connection afte
> On 19 Apr 2022, at 19:35, Dmitry Karpov via curl-library
> wrote:
>
> It would return a status code the resolver returns when it performs a DNS
> query.
>
> For instance, c-ares passes its status code in resolution callbacks, so this
> status code would be returned in the CURLINFO_RESOLVER_
> On 20 Apr 2022, at 02:27, Dmitry Karpov via curl-library
> wrote:
>> Note that for some resolvers, it may be necessary to back translate their
>> response code to the DNS RFCs'. But that work ends up in curllib, not in
>> the application.
>
> Assuming that it would be always possible to tr
> On 30 Apr 2022, at 12:42, Daniel Stenberg via curl-library
> wrote:
>
> On Mon, 25 Apr 2022, Dmitry Karpov wrote:
>
>> So, as far as documentation is concerned, I was envisioning that this
>> feature will be documented as "opaque resolver code, which meaning depends
>> on the used resolver
> On 16 May 2022, at 17:00, Daniel Stenberg via curl-library
> wrote:
> On Mon, 16 May 2022, Max Mehl via curl-library wrote:
>> The REUSE team would be happy to propose a first pull request that showcases
>> some possibilities of how REUSE could be applied, and how the file headers
>> shall l
> On 24 May 2022, at 17:08, Daniel Stenberg via curl-library
> wrote:
> Here's a thought: what if we create a new label, say "needs-votes" (exact name
> to be decided) that we can set on PRs that we feel have not yet been clearly
> indicated as "desired by the community".
The CONTRIBUTING docum
> On 24 May 2022, at 23:20, Daniel Stenberg wrote:
> 2. We could send an email to this list with some interval that collects the
> currently pending "needs-votes" pull requests to drive people's attention to
> them.
That's a good idea, we could the same (or a variant thereof) mechanism to
publ
> On 25 May 2022, at 10:01, Daniel Stenberg via curl-library
> wrote:
> On Wed, 25 May 2022, Ray Satiro via curl-library wrote:
>> I don't think a formal 5 user vote system is a good way to get more
>> feedback on a PR but I do think we can make it better with more exposure
>> that a PR needs us
> On 18 Aug 2022, at 19:33, Ryan Schmidt via curl-library
> wrote:
> Hi, I'm attempting to compile the current version of libcurl for classic Mac
> OS 9, which was apparently possible at some point
There used to be partial support for MacOS 9 which has since been ripped out
due to being untest
> On 13 Oct 2022, at 23:03, Daniel Stenberg via curl-library
> wrote:
> A - escape them in the file
> B - reject them them on arrival
This list is in the wrong order I reckon.
> My thinking:
>
> We start out with (A), we reject such cookies starting next release. This
> avoids the problem wi
> On 23 Oct 2022, at 12:15, Daniel Stenberg via curl-library
> wrote:
> I propose that we remove:
>
> - The "badges" from underneath the logo.
> - The backers/sponsors logos, and instead just link to our open collective
> page and the sponsors page on the website from there.
+1. Ideally the
> On 28 Oct 2022, at 19:05, Christian Weisgerber via curl-library
> wrote:
>
> curl's configure script checks for nroff and disables the built-in
> manual if no nroff is found. However, if you build curl from a
> release tarball, nroff is never actually run because a pre-built
> tool_hugehelp.c
> On 15 Dec 2022, at 09:06, Daniel Stenberg via curl-library
> wrote:
> After my recent blog post "IDN is crazy" [1], a few people have requested a
> new option to curl that prevents it from accepting/using IDN. To reduce the
> risk of getting exploited by one of the many trickeries you can do
> On 9 Mar 2023, at 13:45, Daniel Stenberg via curl-library
> wrote:
> I think we should allow or even demands that Low+Medium issues get managed
> through plain PRs. But without
> highlighting or mentioning the security vulnerability risk.
This opens us up to the risk that we've misjudged th
> On 9 Mar 2023, at 18:18, Daniel Stenberg wrote:
>
> On Thu, 9 Mar 2023, Daniel Gustafsson wrote:
>
>> This opens us up to the risk that we've misjudged the severity, and we
>> publish what we think is Low but in reality should've been High (or higher).
>> Ideally this shouldn't happen, and t
> On 17 May 2023, at 16:44, Daniel Stenberg via curl-library
> wrote:
> So: not an easy limit to toy around with.
I don't think we should raise this, there is no benefit to the vast majority of
users. Anyone who has an environment where they need this have the code
available to build a custom
> On 13 Dec 2023, at 22:53, Dan Fandrich via curl-library
> wrote:
>
> On Wed, Dec 13, 2023 at 09:49:07PM +, Dmitry Karpov via curl-library
> wrote:
>> I propose to add a simple check for the cookie file name length and call
>> fopen() only if it is greater than zero like:
>
> Sounds reas
> On 8 Mar 2024, at 10:56, Daniel Stenberg via curl-library
> wrote:
>
> On Fri, 8 Mar 2024, Dave Cottlehuber wrote:
>
>> I can't help imagine a lot of small software projects having conniptions if
>> they've spent 5 years using library X only to find out that it's not
>> supported in the fut
> On 21 Oct 2024, at 12:28, Daniel Stenberg via curl-library
> wrote:
> Is it time to start providing a .7z version of the releases?
Seems like an absolutely reasonable ask, the difference to .zip is pretty
substantial.
> If so, is it also perhaps time to retire maybe the tar.bz2 version (if w
> On 12 Jan 2025, at 17:57, Patrick Monnerat via curl-library
> wrote:
> On 1/12/25 5:47 PM, Daniel Stenberg via curl-library wrote:
>> Hey,
>>
>> Since the beginning we have always supported building curl without TLS
>> support. But is there actually anyone doing and using this?
> Yes: for OS/
> On 9 Feb 2025, at 19:55, Ryan Carsten Schmidt via curl-library
> wrote:
>> On Feb 9, 2025, at 08:42, Samuel Henrique wrote:
>> 2) Make the curl package depend on the wcurl package: Not strictly correct as
>> the rules for depending on a package are broken, curl does not have a
>> dependency on
> On 29 May 2025, at 14:00, Jeroen Ooms via curl-library
> wrote:
>
> Perhaps someone else finds this useful: I made some notes and files on
> how to build curl against the stock LibreSSL and nghttp2 included with
> MacOS. This way your curl build matches the configuration of the stock
> curl fr
> On 11 Jul 2025, at 12:10, Daniel Stenberg via curl-library
> wrote:
> On Fri, 11 Jul 2025, Timothe Litt via curl-library wrote:
>> bricking hardware by making it impossible to access them will not make you
>> any friends
>
> First, if this change would *brick* a device that would be enti
31 matches
Mail list logo
