A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features
Find a file
Joshua Rogers 7541ae569d
tls: fix incomplete mTLS config in conn reuse and session cache
cert_type, key, key_type, key_passwd and key_blob lived in
ssl_config_data but not in ssl_primary_config, so they were invisible to
match_ssl_primary_config() and to the TLS session cache peer key.

Two easy handles sharing a connection pool could reuse each other's
authenticated connections when they differed only on SSLKEY, SSLKEYTYPE,
KEYPASSWD, SSLCERTTYPE or SSLKEYBLOB. The second handle would silently
inherit the first handle's authenticated identity.

Promote all five fields into ssl_primary_config so the conn-reuse
predicate and session cache key cover the complete client credential
set. Also replace the fixed ":CCERT" session cache marker with the
actual clientcert path so sessions are not shared across different
client certificates.

Verified by test 3303 and 3304

Reported-By: Joshua Rogers (AISLE Research)
Closes #21667
2026-05-20 00:02:33 +02:00
.circleci
.github GHA/non-native: alpha-sort BSD jobs 2026-05-19 19:03:58 +02:00
CMake cmake: fix three issues generating lib options in config files 2026-05-17 22:48:22 +02:00
docs BUFQ.md: re-sync with source code 2026-05-19 16:55:45 +02:00
include tidy-up: prefer "initialize" with a 'z' 2026-05-15 11:49:06 +02:00
lib tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
LICENSES
m4 tidy-up: miscellaneous 2026-05-16 01:56:17 +02:00
projects tidy-up: rename more CURLcode variables to result 2026-05-19 16:55:45 +02:00
scripts managen: apply minor fixes and improvements 2026-05-19 16:55:45 +02:00
src tidy-up: miscellaneous 2026-05-16 01:56:17 +02:00
tests tls: fix incomplete mTLS config in conn reuse and session cache 2026-05-20 00:02:33 +02:00
.clang-tidy.yml
.dir-locals.el
.editorconfig
.git-blame-ignore-revs
.gitattributes
.gitignore
.mailmap
acinclude.m4 build: omit zlib pkg-config reference for Android 2026-05-17 13:27:06 +02:00
appveyor.sh
appveyor.yml
CHANGES.md
CMakeLists.txt cmake: fix three issues generating lib options in config files 2026-05-17 22:48:22 +02:00
configure.ac build: omit zlib pkg-config reference for Android 2026-05-17 13:27:06 +02:00
COPYING
curl-config.in
Dockerfile
GIT-INFO.md
libcurl.pc.in
Makefile.am
README
README.md
RELEASE-NOTES RELEASE-NOTES: synced 2026-05-16 23:09:52 +02:00
renovate.json
REUSE.toml
SECURITY.md

curl logo

curl is a command-line tool for transferring data from or to a server using URLs. It supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS.

Learn how to use curl by reading the man page or everything curl.

Find out how to install curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl man page to learn how.

Open Source

curl is Open Source and is distributed under an MIT-like license.

Contact

Contact us on a suitable mailing list or use GitHub issues/ pull requests/ discussions.

All contributors to the project are listed in the THANKS document.

Commercial support

For commercial support, maybe private and dedicated help with your problems or applications using (lib)curl visit the support page.

Website

Visit the curl website for the latest news and downloads.

Source code

Download the latest source from the Git server:

git clone https://github.com/curl/curl

Security problems

Report suspected security problems privately and not in public.

Backers

Thank you to all our backers 🙏 Become a backer.

Sponsors

Support this project by becoming a sponsor.