curl / curl-for-win Goto Github PK

Hi,
Where can i download 'openssl-1.x.x-win64-mingw.zip', please? It's very import for me.

Thank you for signing the binary files - with the growing supply chain hacks this is increasingly important.

I wanted to point out something odd about the signing. For example, curl-7.65.3-win64-mingw\bin\libcurl-x64.dll. In the attached image you can see that Windows says the file's signature is not within the certificate validity period (which has just expired). Somehow Windows Explorer does show a valid signing date, but if you call WinVerifyTrust and look at the CRYPT_PROVIDER_DATA.sftVerifyAsOf parameter, it does seem to be empty. So WinVerifyTrust won't trust the signature on that file any more.

Perhaps you are purposely not signing with a timestamp to provide a reproducible build. Perhaps there is some other way to accomplish this while still having a signature that is valid beyond the certificate end date?

Hi, I'd like to download other version of curl, but found that the curl.se site seems don't have the resources.(e.g. https://curl.se/windows/dl-8.0.1_4/ shows 404 error)

Also, is there a way to obtain the debug version, if so, it would be nice.

curl version: 7.77.0
Build: 7.77.0
Date: 2021-05-26
Changes: 7.77.0 changelog

I'm comparing the native Windows curl with the latest release from here and I see one thing missing, the Unicode feature.

What is that exactly, and when is it needed?

curl 8.3.0 (x86_64-w64-mingw32) libcurl/8.3.0 OpenSSL/3.1.2 (Schannel) zlib/1.3 brotli/1.1.0 zstd/1.5.5 WinIDN libssh2/1.11.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0
Release-Date: 2023-09-13
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets zstd

#--------------------------------------------------------

curl 8.0.1 (Windows) libcurl/8.0.1 Schannel WinIDN
Release-Date: 2023-03-20
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets

Hi,

I'm trying to build txiki.js on debian 11 using the mingw distro toolchain, linked with https://curl.se/windows/latest.cgi?p=win64-mingw.zip (currently curl-7.86.0_2-win64-mingw.zip), and couldn't quite figure out what I should link with.

First, is there some README file at the zip or elsewhere which instructs how to use libcurl at the zip? If there is one, hopefully it answers at least some of the subjects below.

I first tried linking with libcurl.dll.a, which worked, and the resulting binary requires the curl dll (as expected). So that's a success.

I then wanted to instead link statically with libcurl.a, and encountered several missing libcurl symbols. After some searches I realized I needed CURL_STATICLIB defined, and I then used it successfuly.

Then it ended up with many (non-libcurl) missing symbols, but couldn't find which libs it depends on. I tried this list -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2 which appears at this repo README for the "Default build with OpenSSL and Schannel", but it failed with undefined reference to ngtcp2_crypto_openssl_configure_client_context and few more.

I added -lngtcp2_crypto_openssl which resolved this, but now I had a missing reference to zlibVersion and inflate and few more, so I moved -lz at the list to the end:

-lcurl -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2 -lngtcp2_crypto_openssl -lz

It then failed with undefined references to __imp___sys_nerr and __imp___sys_errlist, so (after some more googling) I added -lucrtbase to the list.

This seem to resolve all the undefined references, however, it then failed due to SHA1 defined multiple times, first at the txtki.js sources, and then at libcrypto.a (libcrypto.a(libcrypto-lib-sha1_one.obj):sha1_one.c:(.text+0x70): multiple definition of 'SHA1'; <the original definition location>).

I'll need to think what to do about it, maybe rename it at the txiki.js sources.

Seeing that the question of static linking has been asked more than once, and that the generic FAQ doesn't say much about it (docs/FAQ "2.1 configure fails when using static libraries"), I think it could help to have some info specific to this zip distribution about static linking. Specifically:

• pkg-config file or some other up-to-date list of libraries to link with, especially for static linking with libcurl.a inside this zip (shared is relatively simple).
• Mention CFLAGS=-DCURL_STATICLIB or some such which is needed for static linking (not sure if this is windows only?).
• I think it's possible to create a libcurl.a which embeds all the other static dependencies (similar to how the dll is linked statically with its deps), which could solve many issues (deps list, symbols which the project might not be expecting, etc).
• Consider mentioning (regardless of static/shared) that unlike a typical linux/*nix setup, https WILL fail because it defaults to OpenSSL but without a default ca bundle (embedded/at some path), unless one of the following happens (I think):
  • Curl is initialized with a path to ca bundle, e.g. using curl_easy_setopt(curl_h, CURLOPT_CAINFO, "curl-ca-bundle.crt"); and then put this file at the same dir as the binary (seems to work, but I couldn't find docs for the search dirs of CURLOPT_CAINFO if it's not an absolute path, and also not what to do about unicode paths - does it expect UTF-8?).
  • Or switch to schannel at runtime (one liner could help, if it exists).
• Consider a default configuration where https works out of the box without specific runtime setup? I've read several discussions about it, and I think OpenSSL is recommended over schannel, but maybe try some fixed ca bundle file name (curl-ca-bundle.crt is used by curl.exe at the zip, so I thought it could be a default name for libcurl at the zip as well), and fallback to schannel if it's missing?

Hello,

Thanks for the maintaining this repository, it really helps as building libcurl from source on Windows is not entirely straightforward due to the number of dependencies.

I had a small question: today in the bin directory, the executable curl.exe and the DLL libcurl-x64.dll do not have the executable bit set. As far as I know this bit could be set and stored in the archive (at least for ZIP) and it would make using the DLL (and the executable) a bit simpler under Cygwin.

Do you think this is something that could be done?

Thanks!

We use master everywhere in the org but this repo

https://github.com/curl/curl-for-win/settings/branches

Hey, would be nice to have a download link always pointing at the latest release for automated jobs. 7.79.1_4 just disappeared breaking some CI jobs for me. This isn't the first time this happens. I see from #11 that there was a way to do so but bintray seems to have been remove a while ago and I couldn't find anything on https://curl.se/windows that would point me to a latest binary.

Can this be added to WinGet

https://curl.se/windows/dl-7.84.0_6/openssl-3.0.5-win64-mingw.zip

and others openssl windows binary files are missing.

I am using Windows11 system and compiling libcurl on it. When running cmake it requires libssh2 and libpsl. I succesfully compiled libssh2 and imported it into cmake. But when compiling cmake I met a trouble. I tried all the ways to compile it in their offical documation but none of them succeeded. There is no articles online to introduce how to compile it on Windows. So when you were building libcurl on Windows, how did you solve this problem? And is there any libpsl binaries which has finished compiling and can be directly used? Thanks very much.

When I call curl -X POST 'https://....

I thought this library was SSL enabled.

Hello

commit 6318ab3 removed zstd support with this text:

zstd release 1.5.1 broke the build in multiple ways.

Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/41967466
Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/41968643

@Cyan4973 @felixhandte do you have an idea on the problem ?

I was very happy to see the windows build of curl comiled with zstd 1.5.0

When I try to send a query/post a message with non-latin symbols, it results to non-readable characters in received data. Checked with n8n, Apprise and HTTPDebugger.

Test command

curl.exe -X POST -d "title=Title&body=Body - ԱՅՈՑ ԱՅԲՈՒԲԵՆ" http://server/notify/service

Result

Windows Server 2016x64 Standard EN
Curl v. 8.1.1

Windows forks are most likely to install via a package manager or setup executable.

Many Windows users will be unsure where to put curl.exe from the zip file: app/roaming/or Windows/system 32, etc...

It would be nice to have instructions or a pointer to same in the readme or downloads page.

Thx!

The curl-cmake.sh and curl-autotool.sh currently both check for docs/curl.1 to make decisions.

Two things about this:

1. The curl.1 file is no longer used as source for making the tool_hugehelp.c file. It instead uses the curl.txt ASCII version as source - but that is not shipped in the tarball.
2. The curl.1 file now lives as docs/cmdline-opts/curl.1 in the tarball

Reported by John Emmas on curl-library mailing list:

I revisited that web page and noticed it says that curl 7.75.0 is linked
statically to OpenSSL 1.1.1i, so I downloaded the 64-bit zip file -
BUT... when I run the Windows 'dumpbin' program it gives me this output:-

     Dump of file libcurl-x64.dll
     File Type: DLL

       Image has the following dependencies:
         libcrypto-1_1-x64.dll
         libssl-1_1-x64.dll
         ADVAPI32.dll
         CRYPT32.dll
         KERNEL32.dll
         msvcrt.dll
         Normaliz.dll
         USER32.dll
         WLDAP32.dll
         WS2_32.dll

In other words, 'libcrypto-1_1-x64.dll' and 'libssl-1_1-x64.dll' are
both still needed - i.e. they're linked dynamically - not statically :-(

The zip file contains a file called 'libcurl'a' (which looks like it
might be a static lib) but if I try to link against it I get lots of
missing symbols.

Possibly related to #12. I will follow up with a reply explaining that the other libraries can be downloaded in the Specifications section of the download page, and OpenSSL is statically linked in the curl tool, not the library. Why is that though?

I downloaded curl-7.87.0_1-win64-mingw.zip and the text files have LF instead of CRLF line endings and are not viewable in notepad. Here's a screenshot from a Windows 7 VM. (ignore the chinese text it's for a bug where I needed to switch locale)

Hi,
I would like to ask you if you plan to release openssl 1.1.1q or s in zip format or you know where I can find it?
Unfortunately I'm not able to use openssl 3.0.X because it requires TLS 1.3 and my server doesn't support it.

On https://curl.se/windows/, the file https://curl.se/windows/dl-7.73.0_3/curl-7.73.0_3-win64-mingw.zip is listed with Size: 0.0 MB

While dependecies like openssl are compiled with -DUNICODE, the actual curl library itself isn't. This means international domain names can't be used with these builds.

I did this

I downloaded the newest build from https://curl.se/windows/, and ran the exe. I received the following error: The procedure entry point AcquireSRWLockExclusive could not be located in the dynamic link library KERNEL32.dll. I suspect the latest version caused this.

curl/libcurl version

curl-7.81.0-win32-mingw

operating system

Windows XP Professional Service Pack 3 (5.1.2600)

I see NTLM but i don't see any v2 flags.
curl 7.73.0

I did this

bintray url for latest version do not work for this url ->https://bintray.com/vszakats/generic/curl/_latestVersion

I expected the following

when i click this url i always expect zip file to be download. Default 64 bit but need to have a way to to form the url for both 32(https://dl.bintray.com/vszakats/generic/:curl-7.71.1-win32-mingw.zip) and 64 (https://dl.bintray.com/vszakats/generic/:curl-7.71.1-win64-mingw.zip)

Ask his because we have an automation script that needs to download latest version of curl everytime. So that's why I'm placing this requst. Can you help understand the right way to download latest zip via an automation script

curl/libcurl version

[curl -V output]

operating system

Starting with Curl 7.84 an error message occurs in Windows XP, that it isn't a valid application. Also with newest curl-7.85.0_1-win32-mingw.zip
curl-7.83.1_2-win32-mingw.zip works.

Clang ThinLTO now work fine on Linux and MinGW, just add -flto=thin, but there is currently an issue where executing strip with static libraries built with LTO may fail, which makes it impossible to build curl with LTO/CFI (-fsanitize=cfi). Therefore, we should remove strip from the build script and strip only for curl executables or dynamic libraries.

Since LLVM 16: Support for mstorsjo/llvm-mingw#301 (-mguard=cf compile and link flags)

May need to migrate x86_64 build to llvm-mingw

Currently most dependencies are bound to configurations (big, mini etc).
I expected CW_CONFIG=main-win-gcc-x86-msvcrt-pico-osnotls-libressl so work, but it doesn't ;)
osnotls works, since it's a curl internal option, but libressl doesn't drag in that library. The result of those two is a completely tls unaware curl.

This fixes the ssl selection for me, but other options have the same issue:

diff --git a/_dl.sh b/_dl.sh
index 124017f..1c104e8 100755
--- a/_dl.sh
+++ b/_dl.sh
@@ -718,25 +718,24 @@ if [[ "${_CONFIG}" = *'mbedtls'* ]]; then
   _DEPS+=' mbedtls'
 fi
 
-if [[ ! "${_CONFIG}" =~ (zero|bldtst) ]]; then
-  if [ "${_OS}" = 'linux' ] || \
-     [[ ! "${_CONFIG}" =~ (pico|nano|micro|mini|ostls) ]]; then
-
-    if   [[ "${_CONFIG}" = *'libressl'* ]]; then
-      _DEPS+=' libressl'
-    elif [[ "${_CONFIG}" = *'awslc'* ]]; then
-      _DEPS+=' awslc'
-    elif [[ "${_CONFIG}" = *'boringssl'* ]]; then
-      _DEPS+=' boringssl'
-    elif [[ "${_CONFIG}" = *'openssl'* ]]; then
-      _DEPS+=' openssl'
-    elif [[ "${_CONFIG}" = *'quictls'* ]]; then
-      _DEPS+=' quictls'
-    else
-      _DEPS+=' libressl'
-    fi
-    need_cacert=1
-  fi
+if [[ "${_CONFIG}" = *'libressl'* ]]; then
+  _DEPS+=' libressl'
+  need_cacert=1
+elif [[ "${_CONFIG}" = *'awslc'* ]]; then
+  _DEPS+=' awslc'
+  need_cacert=1
+elif [[ "${_CONFIG}" = *'boringssl'* ]]; then
+  _DEPS+=' boringssl'
+  need_cacert=1
+elif [[ "${_CONFIG}" = *'openssl'* ]]; then
+  _DEPS+=' openssl'
+  need_cacert=1
+elif [[ "${_CONFIG}" = *'quictls'* ]]; then
+  _DEPS+=' quictls'
+  need_cacert=1
+elif [[ ! "${_CONFIG}" =~ (zero|bldtst) ]]; then
+  _DEPS+=' libressl'
+  need_cacert=1
 fi
 
 if [[ ! "${_CONFIG}" =~ (zero|bldtst|pico|nano|micro) ]]; then

https://curl.haxx.se/windows/ says cUrl was statically linked to a bunch of libraries.
However if I try to use libcurl I still need the OpenSLL and the Zstd libraries.
Isn't it so that cUrl was statically linked to the other libraries but (only) dynamically to these two?
If so maybe make the download page more accurate to avoid confusion.

There is code to do so in this repo, but the binaries at https://curl.se/windows/ do not support PSL. Ref: https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/