A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features
Find a file
Viktor Szakats 2a92c39a21
windows: tidy up wincrypt.h / BoringSSL/AWS-LC coexist workaround
- openssl: move and expand explanatory comment.

- openssl: drop duplicate workaround.

- schannel: drop workaround. Unnecessary, because OpenSSL headers are
  not included in or after schannel code.

- schannel: drop explicit `wincrypt.h` include. It's indirectly
  included by system `<schannel.h>`.

- ldap: drop explicit `wincrypt.h` include.
  It isn't used there, and also not required for the workaround.
  `winldap.h` keeps including it indirectly.

Tested with BoringSSL and AWS-LC (MultiSSL with Schannel), also LDAP
enabled, and H3, unity and non-unity, and all tested cases build fine.

In lib in general, the point is to have the `#undef`s between the first
`wincrypt.h` include [1] and the first OpenSSL include [2], within a
single compilation unit. For non-unity builds the only such source is
`openssl.c`. For unity ones, depending on batch size, in theory we
should `#undef` after each `wincrypt.h` include. In practice this is
overkill and most cases are covered by `#undef`-fing _first_ in
`vtls/openssl.c`, and `#undef` in `ldap.c`. It's not impossible that we
need to add more undefs after further `wincrypt.h` includes to cover so
far undiscovered build cases [3]. Though I could not find more with the
current sources and source order.

It's also an option to include OpenSSL first, then `wincrypt.h`, as
done in libtests, but for lib and `vtls/openssl.c` it's more practical
to do the opposite.

[1] can be indirect, e.g. via `iphlpapi.h`, `schannel.h`, `winldap.h`.

[2] in
- BoringSSL/AWS-LC: any include (due to `openssl/base.h`).
  Original fix removed by BoringSSL in year
  [2014](ded93581f1 (diff-878093ea6426091505b4c49c59b78924f42859af0eb4ce39b8089bda9577e013)).
- OpenSSL: `openssl/ssl.h`, `openssl/x509v3.h`, and some more affected,
  and including `openssl/ossl_typ.h` does the `#undef` automatically.
  Since [3.1.0+](fbb9a1f997)
  each inclusion does the `#undef`, in 3.0.x (and earlier) only
  the first inclusion did. Initially fixed in
  [0.9.6d](1955b87423)
- LibreSSL [2.3.0+](0fa826d34f):
  not affected, though to suppress another warning 3.8.2+ and
  a [define](e7fe6caab2)
  is necessary.

[3] `lib/Makefile.inc` defines the order of unity sources.

For libtests, the case is simpler: There is always one compilation unit,
with a fixed order, and at the moment `cli_hx_download.c` is including
OpenSSL first, then wincrypt, and in this order they don't bother each
other. Also, at the moment `lib758.c` is the only other OpenSSL header
user, but it's compiled after `cli_hx_download.c` so the include is
skipped there. We may need to revisit this if either header gets
included before it.

All this said it'd be nice if BoringSSL/AWS-LC restored the built-in
workaround to behave like LibreSSL and OpenSSL and not require local
workarounds like these.

Ref: https://github.com/curl/curl/pull/20556#issuecomment-3888425644

Follow-up to 4c46c829f5 #9110
Follow-up to fbe07c6829 #5669 #5857

Closes #20567
2026-02-12 14:31:39 +01:00
.circleci runtests: detect bad libssh differently for test 1459 (fixing CircleCI libssh job) 2025-11-16 23:28:44 +01:00
.github GHA/linux: update pizlonator/fil-c to v0.678 2026-02-11 06:12:04 +01:00
CMake build: check MSG_NOSIGNAL directly, drop detection and interim macro 2026-02-11 14:51:08 +01:00
docs docs/libcurl: unify WARNING use 2026-02-11 09:43:14 +01:00
include include: mask computed auth/proto bitmasks to 32 bits 2026-01-26 13:48:05 +01:00
lib windows: tidy up wincrypt.h / BoringSSL/AWS-LC coexist workaround 2026-02-12 14:31:39 +01:00
LICENSES krb5: drop support for Kerberos FTP 2025-09-20 23:58:28 +02:00
m4 build: require POSIX strdup() 2026-02-03 17:50:18 +01:00
projects tidy-up: miscellaneous 2026-02-01 00:54:23 +01:00
scripts mk-ca-bundle.pl: drop support for obsolete/insecure fingerprint algos 2026-02-05 15:22:01 +01:00
src tool_operate: split post_per_transfer into sub functions 2026-02-11 09:41:48 +01:00
tests cli_hx_download: add Schannel support 2026-02-11 18:00:55 +01:00
.dir-locals.el copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
.editorconfig .editorconfig: add 2025-09-02 08:36:40 +02:00
.git-blame-ignore-revs copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
.gitattributes winbuild: MS-DOS batch tidy-ups 2024-07-02 19:26:15 +02:00
.gitignore build: drop the winbuild build system 2025-09-20 01:20:25 +02:00
.mailmap REUSE: add copyright header to two files 2025-11-03 16:08:52 +01:00
acinclude.m4 build: check MSG_NOSIGNAL directly, drop detection and interim macro 2026-02-11 14:51:08 +01:00
appveyor.sh CI: log downloaded file hashes, pin manually bumped ones 2026-02-05 03:20:46 +01:00
appveyor.yml CI: log downloaded file hashes, pin manually bumped ones 2026-02-05 03:20:46 +01:00
buildconf copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
CHANGES.md CHANGES: fix typo in filename 2026-01-01 12:20:10 +01:00
CMakeLists.txt cmake: fix CURL_DROP_UNUSED accidental left always-enabled 2026-02-11 17:01:04 +01:00
configure.ac build: check MSG_NOSIGNAL directly, drop detection and interim macro 2026-02-11 14:51:08 +01:00
COPYING COPYING: bump copyright year range to 1996 - 2026 2026-01-08 23:19:44 +01:00
curl-config.in autotools: tidy-up if expressions 2025-12-10 22:29:19 +01:00
Dockerfile Dockerfile: update debian:bookworm-slim Docker digest to 98f4b71 2026-02-05 17:36:44 +01:00
GIT-INFO.md REUSE: add copyright header to two files 2025-11-03 16:08:52 +01:00
libcurl.pc.in configure: do not echo most inherited LDFLAGS to config files 2024-11-14 09:55:45 +01:00
Makefile.am tidy-up: miscellaneous 2026-01-15 13:06:13 +01:00
README BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 2026-01-26 08:26:28 +01:00
README.md README: add MQTTS 2026-02-05 22:55:01 +01:00
RELEASE-NOTES RELEASE-NOTES: synced 2026-02-12 09:25:50 +01:00
renovate.json renovate: merge two custom regex rules, escape dots 2026-01-23 15:58:16 +01:00
REUSE.toml REUSE: drop broken reference to MAIL-ETIQUETTE 2026-01-19 07:48:15 +01:00
SECURITY.md BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 2026-01-26 08:26:28 +01:00

curl logo

curl is a command-line tool for transferring data from or to a server using URLs. It supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS.

Learn how to use curl by reading the man page or everything curl.

Find out how to install curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl man page to learn how.

Open Source

curl is Open Source and is distributed under an MIT-like license.

Contact

Contact us on a suitable mailing list or use GitHub issues/ pull requests/ discussions.

All contributors to the project are listed in the THANKS document.

Commercial support

For commercial support, maybe private and dedicated help with your problems or applications using (lib)curl visit the support page.

Website

Visit the curl website for the latest news and downloads.

Source code

Download the latest source from the Git server:

git clone https://github.com/curl/curl

Security problems

Report suspected security problems privately and not in public.

Backers

Thank you to all our backers 🙏 Become a backer.

Sponsors

Support this project by becoming a sponsor.