On Mon, 13 Aug 2018, Jan Ehrhardt via curl-library wrote:
Daniel Stenberg (Thu, 9 Aug 2018 16:55:38 +0200 (CEST)):
-#define UPLOAD_BUFSIZE CURL_MAX_WRITE_SIZE
+#define UPLOAD_BUFSIZE (512*1024)
@Daniel Stenberg: is there a reason that is stopping you from changing this
in curl?
Yes. (Pretty
On Tue, 14 Aug 2018, Jan Ehrhardt wrote:
my tests indicated that increasing this value also influenced the FTP upload
speeds. From 10 to 5 seconds on XP in Daniel Jelinski's testcurl uploads.
And down to less than a second on Win 7 and Win 10.
Right. So yes, there's certainly a valid reason t
On Mon, 13 Aug 2018, Dan Fandrich via curl-library wrote:
I'm not sure I see the difference between these two approaches. Can you
show them with some example URLs?
For example, + and ! are reserved characters in RFC 3986 but unreserved in
RFC 2326 (RTSP), so a generic canonicalization might r
On Tue, 14 Aug 2018, Jan Ehrhardt via curl-library wrote:
I did not test if there is a difference on *nix. Did you?
Here are the results my tests run just now.
Using Linux kernel 4.17. Upload 4GB over plain HTTP to Apache 2.4.34 on
localhost - so really 0 RTT.
I ran "time curl -sT 4GB loca
On Tue, 14 Aug 2018, Jan Ehrhardt via curl-library wrote:
Thanks for the stats. It indicates that my choice for 320 KB in the iOS app
(using sftp) is quite good.
I would like us to...
1. Change to alloc-on-demand for this buffer. It is used for a few non-upload
things, but it only needs to b
On Wed, 15 Aug 2018, myLC--- via curl-library wrote:
Just upfront: you make it sound like my request for being able to get all
associated IPs is a bizarre idea. I feel the need to state that many
libraries have this implemented naturally for a good reason (a: it doesn't
cost anything + b: in s
On Thu, 16 Aug 2018, Alisha Joshi via curl-library wrote:
If I use CURLOPT_RESOLVE, it is expected that I also have to do DNS
resolution in my application and get the IP before calling CURLOPT_RESOLVE,
right?
It is expected that you pass on the IP address to use. How you find that
address wi
On Thu, 16 Aug 2018, Lessandro Mariano via curl-library wrote:
Also are any risks associated with using CURLOPT_RESOLVE to set Server
Name?
There are unintended consequences, for instance if you configure a proxy
curl will attempt to create a tunnel connection to the server name instead
of
On Tue, 14 Aug 2018, Daniel Stenberg via curl-library wrote:
I would like us to...
To make sure we keep track of this, I filed a bug:
https://github.com/curl/curl/issues/2888
--
/ daniel.haxx.se
---
Unsubscribe: https
On Tue, 14 Aug 2018, Daniel Stenberg via curl-library wrote:
Update!
I would like us to...
1. Change to alloc-on-demand for this buffer. It is used for a few non-upload
things, but it only needs to be this big for actual uploads, and most
transfers are not. That'll save (almost) 16K
On Sat, 18 Aug 2018, Daniel Jeliński via curl-library wrote:
I don't believe encryption is to blame here, at least not on curl side. I
was able to upload 40 MB/s over https on plain 7.60 with 4MB socket buffer.
Encryption takes more CPU or hardware to get the job done so if you're CPU
bound a
On Sat, 18 Aug 2018, Daniel Stenberg via curl-library wrote:
uploading to localhost means this test both encrypts and decrypts on the
same CPU.
Oops. This might not be accurate actually, since I have 4 (multi-threaded)
cores they probably did that on different cores
Hi,
Just a FYI
1. I ran sed script on the security advisory web pages on the curl web site
and now all published previous security vulnerabilities are published with the
CVE number in the URL and there's no longer any private ID used there. For
example: https://curl.haxx.se/docs/CVE-2016-8615
On Mon, 20 Aug 2018, Daniel Stenberg via curl-library wrote:
3. There's but one curl vulnerability that still doesn't have a valid CVE. I
cheated a bit and called it CVE-2003- for now:
https://curl.haxx.se/docs/CVE-2003-.html
I have applied for an official ID for this, b
Hi,
This patch-only release cycle has made us queue up more pending changes than I
think we've ever done before.
With the intent to bring attention to what we are working on and plan to merge
into git after the 7.61.1 release, here follows a list of pull-requests
scheduled for inclusion.
I
On Wed, 22 Aug 2018, Brad Spencer via curl-library wrote:
So overall, this is pretty unfortunate. Perhaps someone familiar with
setting up OpenSSL BIO chains than might be able to tweak how cURL drives
OpenSSL to use buffered reading (and writing?) here.
Yeah, that would be a good idea. I wo
On Thu, 23 Aug 2018, Ihor Karpenko via curl-library wrote:
Please find proposed fix in attached patch file.
I made a PR out of it for you: https://github.com/curl/curl/pull/2909
(also edited slightly to fix the checksrc complaints)
--
/ daniel.haxx.se
--
Hey
In November 2012 we added asiohiper.cpp to the docs/examples directory.
Since then we've had a previous bug report on that example, and since March we
have #2407 [1] filed saying that it causes exceptions on Windows 7.
Clearly nobody who knows anything about asio has stepped up to try to
On Thu, 23 Aug 2018, Daniel Stenberg via curl-library wrote:
I made a PR out of it for you: https://github.com/curl/curl/pull/2909
Landed as commit 6b6c2b8d57a6 just now. Thanks!
--
/ daniel.haxx.se
---
Unsubscribe: https
Hi!
Users on windows no longer have to visit any "random" site on the Internet and
to download curl binaries for their platform.
I'm happy to say that thanks to Viktor Szakats' great work we can now offer
up-to-date Windows curl binaries directly on the curl site:
https://curl.haxx.se/win
FYI,
After we introduced the official curl builds for Windows[1], I proceeded and
slightly refreshed the look of the download page[2]. Here's what I've changed
so far:
- I introduced a "prio" field which allowed me to sort packages within a
specific OS version, and using that I made the off
On Wed, 29 Aug 2018, Stefan Eissing via curl-library wrote:
In Tests I'd like to make a curl command line requests that should only
succeed for HTTP/2. Is that possible? '--no-http1.1' does not seem to have
an effect. Or maybe I am holding it wrong?
We don't really have any logic to make it f
On Thu, 30 Aug 2018, Syberichs Stefan (ETAS/ERS-CON) via curl-library wrote:
I have a question which is related to (possibly ?) different behaviour
between some libcurl versions that we have discovered, I am still trying to
understand the background.
Without you telling us exactly what option
On Fri, 31 Aug 2018, Syberichs Stefan (ETAS/ERS-CON) wrote:
- We publish a boundary signature in the header before the payload transmission
You make your own multipart? Sure, that's not a problem.
- the transmission should end when the boundary signature is found in the
next body (after the
On Mon, 3 Sep 2018, Philipp Hagemeister via curl-library wrote:
/usr/bin/ld: curl-tool_getparam.o: in function `getparameter':
tool_getparam.c:(.text+0x2f2f): undefined reference to `Curl_base64_decode'
I can now reproduce the problem, but I'm not sure how I did manage to build
a working vers
On Mon, 3 Sep 2018, Owen via curl-library wrote:
Did anyone meet the same issue before or use curl in VBA successfully for
ftps? Am I miss any steps?
I guess there just isn't that many VBA people around on this mailing list to
help you out. You might need to go search for them elsewhere.
--
On Mon, 3 Sep 2018, Philipp Hagemeister wrote:
My best course of action is then to split off the base64 decoding into its
own C file, and then expose that via curlx, right? I'll try that and update
the PR.
Right, that should be doable.
My immediate use case is that my (platform-indendent) p
Hey,
The curl_easy_setopt() option CURLOPT_DNS_USE_GLOBAL_CACHE has been marked as
"obsolete" in the public header and the documentation for many years already.
This is how I suggest we proceed with this going forward:
1. Starting in 7.62.0 this option is deprecated. It will no longer work an
Hello friends!
I'm happy to announce that we've yet again managed to produce and ship a new
curl release. This is curl 7.61.1. Get it, as always, from:
https://curl.haxx.se/
Curl and libcurl 7.61.1
Public curl releases: 176
Command line options: 218
curl_easy_setopt() op
NTLM password overflow via integer overflow
===
Project curl Security Advisory, September 5th 2018 -
[Permalink](https://curl.haxx.se/docs/CVE-2018-14618.html)
VULNERABILITY
-
libcurl contains a buffer overrun in the NTLM authentication code.
On Wed, 5 Sep 2018, Dennis Clarke via curl-library wrote:
So that is fine .. that 1119 is just a pita.
What does it complain on this time?
--
/ daniel.haxx.se
---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Eti
On Wed, 5 Sep 2018, Dennis Clarke wrote:
What does it complain on this time?
Same thing for the last year or so. I will have to go digging but it isn't
of any *real* significance.
AFAIR, the previous error was someting that actually was an error and
something we fix since... or perhaps I'm
On Thu, 6 Sep 2018, Thomas Glanzmann via curl-library wrote:
SEC_E_APPLICATION_PROTOCOL_MISMATCH was introduced in
5a3efb1dba509b269953ff684f61e682fec14bf5.
Thanks!
Probably another mingw thing (this did after all build green in the CI
builds). Are the SEC_E_ values #defines in the headers s
On Thu, 6 Sep 2018, Thomas Glanzmann wrote:
here is my patch based on what I found here[1] and Daniels comment. On the
other hand we could just throw it out because it ends up in the default case
anyway.
Agreed. It removes the need for #ifdefs and makes smaller code!
I posted PR with this pa
On Fri, 7 Sep 2018, Juan Isoza via curl-library wrote:
But curl build for windows with openssl need a --insecure parameters or a
custom certificate file.
Never opt for --insecure in production!
What about using the Windows certificate store ?
I think it would be great to offer ability that
On Thu, 2 Aug 2018, Daniel Stenberg wrote:
https://github.com/curl/curl/wiki/URL-API
FYI: this has now landed in git. Take it for a spin and let us know how it
works out for you!
--
/ daniel.haxx.se
---
Unsubscribe: https://
On Sun, 9 Sep 2018, Gilles Vollant via curl-library wrote:
Exellent start. Thanks!
- Is the #if defined(HAVE_WINDOWS_H) test good to decide include
Wincrypt.h and this code? Or another macro?
The typical way would be:
#ifdef HAVE_WINCRYPT_H
#include
#endif
... and make sure HAV
On Mon, 10 Sep 2018, 金威 via curl-library wrote:
I want to ask that is the command 'statvfs' can only be used on Linux system?
Sending statvfs as a QUOTE command when connected over SFTP has nothing Linux
specific in it. It only requires that the SFTP server supports it properly.
--
/ dani
On Wed, 12 Sep 2018, Nicolás Bagnasco via curl-library wrote:
Hi, I am using libCurl's multi interface with boost::asio and I noticed that
on high latency connections (200 ms or more) libCurl manages to open the
connection, but it does not send any data, so the server never replies back.
If y
On Tue, 11 Sep 2018, Gilles Vollant via curl-library wrote:
Note : Openssl 1.1.1 with TLS 1.3 has been released. So having a Windows
executable of curl.exe which use it and Windows store without specifying
option can be great !!
That's going to be challenging I think. At least for users of th
On Wed, 12 Sep 2018, Nicolás Bagnasco wrote:
Sadly I am the maintainer of an old app which is not mine, and some parts of
the networking code that handles http connections uses the same code from
the asiohiper example.
It reminds us of the importance to make sure the examples are correct and
On Thu, 13 Sep 2018, Juan Isoza wrote:
Juste que the Windows ca store if we don’t find any other store
By example anyone which copy curl.exe without any other (.pem...) file
Then I can tell you what will happen next.
Users will appear who want to first make a request using the PEM file and t
On Thu, 13 Sep 2018, Hölzl, Dominik via curl-library wrote:
It would be great if handling client certificate callbacks would work on all
platforms out oft he box
Sure, just let me point out that this thread is about which CA store to use
for checking the server certificate against. Client cer
On Thu, 13 Sep 2018, Colin Ngam via curl-library wrote:
Doc says libcurl usings http_proxy if set. I did a simple test and it is
ignored.
My test says differently:
$ http_proxy=f: curl localhost -v
* Rebuilt URL to: localhost/
* Uses proxy env variable http_proxy == 'f:'
* Cou
On Thu, 13 Sep 2018, Colin Ngam wrote:
Yes, you are right. The curl command works but if I write a test program
using libcurl, libcurl does not automatically look for the variable. See
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html
Those verbose lines my test shows comes from the library.
On Thu, 13 Sep 2018, Nicolás Bagnasco wrote:
I downloaded and tested both examples hiperfifo and ephiperfifo to see
if there are differences in the way they handle the CURL_POLL_OUT
event and I found that both examples suffers from the same problem as
well.
Here's what I tried:
1. current lib
On Fri, 14 Sep 2018, Alexei Potashnik via curl-library wrote:
call chain from multi_done context, that can potentially block multi
threads, that are meant to be non-blocking?
It has also been reported and is discussed in this issue:
https://github.com/curl/curl/issues/2975
... it's a litt
On Sun, 16 Sep 2018, hatef madani via curl-library wrote:
I also attached my source and it's only working with nghttp2.org server but
no other servers like http2-push.io
Ok, let's take a step back.
Does the unmodified http2-serverpush example work on the other sites? If not,
what happens and
On Sun, 16 Sep 2018, hatef madani wrote:
Yes, it does. It works nicely and it's saving pushes in files. I want it in
memory to send to send to other modules of my program.
To me, it seems like the push logic works (which makes it save the pushed file
correctly) and it's just your code that is
On Mon, 17 Sep 2018, hatef madani wrote:
The main difference I can find between my code and yours is the way we used
Memory Structure. I tried to pass it to server push callback as user pointer
and you set it in a global variable. But I'm not sure this can be the reason
for the error.
No, th
Hi!
The URL parser in libcurl accepts URLs without a scheme, the "text://" part of
URLs.
If no scheme is specified, libcurl guesses which scheme that was intended
based on some basic hueristics and if nothing matches it falls back to plain
old "http://";.
In this day and age of growing HTT
On Wed, 19 Sep 2018, James Fuller via curl-library wrote:
the bnf in https://tools.ietf.org/html/rfc1738 describes scheme as
:
is libcurl consistent in normalising :// after any defined/supported schemes
? specifically wondering if the heuristics first check with file:// if no
scheme i
Hi team,
We're now live on https://bountygraph.com/programs/curl for a bug bounty
program for security related issues. Report your findings or help sponsor
others' findings.
--
/ daniel.haxx.se
---
Unsubscribe: https://cool.hax
On Fri, 21 Sep 2018, Vipin P R via curl-library wrote:
When I set the Max connections to 3, and enable HTTP/2 with the multi
interface, I still see that all requests are being pipelined on the very
first connection.
When libcurl is about to start a new transfer there are several factors
invo
On Fri, 21 Sep 2018, myLC--- via curl-library wrote:
This is not installed on many systems. I managed to build
curl anyhow, by simple changing two lines:
cmake_minimum_required(VERSION 3.4 FATAL_ERROR)
=> cmake_minimum_required(VERSION 3.2 FATAL_ERROR)
I'm not familiar with the specifics, but
On Fri, 21 Sep 2018, Vipin P R via curl-library wrote:
Thanks for the above info. Is there some way to control the
distribution of requests per connection, other than using separate multi
handles each set to use 1 connection at max.
I mean is there some way this can be accomplished using l
On Fri, 21 Sep 2018, myLC--- via curl-library wrote:
Many people are still running Ubuntu 14 LTS or similar "stable
releases" (especially in the server area). They will run into
problems, because of those two lines. Not all of them will be
able/bother to fix it.
Not exactly what we're talking
On Thu, 20 Sep 2018, Daniel Stenberg via curl-library wrote:
We're now live on https://bountygraph.com/programs/curl for a bug bounty
program for security related issues. Report your findings or help sponsor
others' findings.
... after having been publicly announced for just a
On Mon, 24 Sep 2018, Kuan-Sheng Chen via curl-library wrote:
I'm doing this is by making sure that libcurl has finished it's http
tunneling with the proxy, so if there's an error after that, I would make it
a server error, and vice versa.
Tunneling you say, so you're doing a CONNECT through a
On Tue, 25 Sep 2018, Kuan-Sheng Chen wrote:
2. Isn't a "server error" then the response code to that CONNECT request?
I've did multiple experiments like server's DNS name is wrong, or like
the proxy is down and timeout. It seems that neither http response code nor
curl error code is a reliabl
On Tue, 25 Sep 2018, Kuan-Sheng Chen wrote:
Please elaborate. How is it expensive?
The most intuitive one I would say is the overhead of print.
VERBOSE does not imply print with the callback. You get the data in the
callback, so you're totally in control of what is printed or not. If you d
On Tue, 25 Sep 2018, acorn12 via curl-library wrote:
Looking through the error codes fro libcurl, I cannot find any way to ensure
that the error code I am intending to return from the callbacks will not
conflict with any other libcurl error code.
CURLE_ABORTED_BY_CALLBACK ?
If that's not goo
On Wed, 26 Sep 2018, 金威 via curl-library wrote:
I want to download the entire directory on SFTP server. The server is in
windows platform. How can I do it? Examples will be thankful.
libcurl has no automatic feature for that.
1. Get the contents of the remote directory
2. Figure out all
On Fri, 28 Sep 2018, 韩凯 via curl-library wrote:
I don't think it's reasonable that set expire time by poll_interval in
Curl_resolver_is_resolved().
Then I think you should elaborate on what exactly is bad with it and perhaps
provide an alternative solution? (I think it makes sense!)
--
/
Hi
I think it might help us to attract more security researchers if we spell out
exactly how much money we intend to pay as rewards for potential finds -
especially now when have gotten pledges for a notable sum to use for this.
Here's a proposal from me.
While also reserving our rights to a
On Fri, 28 Sep 2018, Daniel Stenberg via curl-library wrote:
I think it might help us to attract more security researchers if we spell
out exactly how much money we intend to pay as rewards for potential finds -
especially now when have gotten pledges for a notable sum to use for this.
Here&#
On Thu, 27 Sep 2018, 金威 via curl-library wrote:
My sftp server is built in windows, and I want to get full lists of
directory on this server. If my server is in Linux , it’s easy. However, I
don’t know how to do it in windows. If I use FTP, I can use the command
‘MLSD’, but sftp don’t have
Hey friends,
If you've been with us for a while, you know the drill.
On this Wednesday, October 3rd, the feature window closes for this time. There
will be no more changes/features merged for the 7.62.0 release after that day.
If you have a new feature you'd like to get merged for this release
Hi!
This is just a small request and reminder that if you can, we will appreciate
if you get and try out a recent daily snapshot of curl in your application or
environment as an extra precaution to verify that we haven't broken anything
significantly!
7.62.0 has an unusual amount of new feat
On Mon, 1 Oct 2018, Daniel Gustafsson via curl-library wrote:
I was poking a little at parallelizing the test suite in order to try and
shave some time off the total runtime. But before sinking time into that I
wanted to ask if there are/have been any other attempts at this? Has anyone
hacke
On Mon, 1 Oct 2018, Rod Widdowson via curl-library wrote:
This is just a small request and reminder that if you can, we will appreciate
if you get and try out a recent daily snapshot of curl in your application or
environment as an extra precaution to verify that we haven't broken anything
signi
On Mon, 1 Oct 2018, Kamil Dudka wrote:
If you do, please keep the possibility to run at least some basic sequential
test-suite in environments where containers are not available. I think such
restriction is currently common for many build services.
Agreed. In many cases it will make sense to
On Wed, 3 Oct 2018, Samuel Hurst via curl-library wrote:
I could wait until the end of a transfer, use CURLINFO_RESPONSE_CODE but
then I've received many MB of data when I only wanted a few kB.
You *can* actually use CURLINFO_RESPONSE_CODE or CURLINFO_HTTP_CONNECTCODE as
soon as libcurl has r
On Wed, 3 Oct 2018, Shoba Venkat via curl-library wrote:
When using curl client (curl.exe), I am able to get the SSLKEYLOGFILE.
Since the entire handling of this is done in libcurl and you're using the same
libcurl I suppose your application/setup is then somehow preventing this? I
think it
On Wed, 3 Oct 2018, Alex Crichton via curl-library wrote:
Hello! We've run into an issue [1] in rust-lang/cargo's usage of curl where
timeouts are triggering when the filesystem is quite slow. I believe the
cause for this is that we have a multi socket interface and whenever a
transfer finishe
On Wed, 3 Oct 2018, Rory McCarthy via curl-library wrote:
I set something like the following for the request:-
curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, 1L);
curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, 1L);
I also added some debug logging via CURLOPT_DEBUGFUNCTION and
CURLOPT_PR
On Thu, 4 Oct 2018, Christian Schmitz via curl-library wrote:
I rebuild curl-7.61.1 with openssl 1.1.1 and got this error now:
SSL: couldn't create a context: error::lib(0):func(0):reason(0)
Anyone else run into this?
I've not seen this reported for this situation specifically, and q
On Fri, 5 Oct 2018, Rory McCarthy wrote:
Looking at the debug output, all the data transfers in less than a second at
a transfer speed in the 100's MB/s. It then stalls completely while waiting
for a response for 6-7 seconds before timing out. Subsequent retries are
able to complete in a reaso
On Fri, 5 Oct 2018, surya chandrika via curl-library wrote:
We have a usecase within program which uses gnu encrypt decrypt function,
and it reports leaks.
So i was searching a bit about gnu and found this link, where it states gnu
used along curl can also leak
https://github.com/curl/curl/i
On Fri, 5 Oct 2018, surya chandrika via curl-library wrote:
curl 7.29.0 (x86_64-redhat-linux-gnu)
7.29.0 command line tool...
libcurl/7.43.0 NSS/3.19.1 Basic ECC
with a 7.43.0 libcurl! That's a funky mix!
Also in point 2: program is still using gnutls but backtrace shows openssl.
I didno
On Fri, 5 Oct 2018, surya chandrika via curl-library wrote:
If i want to switch to open ssl how can i confirm that curl now uses open
ssl instead of gnutls. Is there any easy approach.
"curl -V" shows you "OpenSSL/..." somewhere in the first line.
--
/ daniel.haxx.se
---
On Wed, 3 Oct 2018, Samuel Hurst wrote:
So in my particular case, would you suggest getting CURLINFO_RESPONSE_CODE in
the first call to write_callback?
Yes. Because once the first byte arrives, the headers have all been parsed
already and CURLINFO_RESPONSE_CODE *should* be non-zero...
I'm g
Hi friends!
I'm happy to announce that curl up 2019 will take place in Prague, the Czech
Republic the last weekend of March.
When: March 29-31, 2019
Where: Prague, Czech Republic
Venue: Charles University
Symposium on the future of HTTP
We're firing off this curl up with talks on the
Hi team,
tl;dr: A number of core committers propose that curl joins an umbrella
organization (SFC) and that we setup a "steering committee" to primarily be in
charge of project money decisions.
The full proposal is attached as a PDF and can be read online on the link
below:
https://docs.go
On Fri, 12 Oct 2018, Francisco Sedano Crippa (fsedanoc) via curl-library wrote:
I'm also impacted by this issue - Does anybody have any objection if we
submit a PR to fix the timer issue Bernd is mentioning?
We absolutely appreciate fixes to bugs!
This said, I don't grasp how the stopped/remo
On Mon, 15 Oct 2018, Eran Ben Horin via curl-library wrote:
Please don't top-post:
https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
The infos are a print of the CURLINFO_TEXT (it seems to just close the
connection after the handshake):
So you're getting all that without ever getting
On Mon, 15 Oct 2018, Frank Gevaerts via curl-library wrote:
Maybe some autotools change?
Definitely a change there. I downloaded the 7.60.0 release source, which
works. Running buildconf breaks it. Based on versions in generated files,
autoconf is 2.69 everywhere, automake was 1.15.1 in 7.60
Hey,
The four major browsers (Firefox, Chrome, Edge and Safari) have all
coordinated the deprecation of TLS 1.0 and 1.1 (see [1] for technial details).
To be removed in March 2020, so still quite a long time away I think.
I don't think this is a reason enough for us to act in any particular w
On Tue, 16 Oct 2018, Ray Satiro via curl-library wrote:
Starting in 2019 I would like to change those configurations to use OpenSSL
1.1.1 and change the related OpenSSL build script to same. This would not
affect the upcoming release, but would the release after that.
Sounds great! Thanks for
On Wed, 17 Oct 2018, Jörg Schmitz-Linneweber via curl-library wrote:
I'm just wondering how or better _if_ the above mentioned flaw in libssh (or
libssh2) affects curl.
In my opinion it should not have any impact since curl needs libssh "only"
for (transfer) protocols SCP and SFTP and the fla
On Wed, 17 Oct 2018, Gabriel Zachmann wrote:
This, plus zeroing buffers is really hard.
I understand that this is not quite easy. However, while we won't find an
optimal solution, I think we can do better. Zeroing memory might not succeed
in all cases and there might be still some parts left
On Fri, 19 Oct 2018, Duane Ellis via curl-library wrote:
I want to report a problem and a work around for LIBCURL on Ubuntu 18 -
The problem is outlined and detailed here:
https://github.com/GitTools/GitVersion/issues/1508
The there is breakage between "apt-get install libcurl3" - and "apt-ge
On Fri, 19 Oct 2018, Gabriel Zachmann wrote:
memory before the pointer it returns.
I attached some code that should be capable of doing so.
If clearing the memory just before free is all that's necessary, I suppose an
alternative option is to link in a malloc replacement that does exactly th
On Mon, 22 Oct 2018, Gabriel Zachmann via curl-library wrote:
Actually would be possible to allow an application to supply an
allocator and deallocator callbacks to libcurl via an option?
Sure. I don't know why I forgot about that option. I like that way and think
that's the way to go.
curl
On Tue, 23 Oct 2018, IoT Home via curl-library wrote:
I believe the software installed is not using the OS libraries. Instead,
it's using its own libcurl files which are part of the product lib
directory.
Then compile this code snippet, link with the library and run:
#include
#include
int
On Tue, 23 Oct 2018, IoT Home wrote:
CLIENT libcurl 7.50.3
CLIENT libcurl 7.50.3
CLIENT libcurl 7.50.3
libcurl/7.50.3
Is it safe to assume it was built based on 7.50.3 version?
Yes, I would say so. The "libcurl/7.50.3" string is probably the one from
lib/version.c
https://github.com/curl/c
On Tue, 23 Oct 2018, Basuke Suzuki via curl-library wrote:
We need to distinguish these four cases from CURLE_PEER_FAILED_VERIFICATION.
So we want to fix this by extending the api. There are three options we can
take and want to hear your opinion.
...
4) Use CURLINFO_SSL_VERIFYRESULT.
Beca
On Tue, 23 Oct 2018, Martin Galvan via curl-library wrote:
I read the documentation for CURLOPT_CERTINFO and noticed that it's not
supported for WinSSL-based builds. Are there plans to implement this any
time soon?
I've not heard from anyone working on this. Feel free to join in and help us
On Thu, 25 Oct 2018, Swamy J-S via curl-library wrote:
As this CURL option is not supported in gnuTLS am getting CURLE_NOT_BUILT_IN
error.
Is there any alternate option available for "CURLOPT_SSL_CTX_FUNCTION" in
gnuTLS ? If not available how to proceed ??
For GnuTLS backend users, you simp
On Thu, 25 Oct 2018, Swamy J-S via curl-library wrote:
Can I know other alternate options available for same functionality as
CURLOPT_SSL_CTX_FUNCTION in gnuTLS??
There is none, and I don't think we should have a different one to provide the
same functionality.
The correct solution is to ac
1 - 100 of 1266 matches
Mail list logo
