Skip to content

curl/curl-for-win

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,393 Commits
.appveyor.yml
.appveyor.yml
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE.md
LICENSE.md
 
 
MIT.svg
MIT.svg
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
_build.sh
_build.sh
 
 
_bumper.sh
_bumper.sh
 
 
_ci-linux-debian.sh
_ci-linux-debian.sh
 
 
_ci-mac-homebrew.sh
_ci-mac-homebrew.sh
 
 
_ci-win-msys2.sh
_ci-win-msys2.sh
 
 
_dl.sh
_dl.sh
 
 
_libclean.sh
_libclean.sh
 
 
_peclean.py
_peclean.py
 
 
_pkg.sh
_pkg.sh
 
 
_sign-code.sh
_sign-code.sh
 
 
_sign-pkg.sh
_sign-pkg.sh
 
 
_ul-askpass.sh
_ul-askpass.sh
 
 
_ul.sh
_ul.sh
 
 
_versions.sh
_versions.sh
 
 
boringssl.sh
boringssl.sh
 
 
brotli.sh
brotli.sh
 
 
cares.sh
cares.sh
 
 
cc-by-sa.svg
cc-by-sa.svg
 
 
curl-autotools.sh
curl-autotools.sh
 
 
curl-cmake.sh
curl-cmake.sh
 
 
curl-for-win-ca-cert.pem
curl-for-win-ca-cert.pem
 
 
curl-m32.sh
curl-m32.sh
 
 
curl-pkg.sh
curl-pkg.sh
 
 
curl.patch
curl.patch
 
 
curl.sh
curl.sh
 
 
curl.test.patch
curl.test.patch
 
 
deploy.key.asc
deploy.key.asc
 
 
gsasl.sh
gsasl.sh
 
 
libiconv.sh
libiconv.sh
 
 
libidn2.sh
libidn2.sh
 
 
libpsl.sh
libpsl.sh
 
 
libressl-cmake.sh
libressl-cmake.sh
 
 
libressl.sh
libressl.sh
 
 
libssh.sh
libssh.sh
 
 
libssh2-cmake.sh
libssh2-cmake.sh
 
 
libssh2.patch
libssh2.patch
 
 
libssh2.sh
libssh2.sh
 
 
libssh2.test.patch
libssh2.test.patch
 
 
libunistring.sh
libunistring.sh
 
 
mbedtls.sh
mbedtls.sh
 
 
nghttp2.sh
nghttp2.sh
 
 
nghttp3.sh
nghttp3.sh
 
 
ngtcp2.sh
ngtcp2.sh
 
 
openssl.sh
openssl.sh
 
 
sign-code.p12.asc
sign-code.p12.asc
 
 
sign-pkg-public.asc
sign-pkg-public.asc
 
 
sign-pkg.gpg.asc
sign-pkg.gpg.asc
 
 
wolfssh.sh
wolfssh.sh
 
 
wolfssl.sh
wolfssl.sh
 
 
zlib.patch
zlib.patch
 
 
zlib.sh
zlib.sh
 
 
zlib.test.patch
zlib.test.patch
 
 
zstd.sh
zstd.sh
 
 

Repository files navigation

License Build status

Reproducible curl binaries for Windows

  • We provide binary packages in .zip and .tar.xz formats,
    signed with PGP key: 002C 1689 65BA C220 2118 408B 4ED8 5DF9 BB3D 0DE8
  • Standalone curl.exe and libcurl.dll. Static libraries included.
  • Vista with Universal CRT required.
  • HTTP/3 and HTTP/2 support. Detailed feature list below.
  • Transparent builds, using open source code, run in public, with auditable logs.
  • Build environment is LLVM/Clang with mingw-w64 via Debian, Homebrew, MSYS2. llvm-mingw for ARM64.
  • Cross-built and published from Linux via AppVeyor CI. Using reproducible OS image debian:testing-slim via Docker.
  • Built with hardening options enabled.
  • Binaries use SEH, except x86, which uses DWARF.
  • We verify components using SHA-256 hashes and PGP signatures where provided.
  • We build reproducible binaries, producing the same hash given the same input sources and C compiler.
  • Patching policy: No locally maintained patches. We may apply patches if already merged upstream or — for showstoppers — had them submitted with fair confidence of getting merged.
  • We plan to switch the default TLS backend to BoringSSL. This fixes a long-standing vulnerability. It also makes binaries 30% smaller. Downsides are no API/ABI guaranties, pthread dependence and missing TLS-SRP support.
  • You can look up the correct distro hashes in lines starting with SHA in the build log.
  • Packages built across host platforms do not have identical hashes. The reason for this is slightly different build options and toolchain builds/versions. Except llvm-mingw builds, which are reproducible across build hosts. ARM64 and all BoringSSL builds are like that by default.
  • We code sign with a self-signed certificate, and intentionally not use trusted timestamps for reproducibility.

Features

Default build with OpenSSL (QUIC fork), and Schannel runtime-selectable option:

Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM     SPNEGO SSL SSPI threadsafe TLS-SRP UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2
Alternate configurations with different footprints:

"big":
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM PSL SPNEGO SSL SSPI threadsafe         UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2 -lidn2 -lpsl -liconv -lunistring

"boringssl":
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM     SPNEGO SSL SSPI threadsafe         UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd -lnghttp3 -lngtcp2

"noh3", HTTP/2:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2       HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM     SPNEGO SSL SSPI threadsafe TLS-SRP UnixSockets zstd
Libs: -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl -lssl -lcrypto -lbrotlidec -lbrotlicommon -lzstd

"mini", Schannel, without brotli and zstd:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS        gsasl HSTS HTTP2                   IDN IPv6 Kerberos Largefile libz          NTLM     SPNEGO SSL SSPI threadsafe         UnixSockets
Libs: -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2 -lssh2 -lgsasl

"micro", without libssh2 and gsasl:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp          smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS              HSTS HTTP2                   IDN IPv6 Kerberos Largefile libz          NTLM     SPNEGO SSL SSPI threadsafe         UnixSockets
Libs: -lcurl -lz -lcrypt32 -lbcrypt -lwldap32 -lnghttp2

"nano", HTTP/1.1:
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp          smb smbs smtp smtps telnet tftp ws wss
Features:         AsynchDNS              HSTS                         IDN IPv6 Kerberos Largefile libz          NTLM     SPNEGO SSL SSPI threadsafe         UnixSockets
Libs: -lcurl -lz -lcrypt32 -lbcrypt -lwldap32

"pico", HTTP/1.1-only:
Protocols:                                   http https
Features:         AsynchDNS              HSTS                             IPv6          Largefile libz                          SSL SSPI threadsafe         UnixSockets
Libs: -lcurl -lz -lcrypt32 -lbcrypt

Downloads

Build logs

https://ci.appveyor.com/project/curlorg/curl-for-win/history

Guarantees and Liability

See LICENSE.

Information in this document is subject to change without notice and does not represent or imply any future commitment by the participants of the project.

This document © 2014–present Viktor Szakats
Creative Commons Attribution-ShareAlike 4.0

About

Reproducible curl binaries for Linux, macOS and Windows

curl.se/windows/

Topics

windows macos linux tls ssh binaries curl reproducible libcurl musl-libc builds http3 ucrt

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

680 stars

Watchers

51 watching

Forks

204 forks
Report repository

Contributors 3

Languages