#cURL

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

47 minutes ago

os400sys: fix typo in comment (symetry -> symmetry) by crawfordxx · Pull Request #20923 · curl/curl Fix a simple typo in a comment: symetry should be symmetry. Closes #20815

Welcome crawfordxx as #curl commit author 1453: https://github.com/curl/curl/pull/20923

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

1 hour ago

One hundred curl graphs In the spring of 2020 I decided to finally do something about the lack of visualizations for how the curl project is performing, development wise. How does the line of code growth look like? How many command line options have we had over time and how many people have done more than 10 commits per year over time? I wanted to have something that visually would show me how the project is doing, from different angles, viewpoints and probes. In my mind it would be something like a complicated medical device monitoring a patient that a competent doctor could take a glance at and assess the state of the patient’s health and welfare. This patient is curl, and the doctors would be fellow developers like myself. GitHub offers some rudimentary graphs but I found (and still find) them far too limited. We also ran gitstats on the repository so there were _some_ basic graphs to get ideas from. ## Make it myself I did a look-around to see what existing frameworks and setups that existed that I should base this one, as I was convinced I would have to do quite some customizing myself. Nothing I saw was close enough to what I was looking for. I decided to make my own, at least for a start. I decided to generate static images for this, not add some JavaScript framework that I don’t know how to use to the website. Static daily images are excellent for both load speed and CDN caching. As we already deny running JavaScript on the site that saved me from having to work against that. SVG images are still vector based and should scale nicely. SVG is also a better format from a download size perspective, as PNG almost always generate much larger images for this kind of images. When this started, I imagined that it would be a small number of graphs mostly showing timelines with plots growing from lower left to upper right. It would turn out to be a little naive. ## gnuplot I knew some basics about gnuplot from before as I had seen images and graphs generated by others in the past. Since gitstats already used it I decided to just dive in deeper and use this. To learn it. gnuplot is a 40 year old (!) command line tool that can generate advanced graphs and data visualizations. It is a powerful tool, which also means that not everything is simple to understand and use at once, but there is almost nothing in terms of graphs, plots and curves that it cannot handle in one way or another. I happened to meet Lee Phillips online who graciously gave me a PDF version of his book aptly named _gnuplot_. That really helped! ## Produce data to feed gnuplot I decided that for every graph I want to generate, I first gather and format the data with one script, then render an image in a separate independent step using gnuplot. It made it easy to work on them in separate steps and also subsequently tune them individually and to make it easy to view the data behind every graph if I ever think there’s a problem in one etc. It took me about about two weeks of on and off working in the background to get a first set of graphs visualizing curl development status. I then created the glue scripting necessary to add a first _dashboard_ with the existing graphs to the curl website. Static HTML showing static SVG images. On March 20, 2020 the first version of the dashboard showed no less than twenty separate graphs. I refer to “a graph” as a separate image, possibly showing more than one plot/line/curve. That first dashboard version had twenty graphs using 23 individual plots. Since then, we display daily updated graphs there. ## The data All data used for populating the graphs is open and available, and I happily use whatever is available: * git repository (source, tags, etc) * GitHub issues * mailing list archives * curl vulnerability data * hackerone reports * historic details from the curl past Open and transparent as always. ## Then it grew Every once in a while since then I get to think of something else in the project, the code, development, the git history, community, emails etc that could be fun or interesting to visualize and I add a graph or two more to the dashboard. Six years after its creation, the initial twenty images have grown to one hundred graphs including almost 300 individual plots. Most of them show something relevant, while a few of them are in the more silly and fun category. It’s a mix. ## Graph 100 The 100th graph was added on March 15, 2026 when I brought back the “vulnerable releases” graph (appearing on the site on March 16 for the first time). It shows the number of known vulnerabilities each past release has. I removed it previously because it became unreadable, but in this new edition I made it only show the label for every 4th release which makes it slightly less crowded than otherwise. vulnerabilities in releases This day we also introduce a new 8-column display mode. ## Custom but available Many of the graphs are internal and curl specific of course. The scripts for this, and the entire dashboard, remain written specifically for curl and curl’s circumstances and data. They would need some massaging and tweaking in order to work for someone else. All the scripts are of course open and available for everyone. I used to also offer all the CSV files generated to render the graphs in an easy accessible form on the site, but this turned out to be work done for virtually no audience, so I removed that again. If you replace the .svg extension with .csv, you can still get most of the data – if you know. ## Data is knowledge The graphs and illustrations are not only silly and fun. They also help us see development from different angles and views, and they help us draw conclusions or at least try to. As an established and old project that makes an effort to do right, some of what we learn from this curl data might be possible to learn from and use even in other projects. Maybe even use as basis when we decide what to do next. I personally have used these graphs in countless blog posts, Mastodon threads and public curl presentations. They help communicate curl development progress. ## The jokes On Mastodon I keep joking about me being a _graphaholic_ and often when I have presented yet another graph added the collection, someone has asked the almost mandatory question: how about a graph over number of graphs on the dashboard? Early on I wrote up such a script as well, to immediately fulfill that request. On March 14 2026, I decided to add it it as a permanent graph on the dashboard. Graphs in the curl dashboard The next-level joke (although some would argue that this is not fun anymore) is then to ask me for a graph showing the number of graphs for graphs. As I aim to please, I have that as well. Although this is not on the dashboard: Number of graphs on the dashboard showing number of graphs on the dashboard ## More graphs I am certain I (we?) will add more graphs over time. If you have good ideas for what source code or development details we should and could illustrate, please let me know. ## Links The git repository: https://github.com/curl/stats/ Daily updated curl dashboard: https://curl.se/dashboard.html curl gitstats: https://curl.se/gitstats/

One hundred #curl graphs

daniel.haxx.se/blog/2026/03/15/one-hund...

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

2 hours ago

The graph showing number of graphs

Some of you will be glad to know that the #curl dashboard now features the "graphs in the dashboard" graph

https://curl.se/dashboard1.html#graphs-on-the-dashboard

wolfSSL Embedded SSL/TLS; FIPS 140-3

@wolfssl.com

19 hours ago

X9.146 QTLS Case Study with curl and nginx Learn how to deploy quantum-resistant TLS today using X9.146 hybrid certificates in real-world curl and nginx workflows. Watch now for a practical deep dive into post-quantum TLS implementation. With CNSA 2.0 and evolving NIST guidance, engineers are being asked to experiment, validate and prepare

🛠️ Practical guide to quantum-resistant TLS is here.
Hybrid ECC + post-quantum certs. X9.146 Chimera certificates. Real demos with #curl & nginx.
See how migrated & unmigrated systems coexist during the transition. 🔀

🎥 Watch now → youtu.be/20dpnrl7bV0...
#PQC #TLS #postquantum

Aircraft above Arth, SZ 🚁🛩️

@abovearth.bsky.social

21 hours ago

PlaneAlert ICAO: 5083A2 Tail: URCQD Flt: VKA902
Owner: VulkanAir
Aircraft: Antonov An-26 B
2026-03-14 15:39:10 CET
AN26 GotItWhereItCounts Budmo Curl
adsb planefence planealert by kx1t - link

PhreakByte the Octopus

@nieldk.infosec.exchange.ap.brid.gy

2 days ago

the repository name changed (because more architectures supported now) , but #cURL 8.19 is up for #SailfishOS
Arm: repo.sailfishos.org/obs/home:/nielnielsen/sa...
Aaarch64 […]

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

2 days ago

curl distro meeting 2026 We are doing another curl + distro online meeting this spring in what now has become an established annual tradition. A two-hour discussion, meeting, workshop for curl developers and curl distro maintainers. 2026 curl distro meeting details The objective for these meetings is simply to make curl better in distros. To make distros do better curl. To improve curl in all and every way we think we can, together. A part of this process is to get to see the names and faces of the people involved and to _grease the machine_ to improve cross-distro collaboration on curl related topics. Anyone who feels this is a subject they care about is welcome to join. We aim for the widest possible definition of _distro_ and we don’t attempt to define the term. The 2026 version of this meeting is planned to take place in the early evening European time, morning west coast US time. With the hope that it covers a large enough amount of curl interested people. The plan is to do this on **March 26** , and all the details, planning and discussion items are kept on the dedicated wiki page for the event. Please add your own discussion topics that you want to know or talk about, and if you feel inclined, add yourself as an intended participant. Feel free to help make this invite reach the proper people. See you on March 26!

In two weeks we run the #curl distro meeting. You are invited!

daniel.haxx.se/blog/2026/01/28/curl-dis...

Max Resing

@resingm.infosec.exchange.ap.brid.gy

2 days ago

Is there any reason, why `curl` lists an example in their `--header` section as follows:


curl -H "User-Agent: yes-please/2000" https://example.com


Is there someone a #Jazz fan, or is it some other kind of a pun? 🤔

#foss #OpenSource #curl #manpage #unix

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

2 days ago

chicken nuget Background: nuget.org is a Microsoft owned and run service that allows users to package software and upload it to nuget so that other users can download it. It is targeted for .Net developers but there is really no filter in what you can offer through their service. Three years ago I reported on how nuget was hosting and providing ancient, outdated and insecure curl packages. Random people download a curl tarball, build curl and then upload it to nuget, and nuget then offers those curl builds to the world – forever. To properly celebrate the three year anniversary of that blog post, I went back to nuget.org, entered _curl_ into the search bar and took a look at the results. I immediately found at least _seven_ different packages where people were providing severely outdated curl versions. The most popular of those, rmt_curl, reports that it has been downloaded almost 100,000 times over the years and is still downloaded almost 1,000 times/week the last few weeks. _It is still happening_. The packages I reported three years ago are gone, but now there is a new set of equally bad ones. No lessons learned. rmt_curl claims to provide curl 7.51.0, a version we shipped in November 2016. Right now it has 64 known vulnerabilities and we have done more than 9,000 documented bugfixes since then. No one in their right mind should ever download or use this version. Conclusion: the state of nuget is just as sad now as it was three years ago and this triggered another _someone is wrong on the internet_ moments for me. I felt I should do my duty and tell them. Again. Surely they will act this time! Surely they think of the security of their users? ## Trusting randos The entire nuget concept is setup and destined to end up like this: random users on the internet put something together, upload it to nuget and then the rest of the world downloads and uses those things – trusting that whatever the description says is accurate and well-meaning. Maybe there are some additional security scans done in the background, but I don’t see how anyone can _know_ that they don’t contain any backdoors, trojans or other nasty deliberate attacks. And whatever has been uploaded once seems to then be offered in perpetuity. ## I reported this again Like three years ago I listed a bunch of severely outdated curl packages in my report. nuget says I can email them a report, but that just sent me a bounce back saying they don’t accept email reports anymore. (Sigh, and yes I reported _that_ as a separate issue.) I was instead pointed over to the generic Microsoft security reporting page where there is not even any drop-down selection to use for “nuget” so I picked “.NET” instead when I submitted my report. ## “This is not a Microsoft problem” Almost identically to three years ago, my report was closed within less than 48 hours. It’s not a nuget problem they say. _Thank you again for submitting this report to the Microsoft Security Response Center (MSRC)._ _After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft’s bar for immediate servicing. None of these packages are Microsoft owned, you will need to reach out directly to the owners to get patched versions published. Developers are responsible for removing their own packages or updating the dependencies._ In other words: they don’t think it’s nuget’s responsibility to keep the packages they host, secure and safe for their users. I should instead report these things individually to every outdated package provider, who if they cared, would have removed or updated these packages many years ago already. Also, that would imply a never-ending wack-a-mole game for me since people obviously keep doing this. I think I have better things to do in my life. ## Outdated efforts In the cases I reported, the packages seem to be of the kind that once had the attention and energy by someone who kept them up-to-date with the curl releases for a while and then they stopped and since then the packages on nuget has just collected dust and gone stale. Still, apparently users keep finding and downloading them, even if maybe not at terribly high numbers. Thousands of fooled users per week is thousands too many. ## How to address The uploading users are perfectly allowed to do this, legally, and nuget is perfectly allowed to host these packages as per the curl license. I don’t have a definite answer to what exactly nuget should do to address this problem once and for all, but as long as they allow packages uploaded nine years ago to still get downloaded today, it seems they are asking for this. _They contribute and aid users getting tricked into downloading and using insecure software_ , and they are indifferent to it. A rare few applications that were uploaded nine years ago might actually still be okay but those are _extremely_ rare exceptions. ## Conclusion The last time I reported this nuget problem nothing happened on the issue until I tweeted about it. This time around, a well-known Microsoft developer (who shall remain nameless here) saw my Mastodon post about this topic when mirrored over to Bluesky and pushed for the case internally – but not even that helped. The nuget management thinks this is okay. If I were into puns I would probably call them _chicken nuget_ for their unwillingness to fix this. Maybe just closing our eyes and pretending it doesn’t exist will just make it go away? Absolutely no one should use nuget.

chicken nuget

Insecure #curl packages hosted by Microsoft. They think it's fine.

https://daniel.haxx.se/blog/2026/03/12/chicken-nuget/

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

3 days ago

vulnerability age in curl

CVE-2026-3784 beat a new #curl record. This flaw existed in curl source code for 24.97 years before it was discovered.

Illustrated in the slightly hard-to-read graph below. The average age of a curl vulnerability when reported is eight years.

https://curl.se/docs/CVE-2026-3784.html

Michael Moore

@mbmoore.bsky.social

3 days ago

Throwback to 5 years ago with Vixen. #curl #calalily

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

4 days ago

Clear the sockaddr_in6 structure before use by vlmarek · Pull Request #20885 · curl/curl On Solaris this was causing intermittent issues when the private structure member __sin6_src_id had unexpectedly some value. connect(2) would then fail with EADDRNOTAVAIL. This patch was used on So...

Welcome Vladimír Marek as #curl commit author 1452: https://github.com/curl/curl/pull/20885

James Ed Randson :opensuse: :fedora: :linux: :ubuntu:

@jimedrand.waltuh.cyou.ap.brid.gy

4 days ago

To avoid confuse, download it and change the extension from .xz to .tar.xz and extract it. Or, you can use one of those command below to download (for Linux user).

```sh
#wget
wget -O pyongyang_racer_sources.tar.xz " […]

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

4 days ago

curlhacker - Twitch I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.

The live-streamed video presentation about this #curl release starts in less than two hours at https://www.twitch.tv/curlhacker

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

4 days ago

curl 8.19.0 Release presentation Welcome to the curlhacker stream at 10:00 CET (09:00 UTC) today March 11, 2026 for a live-streamed presentation of curl 8.19.0. The changes, the security fixes and some bugfixes. ## Numbers the 273rd release 8 changes 63 days (total: 10,712) 264 bugfixes (total: 13,640) 538 commits (total: 38,024) 0 new public libcurl function (total: 100) 0 new curl_easy_setopt() option (total: 308) 0 new curl command line option (total: 273) 77 contributors, 48 new (total: 3,619) 37 authors, 21 new (total: 1,451) 4 security fixes (total: 180) ## Security We stopped the bug-bounty but it has not stopped people from finding vulnerabilities in curl. * CVE-2026-1965: bad reuse of HTTP Negotiate connection * CVE-2026-3783: token leak with redirect and netrc * CVE-2026-3784: wrong proxy connection reuse with credentials * CVE-2026-3805: use after free in SMB connection reuse ## Changes * We stopped the bug-bounty. It’s worth repeating, even if it was no code change. * The cmake build got a `CURL_BUILD_EVERYTHING` option * Initial support for MQTTS was merged * curl now supports fractions for –limit-rate and –max-filesize * curl’s -J option now uses the redirect name as a backup * we no longer support OpenSSL-QUIC * on Windows, curl can now get built to use the native CA store by default * the minimum Windows version curl supports is now Vista (up from XP) ## Pending removals The following upcoming changes might be worth noticing. See the deprecate documentation for details. * NTLM support becomes opt-in * RTMP support is getting dropped * SMB support becomes opt-in * Support for c-ares versions before 1.16 goes away * Support for CMake 3.17 and earlier gets dropped * TLS-SRP support will be removed ## Next We plan to ship the next curl release on April 29. See you then!

Welcome to #curl 8.19.0

https://daniel.haxx.se/blog/2026/03/11/curl-8-19-0/

8 changes, 4 vulnerabilities and 264 bugs fixed. Enjoy!

(The 4 new CVEs are explained in follow-up toots.)

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

4 days ago

Code style Banned functions Complexity checks Human reviews Review bots No binary blobs No confusables Document everything Many tests Cl like crazy All the picky compiler options and -Werror Valgrind and sanitizers Static code analyzers Fuzzing (in Cl and non-stop) Cl jobs never “write back" Reproducible releases Signed releases, commits, tags code audits 2fa for all committers

Ahead of tomorrows release of four new #curl CVEs I want you to know: we do our very best to secure curl every step of the way. Security is hard.

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

4 days ago

The end of the release cycle is really the peak. When a full cycle's worth of work and efforts are combined into a fresh tarball that is sent out into the cold harsh real world with the ideal outcome that everything just keeps on working exactly like before, ideally a little better.

The night […]

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

5 days ago

curlhacker - Twitch I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.

All details about the new #curl release will be live-streamed as usual, at 09:00 UTC (10:00 CET) tomorrow.

https://www.twitch.tv/curlhacker

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

5 days ago

24 hours to #curl release

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

5 days ago

shows one (single) package that depends on the curl repository

An amusing and telling picture that shows how dependency tracking for #curl and libcurl does not work at all, is to check out GitHub's view of all repositories that depend on curl.

I mean, there are quite a few repositories on there, so the number could be high.

Or it could be... one.

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

5 days ago

10K curl downloads per year The Linux Foundation, the organization that we want to love but that so often makes that a hard bargain, has created something they call “Insights” where they gather lots of metrics on Open Source project. I held back so I never blogged and taunted OpenSSF for their scorecard attempts that were always lame and misguided. This Insights thing looks like their next attempt to “grade” and “rate” Open Source. It is so flawed and full of questionable details that I decided there is no point in me listing them all in a blog post – it would just be too long and boring. Instead I will just focus on a single metric. The one that made me laugh out load when I saw it. ## Package downloads They claim curl was downloaded 10,467 times the last year. (source) Number of curl downloads the last 365 days according to Linux Foundation What does “a download” mean? They refer to statistics from ecosyste.ms, which is an awesome site and service, but it has absolutely no idea about curl downloads. How often is curl “downloaded”? curl release tarballs are downloaded from curl.se at a rate of roughly 250,000 / month. curl images are currently pulled from docker at a rate of around 400,000 – 700,000 / day. curl is pulled from quay.com at roughly the same rate. curl’s git repository is cloned roughly 32,000 times / day curl is installed from Linux and BSD distributions at an unknown rate. curl, in the form of libcurl, is bundled in countless applications, games, devices, cars, TVs, printers and services, and we cannot even guess how often it is downloaded as such an embedded component. curl is installed by default on every Windows and macOS system since many years back. But no, 10,467 they say.

10K #curl downloads per year

daniel.haxx.se/blog/2026/03/09/10k-curl...

linux

@linux.activitypub.awakari.com.ap.brid.gy

5 days ago

10K curl downloads per year The Linux Foundation, the organization that we want to love but that so often makes that a hard bargain, has created something they call “Insights” where they gather...

#cURL #and #libcurl

Origin | Interest | Match

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

5 days ago

Curl curl-curl Repository Package downloads | LFX Insights Explore Curl curl-curl popularity with data on stars, forks, watchers, and adoption across the open source ecosystem.

#curl was download 10,467 times last year according to Linux Foundation

😂

insights.linuxfoundation.org/project/curl/repository/...

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

5 days ago

Curl curl-curl Repository Security | LFX Insights Check Curl curl-curl security and best practices, including vulnerabilities, dependencies, licensing, and governance compliance.

#curl is at 60% quality accordingly

insights.linuxfoundation.org/project/curl/repository/...

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

6 days ago

Fix: memory leak in `auth_create_digest_http_message()` in `lib/vauth/digest.c` by huanghuihui0904 · Pull Request #20862 · curl/curl Bug description While reviewing auth_create_digest_http_message() in lib/vauth/digest.c, I noticed an error path that may leak the heap-allocated buffer hashthis. hashthis is allocated here (line 8...

Welcome huanghuihui0904 as #curl commit author 1450: https://github.com/curl/curl/pull/20862

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

6 days ago

http2 in curl While the first traces of http2 support in curl was added already back in September 2013 it hasn’t been until recently it actually was made useful. There’s been a lot of http2 related activities in the curl team recently and in the late January 2014 we could run our first command line inter-op tests against public http2 (draft-09) servers on the Internet. There’s a lot to be said about http2 for those not into its nitty gritty details, but I’ll focus on the curl side of this universe in this blog post. I’ll do separate posts and presentations on http2 “internals” later. ## A quick http2 overview http2 (without the minor version, as per what the IETF work group has decided on) is a binary protocol that allows many logical streams multiplexed over the same physical TCP connection, it features compressed headers in both directions and it has stream priorities and more. It is being designed to maintain the user concepts and paradigms from HTTP 1.1 so web sites don’t have to change contents and web authors won’t need to relearn a lot. The web **will not break** because of http2, it will just magically work a little better, a little smoother and a little faster. In libcurl we build http2 support with the help of the excellent library called nghttp2, which takes care of all the binary protocol details for us. You’ll also have to build it with a new enough version of the SSL library of your choice, as http2 over TLS will require use of some fairly recent TLS extensions that not many older releases have and several TLS libraries still completely lack! The need for an extension is because with speaking TLS over port 443 which HTTPS implies, the current and former web infrastructure assumes that we will speak HTTP 1.1 over that, while we now want to be able to instead say we want to talk http2. When Google introduced SPDY then pushed for a new extension called NPN to do this, which when taken through the standardization in IETF has been forked, changed and renamed to ALPN with roughly the same characteristics (I don’t know the specific internals so I’ll stick to how they appear from the outside). So, NPN and especially ALPN are fairly recent TLS extensions so you need a modern enough SSL library to get that support. OpenSSL and NSS both support NPN _and_ ALPN with a recent enough version, while GnuTLS only supports ALPN. You can build libcurl to use any of these threes libraries to get it to talk http2 over TLS. ## http2 using libcurl (This still describes what’s in curl’s git repository, the first release to have this level of http2 support is the upcoming 7.36.0 release.) Users of libcurl who want to enable http2 support will only have to set CURLOPT_HTTP_VERSION to CURL_HTTP_VERSION_2_0 and that’s it. It will make libcurl try to use http2 for the HTTP requests you do with that handle. For HTTP URLs, this will make libcurl send a normal HTTP 1.1 request with an offer to the server to upgrade the connection to version 2 instead. If it does, libcurl will continue using http2 **in the clear** on the connection and if it doesn’t, it’ll continue using HTTP 1.1 on it. This mode is what Firefox and Chrome will not support. For HTTPS URLs, libcurl will use NPN and ALPN as explained above and offer to speak http2 and if the server supports it. there will be http2 sweetness from than point onwards. Or it selects HTTP 1.1 and then that’s what will be used. The latter is also what will be picked if the server doesn’t support ALPN and NPN. Alt-Svc and ALTSVC are new things planned to show up in time for http2 draft-11 so we haven’t really thought through how to best support them and provide their features in the libcurl API. Suggestions (and patches!) are of course welcome! ## http2 with curl Hardly surprising, the curl command line tool also has this power. You use the –http2 command line option to switch on the libcurl behavior as described above. ## Translated into old-style To reduce transition pains and problems and to work with the rest of the world to the highest possible degree, libcurl will (decompress and) translate received http2 headers into http 1.1 style headers so that applications and users will get a stream of headers that look very much the way you’re used to and it will produce an initial response line that says HTTP 2.0 blabla. ## Building (lib)curl to support http2 See the README.http2 file in the lib/ directory. ## This is still a draft version of http2! I just want to make this perfectly clear: http2 is not out “for real” yet. We have tried our http2 support somewhat at the draft-09 level and Tatsuhiro has worked on the draft-10 support in nghttp2. I expect there to be at least one more draft, but perhaps even more, before http2 becomes an official RFC. We hope to be able to stay on the frontier of http2 and deliver support for the most recent draft going forward. PS. If you try any of this and experience any sort of problems, please speak to us on the curl-library mailing list and help us smoothen out whatever problem you got!

Today we celebrate functional HTTP/2 support in #curl turning twelve years old: https://daniel.haxx.se/blog/2014/03/09/http2-in-curl/

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

6 days ago

On this Wednesday, March 11, we will ship the 273rd #curl release ever. We call it curl 8.19.0.

It contains over 250 bugfixes, done by the help from over 75 contributors during the 63 days since the previous release.

We will also announce at least four CVEs in sync with this.

Amusingly, the […]

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

6 days ago

We can say with some certainty already now that dropping the bounty has not stopped people from reporting #curl security problems.

𐑛𐑦𐑕𐑣𐑸𐑥𐑩𐑯𐑦 | dɪsˈhɑːmənɪ | 異議の元素 :pegasus:

@lumiere.bs.ltgc.cc

6 days ago

So the version of cURL distributed on Termuz disabled ECH support for whatever reason. Bloody awesome when you want to rely on readily-available tools for tests.

#curl #Termux

daniel:// stenberg://

@bagder.mastodon.social.ap.brid.gy

1 week ago

docs: rewrite uses of 'Quite' by dbalsom · Pull Request #20841 · curl/curl 'Quite' is a vague qualifier that adds little context. It should be reserved for muttering your agreement with the local Vicar over afternoon tea. No AI was used to generate this PR.

Welcome dbalsom as #curl commit author 1449: https://github.com/curl/curl/pull/20841