curl

curl
Name	curl
Developer	Daniel Stenberg, Haxx, Måns Rullgård
Released	1997
Programming language	C (programming language)
Operating system	Linux, FreeBSD, NetBSD, OpenBSD, Microsoft Windows, macOS, AIX, Solaris
Platform	Cross-platform
Genre	Command-line tool, libcurl
License	MIT License

curl curl is a command-line tool and library for transferring data with URL syntax, widely used for network testing, automation, and embedding in applications. It integrates with many protocols and operating systems, is distributed as a standalone executable and as the client-side library libcurl, and is maintained by a distributed team centered on the Haxx project. curl has become a staple in software stacks, utilities, and infrastructure managed by organizations ranging from GitHub to Red Hat.

History

curl originated in 1997 when Daniel Stenberg created a tool to fetch currency exchange rates; the project name evolved from "httpget" to the present tool. Early development coincided with the growth of World Wide Web tools and the adoption of HTTP/1.1 standards; contributions and packaging followed from distributions like Debian, Fedora, and OpenBSD. Over time, integrations with projects such as libcurl encouraged adoption by vendors including Apple Inc., Microsoft, and Google. Security incidents and high-profile vulnerabilities prompted coordinated disclosure involving organizations such as CERT Coordination Center and vendors like Red Hat; these responses shaped release cadence and hardening practices. The project's governance has been influenced by open-source norms exemplified by communities like Apache Software Foundation and package ecosystems maintained by Homebrew and npm-adjacent tooling.

Features and Architecture

curl provides an array of features including supports for authentication mechanisms like OAuth 2.0 and NTLM, transfer resume, bandwidth throttling, proxying, and cookie handling compatible with standards from IETF. Architecturally, curl separates the command-line client from libcurl, a multi-protocol library exposing APIs used by software from Mozilla and KDE; libcurl offers a thread-safe interface, connection reuse, and pluggable backends for TLS provided by libraries such as OpenSSL, GnuTLS, NSS, and LibreSSL. The codebase is written in C (programming language), following portability patterns used by projects like BusyBox and Musl (software), with build systems supporting autotools, CMake, and platform-specific packaging by pkgsrc and Homebrew. curl implements state machines for request lifecycle management, integrates with IPv6 stacks standardized by IETF, and includes test suites influenced by continuous integration services such as Travis CI and GitHub Actions.

Supported Protocols and Platforms

curl and libcurl implement a broad set of protocols, including HTTP/1.1, HTTP/2, HTTPS via TLS stacks, FTP, FTPS, SFTP over SSH File Transfer Protocol, SCP, SMTP, SMTPS, IMAP, POP3, and lower-level schemes like TELNET. Platform support spans Unix-like systems including Linux, FreeBSD, NetBSD, OpenBSD, and commercial systems like AIX and Solaris, as well as desktop and server platforms such as Microsoft Windows and macOS. Ecosystem integrations include bindings and wrappers for languages and frameworks maintained by organizations like Python Software Foundation (python-requests interactors), Node.js Foundation (npm modules), and Microsoft tooling for PowerShell and Windows Package Manager.

Usage and Examples

curl is invoked from shells used in environments like GNU Bash, Zsh and automation systems like Jenkins and Ansible. Common usage patterns include simple GET requests, POST submissions with form-encoded data, multipart file uploads, and scripted interactions leveraging exit codes familiar to POSIX utilities. Example workflows appear in documentation and tutorials from Stack Overflow contributors and in technical guides published by O’Reilly Media and Linux Foundation training. Developers embed libcurl in applications from projects hosted on GitHub and deploy curl-powered health checks in orchestration systems like Kubernetes and Docker container images.

Security and Vulnerabilities

curl’s wide deployment has made it a target for vulnerability research by academic teams and security firms like Google Project Zero and Codenomicon. Notable classes of issues include TLS/SSL handshake handling bugs tied to providers such as OpenSSL and GnuTLS, URL parsing edge cases, and certificate validation flaws addressed through coordinated disclosures with organizations like CERT/CC and vendor teams at Red Hat and Debian. Security best practices recommend building curl with modern TLS libraries, enabling certificate pinning when appropriate, and keeping pace with protocol updates like TLS 1.3 specified by the IETF. Incident responses have involved patches, CVE assignments managed through MITRE Corporation, and advisory publications by distributions such as Ubuntu and CentOS.

Development and Licensing

curl is developed in an open-source model centered on a public repository and managed through a contributor workflow similar to those used by Linux Kernel and Git-centric projects hosted on platforms like GitHub. Contributions are reviewed by maintainers associated with Haxx, and release management follows semantic versioning conventions akin to practices at Semantic Versioning. The project uses issue trackers and continuous integration patterns influenced by services such as Travis CI and GitHub Actions. curl is distributed under the MIT License, permitting integration by commercial entities including Red Hat, IBM, Microsoft, and Apple Inc., and enabling wide reuse in both proprietary and open-source software stacks.

Category:Network software