- We provide binary packages in
.zip
and.tar.xz
formats, signed with PGP key:002C 1689 65BA C220 2118 408B 4ED8 5DF9 BB3D 0DE8
- Standalone
curl.exe
andlibcurl.dll
. Vista with Universal CRT required. - Binary packages also contain all static libraries for curl and its dependencies.
- curl/libcurl have HTTP/3 and HTTP/2 support enabled. Detailed feature list below.
- Transparent builds, using open source code, and running them in public, with auditable logs.
- Build environment is
mingw-w64
via Debian, Homebrew, MSYS2.llvm-mingw
for ARM64. C compiler is LLVM/Clang. - Binaries cross-built and published from Linux
via AppVeyor CI. Using reproducible OS image
debian:testing-slim
via Docker. - Binaries have supported hardening options enabled.
- Binaries are using SEH, except x86, which uses DWARF.
- We verify components using SHA-256 hashes and PGP signatures where provided.
- Generated binaries are reproducible, meaning they produce the same hash given the same input sources and C compiler.
- Patching policy: No locally maintained patches. We apply patches locally if already merged upstream or — if necessary for a successful build — had them submitted upstream with fair confidence of getting accepted.
- We plan to switch the default TLS backend to BoringSSL. This fixes a long-standing vulnerability. It also makes binaries 30% smaller. Downsides are no API/ABI guaranties, pthread dependence and missing TLS-SRP support.
- You can look up the correct distro hashes in lines starting with
SHA
in the build log. - Packages created across host platforms do not have identical hashes.
The reason for this is slightly different build options and toolchain
builds/versions. Except
llvm-mingw
builds, which are reproducible across build hosts. ARM64 and all BoringSSL builds are like that by default. - We code sign with a self-signed certificate, and intentionally not use trusted timestamps for reproducibility.
Default build with OpenSSL (QUIC fork), and Schannel runtime-selectable option:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe TLS-SRP UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lwldap32 -lnghttp2 -lssh2 -lgsasl -lbcrypt -lssl -lcrypto -lidn2 -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2
Alternate configurations with different footprints:
"big":
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM PSL SPNEGO SSL SSPI threadsafe UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lidn2 -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2 -lpsl -liconv -lunistring
"boringssl":
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lidn2 -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2
"noh3", HTTP/2:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe TLS-SRP UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lwldap32 -lnghttp2 -lssh2 -lgsasl -lbcrypt -lssl -lcrypto -lidn2 -lbrotlidec -lbrotlicommon -lzstd
"mini", Schannel, with OS-provided IDN support:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS gsasl HSTS HTTP2 IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe UnixSockets
Libs: -lcurl -lz -lcrypt32 -lwldap32 -lnghttp2 -lssh2 -lgsasl -lbcrypt
"micro", without libssh2 and libgsasl:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTP2 IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe UnixSockets
Libs: -lcurl -lz -lcrypt32 -lwldap32 -lnghttp2
"nano", HTTP/1.1:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HSTS IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe UnixSockets
Libs: -lcurl -lz -lcrypt32 -lwldap32
"pico", HTTP/1.1-only:
Protocols: http https
Features: AsynchDNS HSTS IPv6 Largefile libz SSL SSPI threadsafe UnixSockets
Libs: -lcurl -lz -lcrypt32
- Latest version:
https://curl.se/windows/ - Specific versions, back to 7.80.0:
https://curl.se/windows/dl-<curl-version>[_<build-number>]/
Examples:
https://curl.se/windows/dl-7.80.0/
https://curl.se/windows/dl-7.83.1_2/
https://ci.appveyor.com/project/curlorg/curl-for-win/history
THIS SOFTWARE (INCLUDING RESULTING BINARIES) IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Information in this document is subject to change without notice and does not represent or imply any future commitment by the participants of the project.
This document © 2014–present Viktor Szakats