News
Your view on libcurl security
As I posted to the curl-library list, I’d be happy to get some feedback from libcurl-users on the security aspects of our project, and how you think we deal with security and how you deal with security in ways related to libcurl.
curl and libcurl 7.19.0
With almost 40 described bug fixes curl and libcurl 7.19.0 come flying with a range of new things, including the following:
curl_off_t gets its size/typedef somewhat differently than before. This may cause an ABI change for you. See
Getting cacerts for your tools
As the primary curl author, I’m finding the comments here interesting. That blog entry “Teaching wget About Root Certificates” is about how you can get cacerts for wget by downloading them from curl’s web site, and people quickly point out how getting cacerts from an untrusted third party place of course is an ideal situation [...]
FTP vs HTTP, really!
Since I’m doing my share of both FTP and HTTP hacking in the curl project, I quite often see and sometimes get the questions about what the actual differences are between FTP and HTTP, which is the “best” and isn’t it so that … is the faster one?
FTP vs HTTP is my attempt at a [...]
The hack will still be useful
Okay, in my recent blog entry about Flash 10 using native libcurl I got a bit side-tracked and mentioned something about distros confusing libcurl’s soname 3 and 4. This caused some comments in that post and some further activities behind the curtains, so let me spell out exactly what I mean:
The ABI for libcurl did [...]
CA cert bundle from Firefox
It could be interesting to note that extracting all the cacerts from your local Firefox installation isn’t that tricky, if you just use some of the magic that are at hand with the NSS certutil tool.
Users of OpenSSL or GnuTLS based tools or libraries (such as libcurl) might be pleased to learn this.
curl users in [...]
Site deadness
When I got to work this morning I immediately noticed that one of the servers that host a lot of services for open source projects I tend to play around with (curl, Rockbox and more), had died. It responded to pings but didn’t allow my usual login via ssh. It also hosts this blog.
I called [...]
Flash 10 uses native libcurl
In Adobe’s Penguin.SWF blog, we can learn some details about the upcoming version 10 of the Adobe flash player for Linux:
They’ll rely on more libraries to be present in the system rather than provide them all by themselves in their own install. This apparently includes libcurl.
So if you get the RPM of the pre-release player, [...]
Projects in need of your help
I’m involved in numerous projects, and a subset of them take a lot of my “copious” spare time. This has the unfortunate downside that a few other projects get left behind a bit. Projects that also really could use with some more attention and improvements. Two of the most obvious examples of this are c-ares [...]
Two fellow curl hackers
During many years I was really and truly the primary and almost single developer of curl and libcurl. Sure we’ve always got a steady stream of quality patches by contributors but I was the single guy who cared for the whole picture and who took on greater work to advance the project.
This is no longer [...]