Re: libcurl.framework.make Question

AG wrote:
> I need to create a universal static library or a universal framework  
> on 10.5.4.
> 
> I downloaded curl-7.19.0 and ran configure.   When I try to run
> 	make build -e -f libcurl.framework.make
> I get a bunch of undefined symbols including: _ldap_memfree,  
> _ldap_free_urldesc, _ldap_simple_bind_s, _ldap_get_dn, etc.
> 
> My questions are:  does anyone know what steps are necessary for  
> successful compile of the framework or alternatively, does anyone have  
> an XCode project for compiling this as a static library?
> 
> TIA,
> 
> AG
> 
Looks like your system needs ldap-devl libraries.

You can disable the ldap support by running configure with "--disable-ldap"
option.

Thanks
Wei

Re: [what do you think?] libcurl and security

On Fri, Sep 05, 2008 at 10:03:27AM +0200, Daniel Stenberg wrote:
> I'm going to do a talk[*] on security in "popular" open source software in 
> a while, with stories and experiences from our little project.
>
> So I'm curious on how you app authors feel about security and the curl  
> project, in general and specific cases. I feel that I have a view on this 
> from an author's perspective and I have opinions about what we (can) do to 
> make curl and libcurl remain safe and secure. But how do you users of 
> (primarily) libcurl view us; the code, the project, the product from a 
> security perspective?

I have some opinions on this from the perspective of having hacked the
libcurl code somewhat.  Many of the points I'm about to make aren't
specific to security, but are general problems that can result in
introduced bugs, many of which could have security implications.
curl deals with untrusted input from random remote servers so there are
many classes of bugs that can be exploited remotely (even if such bugs
only result in a crash, that's still a denial of service problem that
falls under the security heading).

The main issue I see with curl is the age of the code base. It's over ten
years old now and has been in continual development during that time.
Features have been tacked on one at a time, often through patches
created by people who aren't very familiar with the code or its design.
Over time, this results in effects like:

- Functions end up being much too long (I recall seeing a few at close to
1000 lines) as they're patched and expanded--I've found several
bugs by simply refactoring long functions into several smaller ones.
One problem had to do with local variables being declared hundreds of

Re: Problem using curl easy Milli Seconds time out options ...

Re: Problem using curl easy Milli Seconds time out options ...

On Wed, Oct 1, 2008 at 8:22 AM, Mukul Kedare <kedare.mukul <at> gmail.com> wrote:
> Hi ,
>
> I tried version 7.19.0 too, still it did'nt work.
> One more thing they say in man page --- if using standard name resolvers all
> the timeouts will be done in seconds unit.
> Is there any thing regarding name resolvers that I can do while building
> libcurl ?
> What are C-areas and how to enable it for libcurl built, I am searching for
> it but could not find anything uptill now.

Perhaps your misspelling of the library name is causing you not to be
able to find it :)

http://daniel.haxx.se/projects/c-ares/

--

-- 
Michael Wood <esiotrot <at> gmail.com>

Re: Problem using curl easy Milli Seconds time out options ...

Re: Problem using curl easy Milli Seconds time out options ...

On Wed, 1 Oct 2008, Mukul Kedare wrote:

> Is there any thing regarding name resolvers that I can do while building
> libcurl ?

Here's a relevant piece from the FAQ:

 	http://curl.haxx.se/docs/faq.html#How_does_libcurl_resolve_host_na

--

-- 

  / daniel.haxx.se

Re: [what do you think?] libcurl and security

On Tue, 30 Sep 2008, Dan Fandrich wrote:

> I have some opinions on this from the perspective of having hacked the 
> libcurl code somewhat.  Many of the points I'm about to make aren't specific 
> to security, but are general problems that can result in introduced bugs, 
> many of which could have security implications. curl deals with untrusted 
> input from random remote servers so there are many classes of bugs that can 
> be exploited remotely (even if such bugs only result in a crash, that's 
> still a denial of service problem that falls under the security heading).

Thanks for your thoughts and perspective on these issues. I think I've got my 
nose buried a bit too deep into the code at times to realize these things 
myself, but of course all the points you make are reasonable and agreeable!

I wish the coverity[*] scan guys would do another scan on the libcurl source 
code. The one they did on 7.16.1 resulted in almost 30 potential flaws - and 
while we have all of them fixed since I'm sure there are more (new?) to 
find...

[*]= http://daniel.haxx.se/blog/2008/05/20/coveritys-open-source-bug-report/

--

-- 

  / daniel.haxx.se

FreeBasic & Dos

Re: FreeBasic & Dos

On Wed, 1 Oct 2008, Jvp wrote:

> I am investigating the use of the library with FreeBasic for Dos. Reading 
> the site information, I simply cant get an overall picture of what is 
> required to do that.

Make libcurl compile and run on DOS? That should be doable with 
lib/makefile.dj, or at least that's a start to work from.

Then make sure FreeBasic can use libcurl. That's then basically "just" a 
question of making a binding for FreeBasic to libcurl.

> Does anybody on the group have experience with porting the Library to Dos.?

It has been built for DOS for quite a while so even though it may have quirks 
at times, I believe it should work with not too much trouble.

--

-- 

  / daniel.haxx.se

Re: gcc warnings in non-debug builds

2008/9/30, Daniel Stenberg wrote:

> We could also of course introduce a new --enable-warnings configure option
> that would only do exactly that (== enable picky compiler warning options)
> and not all the (other) magic --enable-debug does.

An --enable-warnings option is the kitchen 

--

-- 
-=[Yang]=-