The snprintf() for getting datasz should be checked, because can fail on unexpected characters - from the manual:
``` [EILSEQ] An invalid wide character code was encountered. ```
That will make it safer when wanting to send data taken from SIP traffic (e.g., body of requests).
On negative return code, likely pkg_malloc() will fail, requested size being big.
The second snprintf() is unlikely to fail, but I would use pkg_mallocxz() or set send_data[0] = '\0' before it so in case it fails for what so ever unknown reason, then the CURL library doesn't get a buffer with garbage and does not go beyond allocated buffer to find the '\0'.
For reusing http_client, it would be good to review all modules. Can be done for this one also after merging, it is easier to work directly in repo than as PR.