openssl engine code injection in curl https://daniel.haxx.se/blog/2019/06/24/openssl-engine-code-injection-in-curl/
> disabling of the config file loading had a typo which actually made it not disable it
Nice one! Affects every fully patched Windows 10 system? (comes preloaded with cURL which is usually awesome!)
C:\Users\tester>curl -V curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
@brnrd it specifically says that the curl version Microsoft ships is NOT affected!
@bagder Sorry for that! Reading is hard... Should practice that more!
@brnrd well, I'm sorry too. I realized I probably came off a bit short there in my response. I didn't intend to brush you off, just inform you that this detail was already covered.
@bagder Zero offence taken! Now that I actually read your post, it's crystal clear. The "OpenSSL engine ... curl" title is abundantly precise. Hadn't noticed that is also hits other projects!
I used to build my own curl with LibreSSL first on cygwin and more recently on WSL until M$ bundled curl with Windows.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!