curl / curl-for-win Goto Github PK
View Code? Open in Web Editor NEWReproducible curl binaries for Linux, macOS and Windows
Home Page: https://curl.se/windows/
License: MIT License
Reproducible curl binaries for Linux, macOS and Windows
Home Page: https://curl.se/windows/
License: MIT License
Hi,
Where can i download 'openssl-1.x.x-win64-mingw.zip', please? It's very import for me.
Thank you for signing the binary files - with the growing supply chain hacks this is increasingly important.
I wanted to point out something odd about the signing. For example, curl-7.65.3-win64-mingw\bin\libcurl-x64.dll. In the attached image you can see that Windows says the file's signature is not within the certificate validity period (which has just expired). Somehow Windows Explorer does show a valid signing date, but if you call WinVerifyTrust and look at the CRYPT_PROVIDER_DATA.sftVerifyAsOf parameter, it does seem to be empty. So WinVerifyTrust won't trust the signature on that file any more.
Perhaps you are purposely not signing with a timestamp to provide a reproducible build. Perhaps there is some other way to accomplish this while still having a signature that is valid beyond the certificate end date?
Hi, I'd like to download other version of curl, but found that the curl.se site seems don't have the resources.(e.g. https://curl.se/windows/dl-8.0.1_4/ shows 404 error)
Also, is there a way to obtain the debug version, if so, it would be nice.
I'm comparing the native Windows curl with the latest release from here and I see one thing missing, the Unicode
feature.
What is that exactly, and when is it needed?
curl 8.3.0 (x86_64-w64-mingw32) libcurl/8.3.0 OpenSSL/3.1.2 (Schannel) zlib/1.3 brotli/1.1.0 zstd/1.5.5 WinIDN libssh2/1.11.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0
Release-Date: 2023-09-13
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets zstd
#--------------------------------------------------------
curl 8.0.1 (Windows) libcurl/8.0.1 Schannel WinIDN
Release-Date: 2023-03-20
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe Unicode UnixSockets
Hi,
I'm trying to build txiki.js on debian 11 using the mingw distro toolchain, linked with https://curl.se/windows/latest.cgi?p=win64-mingw.zip (currently curl-7.86.0_2-win64-mingw.zip
), and couldn't quite figure out what I should link with.
First, is there some README file at the zip or elsewhere which instructs how to use libcurl at the zip? If there is one, hopefully it answers at least some of the subjects below.
I first tried linking with libcurl.dll.a
, which worked, and the resulting binary requires the curl dll (as expected). So that's a success.
I then wanted to instead link statically with libcurl.a
, and encountered several missing libcurl symbols. After some searches I realized I needed CURL_STATICLIB
defined, and I then used it successfuly.
Then it ended up with many (non-libcurl) missing symbols, but couldn't find which libs it depends on. I tried this list -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2
which appears at this repo README for the "Default build with OpenSSL and Schannel", but it failed with undefined reference to ngtcp2_crypto_openssl_configure_client_context
and few more.
I added -lngtcp2_crypto_openssl
which resolved this, but now I had a missing reference to zlibVersion
and inflate
and few more, so I moved -lz
at the list to the end:
-lcurl -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2 -lngtcp2_crypto_openssl -lz
It then failed with undefined references to __imp___sys_nerr
and __imp___sys_errlist
, so (after some more googling) I added -lucrtbase
to the list.
This seem to resolve all the undefined references, however, it then failed due to SHA1
defined multiple times, first at the txtki.js sources, and then at libcrypto.a
(libcrypto.a(libcrypto-lib-sha1_one.obj):sha1_one.c:(.text+0x70): multiple definition of 'SHA1'; <the original definition location>
).
I'll need to think what to do about it, maybe rename it at the txiki.js sources.
Seeing that the question of static linking has been asked more than once, and that the generic FAQ doesn't say much about it (docs/FAQ "2.1 configure fails when using static libraries"), I think it could help to have some info specific to this zip distribution about static linking. Specifically:
libcurl.a
inside this zip (shared is relatively simple).CFLAGS=-DCURL_STATICLIB
or some such which is needed for static linking (not sure if this is windows only?).libcurl.a
which embeds all the other static dependencies (similar to how the dll is linked statically with its deps), which could solve many issues (deps list, symbols which the project might not be expecting, etc).https
WILL fail because it defaults to OpenSSL but without a default ca bundle (embedded/at some path), unless one of the following happens (I think):
curl_easy_setopt(curl_h, CURLOPT_CAINFO, "curl-ca-bundle.crt");
and then put this file at the same dir as the binary (seems to work, but I couldn't find docs for the search dirs of CURLOPT_CAINFO if it's not an absolute path, and also not what to do about unicode paths - does it expect UTF-8?).curl-ca-bundle.crt
is used by curl.exe
at the zip, so I thought it could be a default name for libcurl at the zip as well), and fallback to schannel if it's missing?Hello,
Thanks for the maintaining this repository, it really helps as building libcurl from source on Windows is not entirely straightforward due to the number of dependencies.
I had a small question: today in the bin
directory, the executable curl.exe
and the DLL libcurl-x64.dll
do not have the executable bit set. As far as I know this bit could be set and stored in the archive (at least for ZIP) and it would make using the DLL (and the executable) a bit simpler under Cygwin.
Do you think this is something that could be done?
Thanks!
We use master everywhere in the org but this repo
Hey, would be nice to have a download link always pointing at the latest release for automated jobs. 7.79.1_4
just disappeared breaking some CI jobs for me. This isn't the first time this happens. I see from #11 that there was a way to do so but bintray seems to have been remove a while ago and I couldn't find anything on https://curl.se/windows that would point me to a latest binary.
Can this be added to WinGet
https://curl.se/windows/dl-7.84.0_6/openssl-3.0.5-win64-mingw.zip
and others openssl windows binary files are missing.
I am using Windows11 system and compiling libcurl on it. When running cmake it requires libssh2 and libpsl. I succesfully compiled libssh2 and imported it into cmake. But when compiling cmake I met a trouble. I tried all the ways to compile it in their offical documation but none of them succeeded. There is no articles online to introduce how to compile it on Windows. So when you were building libcurl on Windows, how did you solve this problem? And is there any libpsl binaries which has finished compiling and can be directly used? Thanks very much.
When I call curl -X POST 'https://....
I thought this library was SSL enabled.
Hello
commit 6318ab3 removed zstd support with this text:
zstd release 1.5.1 broke the build in multiple ways.
Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/41967466
Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/41968643
@Cyan4973 @felixhandte do you have an idea on the problem ?
I was very happy to see the windows build of curl comiled with zstd 1.5.0
When I try to send a query/post a message with non-latin symbols, it results to non-readable characters in received data. Checked with n8n, Apprise and HTTPDebugger.
Test command
curl.exe -X POST -d "title=Title&body=Body - ԱՅՈՑ ԱՅԲՈՒԲԵՆ" http://server/notify/service
Result
Windows Server 2016x64 Standard EN
Curl v. 8.1.1
Windows forks are most likely to install via a package manager or setup executable.
Many Windows users will be unsure where to put curl.exe from the zip file: app/roaming/or Windows/system 32, etc...
It would be nice to have instructions or a pointer to same in the readme or downloads page.
Thx!
The curl-cmake.sh and curl-autotool.sh currently both check for docs/curl.1
to make decisions.
Two things about this:
curl.1
file is no longer used as source for making the tool_hugehelp.c
file. It instead uses the curl.txt
ASCII version as source - but that is not shipped in the tarball.curl.1
file now lives as docs/cmdline-opts/curl.1
in the tarballReported by John Emmas on curl-library mailing list:
I revisited that web page and noticed it says that curl 7.75.0 is linked
statically to OpenSSL 1.1.1i, so I downloaded the 64-bit zip file -
BUT... when I run the Windows 'dumpbin' program it gives me this output:-
Dump of file libcurl-x64.dll
File Type: DLL
Image has the following dependencies:
libcrypto-1_1-x64.dll
libssl-1_1-x64.dll
ADVAPI32.dll
CRYPT32.dll
KERNEL32.dll
msvcrt.dll
Normaliz.dll
USER32.dll
WLDAP32.dll
WS2_32.dll
In other words, 'libcrypto-1_1-x64.dll' and 'libssl-1_1-x64.dll' are
both still needed - i.e. they're linked dynamically - not statically :-(
The zip file contains a file called 'libcurl'a' (which looks like it
might be a static lib) but if I try to link against it I get lots of
missing symbols.
Possibly related to #12. I will follow up with a reply explaining that the other libraries can be downloaded in the Specifications section of the download page, and OpenSSL is statically linked in the curl tool, not the library. Why is that though?
Hi,
I would like to ask you if you plan to release openssl 1.1.1q or s in zip format or you know where I can find it?
Unfortunately I'm not able to use openssl 3.0.X because it requires TLS 1.3 and my server doesn't support it.
On https://curl.se/windows/, the file https://curl.se/windows/dl-7.73.0_3/curl-7.73.0_3-win64-mingw.zip is listed with Size: 0.0 MB
While dependecies like openssl are compiled with -DUNICODE
, the actual curl library itself isn't. This means international domain names can't be used with these builds.
I downloaded the newest build from https://curl.se/windows/, and ran the exe. I received the following error: The procedure entry point AcquireSRWLockExclusive could not be located in the dynamic link library KERNEL32.dll. I suspect the latest version caused this.
curl-7.81.0-win32-mingw
Windows XP Professional Service Pack 3 (5.1.2600)
I see NTLM but i don't see any v2 flags.
curl 7.73.0
bintray url for latest version do not work for this url ->https://bintray.com/vszakats/generic/curl/_latestVersion
when i click this url i always expect zip file to be download. Default 64 bit but need to have a way to to form the url for both 32(https://dl.bintray.com/vszakats/generic/:curl-7.71.1-win32-mingw.zip) and 64 (https://dl.bintray.com/vszakats/generic/:curl-7.71.1-win64-mingw.zip)
Ask his because we have an automation script that needs to download latest version of curl everytime. So that's why I'm placing this requst. Can you help understand the right way to download latest zip via an automation script
[curl -V output]
Starting with Curl 7.84 an error message occurs in Windows XP, that it isn't a valid application. Also with newest curl-7.85.0_1-win32-mingw.zip
curl-7.83.1_2-win32-mingw.zip works.
Clang ThinLTO now work fine on Linux and MinGW, just add -flto=thin
, but there is currently an issue where executing strip with static libraries built with LTO may fail, which makes it impossible to build curl with LTO/CFI (-fsanitize=cfi
). Therefore, we should remove strip from the build script and strip only for curl executables or dynamic libraries.
Since LLVM 16: Support for mstorsjo/llvm-mingw#301 (-mguard=cf compile and link flags)
May need to migrate x86_64 build to llvm-mingw
Currently most dependencies are bound to configurations (big
, mini
etc).
I expected CW_CONFIG=main-win-gcc-x86-msvcrt-pico-osnotls-libressl
so work, but it doesn't ;)
osnotls
works, since it's a curl internal option, but libressl
doesn't drag in that library. The result of those two is a completely tls unaware curl.
This fixes the ssl selection for me, but other options have the same issue:
diff --git a/_dl.sh b/_dl.sh
index 124017f..1c104e8 100755
--- a/_dl.sh
+++ b/_dl.sh
@@ -718,25 +718,24 @@ if [[ "${_CONFIG}" = *'mbedtls'* ]]; then
_DEPS+=' mbedtls'
fi
-if [[ ! "${_CONFIG}" =~ (zero|bldtst) ]]; then
- if [ "${_OS}" = 'linux' ] || \
- [[ ! "${_CONFIG}" =~ (pico|nano|micro|mini|ostls) ]]; then
-
- if [[ "${_CONFIG}" = *'libressl'* ]]; then
- _DEPS+=' libressl'
- elif [[ "${_CONFIG}" = *'awslc'* ]]; then
- _DEPS+=' awslc'
- elif [[ "${_CONFIG}" = *'boringssl'* ]]; then
- _DEPS+=' boringssl'
- elif [[ "${_CONFIG}" = *'openssl'* ]]; then
- _DEPS+=' openssl'
- elif [[ "${_CONFIG}" = *'quictls'* ]]; then
- _DEPS+=' quictls'
- else
- _DEPS+=' libressl'
- fi
- need_cacert=1
- fi
+if [[ "${_CONFIG}" = *'libressl'* ]]; then
+ _DEPS+=' libressl'
+ need_cacert=1
+elif [[ "${_CONFIG}" = *'awslc'* ]]; then
+ _DEPS+=' awslc'
+ need_cacert=1
+elif [[ "${_CONFIG}" = *'boringssl'* ]]; then
+ _DEPS+=' boringssl'
+ need_cacert=1
+elif [[ "${_CONFIG}" = *'openssl'* ]]; then
+ _DEPS+=' openssl'
+ need_cacert=1
+elif [[ "${_CONFIG}" = *'quictls'* ]]; then
+ _DEPS+=' quictls'
+ need_cacert=1
+elif [[ ! "${_CONFIG}" =~ (zero|bldtst) ]]; then
+ _DEPS+=' libressl'
+ need_cacert=1
fi
if [[ ! "${_CONFIG}" =~ (zero|bldtst|pico|nano|micro) ]]; then
https://curl.haxx.se/windows/ says cUrl was statically linked to a bunch of libraries.
However if I try to use libcurl I still need the OpenSLL and the Zstd libraries.
Isn't it so that cUrl was statically linked to the other libraries but (only) dynamically to these two?
If so maybe make the download page more accurate to avoid confusion.
There is code to do so in this repo, but the binaries at https://curl.se/windows/ do not support PSL. Ref: https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.