reallocated.
A data length is stored within the reference for binary data handling
-purpose; it is not used by the bufref API.
+purposes; it is not used by the bufref API.
The `struct bufref` is used to hold data referencing a buffer. The members of
that structure **MUST NOT** be accessed or modified without using the dedicated
```
Releases the previously referenced buffer, then assigns the new `buffer` to
-the structure, associated with its `destructor` function. The later can be
+the structure, associated with its `destructor` function. The latter can be
specified as `NULL`: this will be the case when the referenced buffer is
static.
See all details at [https://hackerone.com/curl](https://hackerone.com/curl)
This bounty is relying on funds from sponsors. If you use curl professionally,
-consider help funding this! See
+consider helping fund this! See
[https://opencollective.com/curl](https://opencollective.com/curl) for
details.
# What happens if the bounty fund is drained?
The bounty fund depends on sponsors. If we pay out more bounties than we add,
-the fund will eventually drain. If that end up happening, we will simply not
+the fund will eventually drain. If that ends up happening, we will simply not
be able to pay out as high bounties as we would like and hope that we can
convince new sponsors to help us top up the fund again.
## What happens on first filing
When a new issue is posted in the issue tracker or on the mailing list, the
- team of developers first need to see the report. Maybe they took the day off,
+ team of developers first needs to see the report. Maybe they took the day off,
maybe they are off in the woods hunting. Have patience. Allow at least a few
days before expecting someone to have responded.
## Closing off stalled bugs
The [issue and pull request trackers](https://github.com/curl/curl) only
- holds "active" entries open (using a non-precise definition of what active
+ hold "active" entries open (using a non-precise definition of what active
actually is, but they are at least not completely dead). Those that are
abandoned or in other ways dormant will be closed and sometimes added to
`TODO` and `KNOWN_BUGS` instead.
## Command line options
-`-W[file]` skip that file and excludes it from being checked. Helpful
+`-W[file]` skip that file and exclude it from being checked. Helpful
when, for example, one of the files is generated.
`-D[dir]` directory name to prepend to file names when accessing them.
As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name
to [constrain the set of available ciphers as specified in the schannel
documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022).
-Note that the supported ciphers in this case follows the OS version, so if you
+Note that the supported ciphers in this case follow the OS version, so if you
are running an outdated OS you might still be supporting weak ciphers.
1.5 Who makes curl?
1.6 What do you get for making curl?
1.7 What about CURL from curl.com?
- 1.8 I have a problem who do I mail?
+ 1.8 I have a problem, who do I mail?
1.9 Where do I buy commercial support for curl?
1.10 How many are using curl?
1.11 Why do you not update ca-bundle.crt
- 1.12 I have a problem who can I chat with?
+ 1.12 I have a problem, who can I chat with?
1.13 curl's ECCN number?
1.14 How do I submit my patch?
1.15 How do I port libcurl to my OS?
We recognize that we will be living in parallel with curl.com and wish them
every success.
- 1.8 I have a problem whom do I mail?
+ 1.8 I have a problem, who do I mail?
Please do not mail any single individual unless you really need to. Keep
curl-related questions on a suitable mailing list. All available mailing
issue private while we investigate, confirm it, work and validate a fix and
agree on a time schedule for publication etc. That way we produce a fix in a
timely manner before the flaw is announced to the world, reducing the impact
- the problem risk having on existing users.
+ the problem risks having on existing users.
Security issues can also be taking to the curl security team by emailing
security at curl.se (closed list of receivers, mails are not disclosed).
Firefox (by running 'make ca-bundle), or by using our online service setup
for this purpose: https://curl.se/docs/caextract.html
- 1.12 I have a problem who can I chat with?
+ 1.12 I have a problem who, can I chat with?
There's a bunch of friendly people hanging out in the #curl channel on the
IRC network libera.chat. If you are polite and nice, chances are good that
4.5.4 "404 Not Found"
The server has not found anything matching the Request-URI. No indication
- is given of whether the condition is temporary or permanent.
+ is given as to whether the condition is temporary or permanent.
4.5.5 "405 Method Not Allowed"
To completely disable the certificate verification, use -k. This does
however enable man-in-the-middle attacks and makes the transfer INSECURE.
- We strongly advice against doing this for more than experiments.
+ We strongly advise against doing this for more than experiments.
If you get this failure with a CA cert bundle installed and used, the
server's certificate might not be signed by one of the CA's in your CA
dynamic import symbols. If you are using Visual Studio, you need to instead
add CURL_STATICLIB in the "Preprocessor Definitions" section.
- If you get linker error like "unknown symbol __imp__curl_easy_init ..." you
+ If you get a linker error like "unknown symbol __imp__curl_easy_init ..." you
have linked against the wrong (static) library. If you want to use the
libcurl.dll and import lib, you do not need any extra CFLAGS, but use one of
the import libraries below. These are the libraries produced by the various
the years with Daniel Stenberg as the driving force. It matches a standard
BDFL (Benevolent Dictator For Life) style project.
-This setup has been used due to convenience and the fact that is has worked
+This setup has been used due to convenience and the fact that it has worked
fine this far. It is not because someone thinks of it as a superior project
leadership model. It will also only continue working as long as Daniel manages
to listen in to what the project and the general user population wants and
for paying the curl security bug bounties, to reimburse project related
expenses etc.
-Donations to the project can also come in form of server hosting, providing
+Donations to the project can also come in the form of server hosting, providing
services and paying for people to work on curl related code etc. Usually, such
donations are services paid for directly by the sponsors.
We offer [guidelines](https://curl.se/dev/contribute.html) that are
suitable to be familiar with before you decide to contribute to curl. If
you are used to open source development, you will probably not find many
-surprises in there.
+surprises there.
35000 lines of code. Reported successful compiles on more than 40 combinations
of CPUs and operating systems.
-To estimate number of users of the curl tool or libcurl library is next to
+To estimate the number of users of the curl tool or libcurl library is next to
impossible. Around 5000 downloaded packages each week from the main site gives
a hint, but the packages are mirrored extensively, bundled with numerous OS
distributions and otherwise retrieved as part of other software.
notice. It needs to be enabled at build-time.
Further development and tweaking of the HTTP/3 support in curl will happen in
-in the master branch using pull-requests, just like ordinary changes.
+the master branch using pull-requests, just like ordinary changes.
# ngtcp2 version
This is not advice on how to run anything in production. This is for
development and experimenting.
-## Preqreqs
+## Prereqs
An existing local HTTP/1.1 server that hosts files. Preferably also a few huge
ones. You can easily create huge local files like `truncate -s=8G 8GB` - they
## Select TLS backend
-These options are provided to select TLS backend to use.
+These options are provided to select the TLS backend to use.
- AmiSSL: `--with-amissl`
- BearSSL: `--with-bearssl`
## Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds
In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack it is
-necessary to make definition of preprocessor symbol `USE_LWIPSOCK` visible to
-libcurl and curl compilation processes. To set this definition you have the
-following alternatives:
+necessary to make the definition of the preprocessor symbol `USE_LWIPSOCK`
+visible to libcurl and curl compilation processes. To set this definition you
+have the following alternatives:
- Modify `lib/config-win32.h` and `src/config-win32.h`
- Modify `winbuild/Makefile.vc`
make install
```
-In all above, the built libraries and executables can be found in `artifacts` folder.
+In all above, the built libraries and executables can be found in the
+`artifacts` folder.
# Android
Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All
conditionals that deal with features *should* instead be in the format
`#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows cannot run configure scripts,
- we maintain a `curl_config-win32.h` file in lib directory that is supposed to
- look exactly like a `curl_config.h` file would have looked like on a Windows
- machine.
+ we maintain a `curl_config-win32.h` file in the lib directory that is supposed
+ to look exactly like a `curl_config.h` file would have looked like on a
+ Windows machine.
Generally speaking: always remember that this will be compiled on dozens of
operating systems. Do not walk on the edge.
The protocol-specific functions of course deal with protocol-specific
negotiations and setup. When they are ready to start the actual file
transfer they call the `Curl_setup_transfer()` function (in
- `lib/transfer.c`) to setup the transfer and returns.
+ `lib/transfer.c`) to setup the transfer and return.
If this DO function fails and the connection is being re-used, libcurl will
then close this connection, setup a new connection and re-issue the DO
allocated but never freed and other kinds of errors related to resource
management.
- Internally, definition of preprocessor symbol `DEBUGBUILD` restricts code
+ Internally, definition of the preprocessor symbol `DEBUGBUILD` restricts code
which is only compiled for debug enabled builds. And symbol `CURLDEBUG` is
used to differentiate code which is _only_ used for memory
tracking/debugging.
A macro that converts a string containing a number to a `curl_off_t` number.
This might use the `curlx_strtoll()` function which is provided as source
code in strtoofft.c. Note that the function is only provided if no
- `strtoll()` (or equivalent) function exist on your platform. If `curl_off_t`
- is only a 32-bit number on your platform, this macro uses `strtol()`.
+ `strtoll()` (or equivalent) function exists on your platform. If
+ `curl_off_t` is only a 32-bit number on your platform, this macro uses
+ `strtol()`.
Future
------
curl_dbg_memdebug("dump");
```
- This will make the malloc debug system output a full trace of all resource
+ This will make the malloc debug system output a full trace of all resources
using functions to the given file name. Make sure you rebuild your program
and that you link with the same libcurl you built for this purpose as
described above.
A general idea in libcurl is to keep connections around in a connection
"cache" after they have been used in case they will be used again and then
- re-use an existing one instead of creating a new as it creates a significant
- performance boost.
+ re-use an existing one instead of creating a new one as it creates a
+ significant performance boost.
Each `connectdata` identifies a single physical connection to a server. If
the connection cannot be kept alive, the connection will be closed after use
this single struct and thus can be considered a single connection for most
internal concerns.
- The libcurl source code generally use the name `conn` for the variable that
+ The libcurl source code generally uses the name `conn` for the variable that
points to the connectdata.
<a name="Curl_multi"></a>
list when an individual `Curl_easy`'s transfer has completed.
`->hostcache` points to the name cache. It is a hash table for looking up
- name to IP. The nodes have a limited life time in there and this cache is
+ name to IP. The nodes have a limited lifetime in there and this cache is
meant to reduce the time for when the same name is wanted within a short
period of time.
`->closure_handle` is described in the `connectdata` section.
- The libcurl source code generally use the name `multi` for the variable that
+ The libcurl source code generally uses the name `multi` for the variable that
points to the `Curl_multi` struct.
<a name="Curl_handler"></a>
the DO action internally. If the DO is not enough and things need to be kept
getting done for the entire DO sequence to complete, `->doing` is then
usually also provided. Each protocol that needs to do multiple commands or
- similar for do/doing need to implement their own state machines (see SCP,
- SFTP, FTP). Some protocols (only FTP and only due to historical reasons) has
+ similar for do/doing needs to implement their own state machines (see SCP,
+ SFTP, FTP). Some protocols (only FTP and only due to historical reasons) have
a separate piece of the DO state called `DO_MORE`.
`->doing` keeps getting called while issuing the transfer request command(s)
limit which "direction" of socket actions that the main engine will
concern itself with.
- - `PROTOPT_NONETWORK` - a protocol that does not use network (read `file:`)
+ - `PROTOPT_NONETWORK` - a protocol that does not use the network (read
+ `file:`)
- `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default
one unless one is provided
9.3 Remote recursive folder creation with SFTP
On this servers, the curl fails to create directories on the remote server
- even when CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
+ even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
See https://github.com/curl/curl/issues/5204
When libcurl creates sockets with socketpair(), those are not "exposed" in
CURLOPT_OPENSOCKETFUNCTION and therefore might surprise and be unknown to
- applications that expects and wants all sockets known beforehand. One way to
+ applications that expect and want all sockets known beforehand. One way to
address this issue is to introduce a CURLOPT_OPENSOCKETPAIRFUNCTION callback.
https://github.com/curl/curl/issues/5747
Many mail programs and web archivers use information within mails to keep
them together as "threads", as collections of posts that discuss a certain
subject. If you do not intend to reply on the same or similar subject, do not
- just hit reply on an existing mail and change subject, create a new mail.
+ just hit reply on an existing mail and change the subject, create a new mail.
2.2 Reply to the List
Getting the solution posted also helps other users that experience the same
problem(s). They get to see (possibly in the web archives) that the
- suggested fixes actually has helped at least one person.
+ suggested fixes actually have helped at least one person.
## FTP and Path Names
Do note that when getting files with a `ftp://` URL, the given path is
-relative the directory you enter. To get the file `README` from your home
+relative to the directory you enter. To get the file `README` from your home
directory at your ftp site, do:
curl ftp://user:passwd@my.site.com/README
offer `ldap://` support. On Windows, curl will use WinLDAP from Platform SDK
by default.
-Default protocol version used by curl is LDAPv3. LDAPv2 will be used as
-fallback mechanism in case if LDAPv3 will fail to connect.
+Default protocol version used by curl is LDAPv3. LDAPv2 will be used as a
+fallback mechanism in case LDAPv3 fails to connect.
LDAP is a complex thing and writing an LDAP query is not an easy task. I do
advise you to dig up the syntax description for that elsewhere. One such place
curl -u user:passwd "ldap://ldap.frontec.se/o=frontec??sub?mail=*"
curl "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*"
-By default, if user and password provided, OpenLDAP/WinLDAP will use basic
+By default, if user and password are provided, OpenLDAP/WinLDAP will use basic
authentication. On Windows you can control this behavior by providing one of
`--basic`, `--ntlm` or `--digest` option in curl command line
protocols and it is the Internet transfer machine for the world.
In the curl project we love protocols and we love supporting many protocols
-and do it well.
+and doing it well.
So how do you proceed to add a new protocol and what are the requirements?
The typical process for handling a new security vulnerability is as follows.
No information should be made public about a vulnerability until it is
-formally announced at the end of this process. That means, for example that a
+formally announced at the end of this process. That means, for example, that a
bug tracker entry must NOT be created to track the issue since that will make
the issue public and it should not be discussed on any of the project's public
mailing lists. Also messages associated with any commits should not make any
should ideally contain the CVE number.
- The security team also decides on and delivers a monetary reward to the
- reporter as per the bug-bounty polices.
+ reporter as per the bug-bounty policies.
- No more than 10 days before release, inform
[distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros)
formal process. We basically only require that you have a long-term presence
in the curl project and you have shown an understanding for the project and
its way of working. You must have been around for a good while and you should
-have no plans in vanishing in the near future.
+have no plans of vanishing in the near future.
We do not make the list of participants public mostly because it tends to vary
somewhat over time and a list somewhere will only risk getting outdated.
ago.
There are several known reasons why a connection that involves SSL might
- fail. This is a document that attempts to details the most common ones and
+ fail. This is a document that attempts to detail the most common ones and
how to mitigate them.
## CA certs
operating system trusts, or the set one of the known browsers trust. That is
basically trust via someone else you trust. You should just be aware that
modern operating systems and browsers are setup to trust *hundreds* of
-companies and recent years several such CAs have been found untrustworthy.
+companies and in recent years several such CAs have been found untrustworthy.
Certificate Verification
------------------------
store. The default CA certificate store can be changed at compile time with
the following configure options:
- --with-ca-bundle=FILE: use the specified file as CA certificate store. CA
- certificates need to be concatenated in PEM format into this file.
+ --with-ca-bundle=FILE: use the specified file as the CA certificate store.
+ CA certificates need to be concatenated in PEM format into this file.
--with-ca-path=PATH: use the specified path as CA certificate store. CA
certificates need to be stored as individual PEM files in this directory.
## Figure Out What A POST Looks Like
- When you are about fill in a form and send to a server by using curl instead
- of a browser, you are of course interested in sending a POST exactly the way
- your browser does.
+ When you are about to fill in a form and send it to a server by using curl
+ instead of a browser, you are of course interested in sending a POST exactly
+ the way your browser does.
An easy way to get to see this, is to save the HTML page with the form on
your local disk, modify the 'method' to a GET, and press the submit button
## Other redirects
- Browser typically support at least two other ways of redirects that curl
+ Browsers typically support at least two other ways of redirects that curl
does not: first the html may contain a meta refresh tag that asks the browser
to load a specific URL after a set number of seconds, or it may use
javascript to do it.
security risk.
URLs for IMAP, POP3 and SMTP also support *login options* as part of the
-userinfo field. they are provided as a semicolon after the password and then
+userinfo field. They are provided as a semicolon after the password and then
the options.
## Hostname
FTP servers typically put the user in its "home directory" after login, which
then differs between users. To explicitly specify the root directory of an FTP
-server start the path with double slash `//` or `/%2f` (2F is the hexadecimal
+server, start the path with double slash `//` or `/%2f` (2F is the hexadecimal
value of the ascii code for the slash).
## FILE
projects / thirdparty / curl.git / commitdiff
