• November 28, 2024

Curl Flags

curl.1 the man page

curl.1 the man page

Name
curl – transfer a URL Synopsis
curl [options / URLs] Description
curl is a tool for transfering data from or to a server. It supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET or TFTP. The command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer resume and more. As you will see below, the number of features will make your head spin!
curl is powered by libcurl for all transfer-related features. See libcurl(3) for details. Url
The URL syntax is protocol-dependent. You’ll find a detailed description in RFC 3986.
You can specify multiple URLs or parts of URLs by writing part sets within braces and quoting the URL as in:
“one, two, three}”
or you can get sequences of alphanumeric series by using [] as in:
“1-100]”
“001-100]” (with leading zeros)
“a-z]”
Nested sequences are not supported, but you can use several ones next to each other:
“1996-1999]/vol[1-4]/part{a, b, c}”
You can specify any amount of URLs on the command line. They will be fetched in a sequential manner in the specified order. You can specify command line options and URLs mixed and in any order on the command line.
You can specify a step counter for the ranges to get every Nth number or letter:
“1-100:10]”
“a-z:2]”
When using [] or {} sequences when invoked from a command line prompt, you probably have to put the full URL within double quotes to avoid the shell from interfering with it. This also goes for other characters treated special, like for example ‘&’, ‘? ‘ and ‘*’.
Provide the IPv6 zone index in the URL with an escaped percentage sign and the interface name. Like in
“[fe80::3%25eth0]/”
If you specify URL without protocol prefix, curl will attempt to guess what protocol you might want. It will then default to HTTP but try other protocols based on often-used host name prefixes. For example, for host names starting with “ftp. ” curl will assume you want to speak FTP.
curl will do its best to use what you pass to it as a URL. It is not trying to validate it as a syntactically correct URL by any means but is instead very liberal with what it accepts.
curl will attempt to re-use connections for multiple file transfers, so that getting many files from the same server will not do multiple connects / handshakes. This improves speed. Of course this is only done on files specified on a single command line and cannot be used between separate curl invocations. Output
If not told otherwise, curl writes the received data to stdout. It can be instructed to instead save that data into a local file, using the -o, –output or -O, –remote-name options. If curl is given multiple URLs to transfer on the command line, it similarly needs multiple options for where to save them.
curl does not parse or otherwise “understand” the content it gets or writes as output. It does no encoding or decoding, unless explicitly asked to with dedicated command line options. Protocols
curl supports numerous protocols, or put in URL terms: schemes. Your particular build may not support them all.
DICT
Lets you lookup words using online dictionaries.
FILE
Read or write local files. curl does not support accessing file URL remotely, but when running on Microsoft Windows using the native UNC approach will work.
FTP(S)
curl supports the File Transfer Protocol with a lot of tweaks and levers. With or without using TLS.
GOPHER(S)
Retrieve files.
HTTP(S)
curl supports HTTP with numerous options and variations. It can speak HTTP version 0. 9, 1. 0, 1. 1, 2 and 3 depending on build options and the correct command line options.
IMAP(S)
Using the mail reading protocol, curl can “download” emails for you. With or without using TLS.
LDAP(S)
curl can do directory lookups for you, with or without TLS.
MQTT
curl supports MQTT version 3. Downloading over MQTT equals “subscribe” to a topic while uploading/posting equals “publish” on a topic. MQTT over TLS is not supported (yet).
POP3(S)
Downloading from a pop3 server means getting a mail. With or without using TLS.
RTMP(S)
The Realtime Messaging Protocol is primarily used to server streaming media and curl can download it.
RTSP
curl supports RTSP 1. 0 downloads.
SCP
curl supports SSH version 2 scp transfers.
SFTP
curl supports SFTP (draft 5) done over SSH version 2.
SMB(S)
curl supports SMB version 1 for upload and download.
SMTP(S)
Uploading contents to an SMTP server means sending an email. With or without TLS.
TELNET
Telling curl to fetch a telnet URL starts an interactive session where it sends what it reads on stdin and outputs what the server sends it.
TFTP
curl can do TFTP downloads and uploads. Progress meter
curl normally displays a progress meter during operations, indicating the amount of transferred data, transfer speeds and estimated time left, etc. The progress meter displays number of bytes and the speeds are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is 1024 bytes. 1M is 1048576 bytes.
curl displays this data to the terminal by default, so if you invoke curl to do an operation and it is about to write data to the terminal, it disables the progress meter as otherwise it would mess up the output mixing progress meter and response data.
If you want a progress meter for HTTP POST or PUT requests, you need to redirect the response output to a file, using shell redirect (>), -o, –output or similar.
This does not apply to FTP upload as that operation does not spit out any response data to the terminal.
If you prefer a progress “bar” instead of the regular meter, -#, –progress-bar is your friend. You can also disable the progress meter completely with the -s, –silent option. Options
Options start with one or two dashes. Many of the options require an additional value next to them.
The short “single-dash” form of the options, -d for example, may be used with or without a space between it and its value, although a space is a recommended separator. The long “double-dash” form, -d, –data for example, requires a space between it and its value.
Short version options that don’t need any additional values can be used immediately next to each other, like for example you can specify all the options -O, -L and -v at once as -OLv.
In general, all boolean options are enabled with –option and yet again disabled with –no-option. That is, you use the exact same option name but prefix it with “no-“. However, in this list we mostly only list and show the –option version of them.
–abstract-unix-socket (HTTP) Connect through an abstract Unix domain socket, instead of using the network. Note: netstat shows the path of an abstract socket prefixed with ‘@’, however the argument should not have this leading character.
Example: curl –abstract-unix-socket socketpath
Added in 7. 53. 0.
–alt-svc
(HTTPS) This option enables the alt-svc parser in curl. If the file name points to an existing alt-svc cache file, that will be used. After a completed transfer, the cache will be saved to the file name again if it has been modified.
Specify a “” file name (zero length) to avoid loading/saving and make curl just handle the cache in memory.
If this option is used several times, curl will load contents from all the files but the last one will be used for saving.
Example: curl –alt-svc
Added in 7. 64. 1.
–anyauth
(HTTP) Tells curl to figure out authentication method by itself, and use the most secure one the remote site claims to support. This is done by first doing a request and checking the response-headers, thus possibly inducing an extra network round-trip. This is used instead of setting a specific authentication method, which you can do with –basic, –digest, –ntlm, and –negotiate.
Using –anyauth is not recommended if you do uploads from stdin, since it may require data to be sent twice and then the client must be able to rewind. If the need should arise when uploading from stdin, the upload operation will fail.
Used together with -u, –user.
Example: curl –anyauth –user me:pwd
See also –proxy-anyauth, –basic and –digest.
-a, –append
(FTP SFTP) When used in an upload, this makes curl append to the target file instead of overwriting it. If the remote file doesn’t exist, it will be created. Note that this flag is ignored by some SFTP servers (including OpenSSH).
Example: curl –upload-file local –append
–aws-sigv4
(TLS) Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file for this, so this option is typically used to alter that default file.
curl recognizes the environment variable named ‘CURL_CA_BUNDLE’ if it is set, and uses the given path as a path to a CA cert bundle. This option overrides that variable.
The windows version of curl will automatically look for a CA certs file named ´´, either in the same directory as, or in the Current Working Directory, or in any folder along your PATH.
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module () needs to be available for this option to work properly.
(iOS and macOS only) If curl is built against Secure Transport, then this option is supported for backward compatibility with other SSL engines, but it should not be set. If the option is not set, then curl will use the certificates in the system and user Keychain to verify the peer, which is the preferred method of verifying the peer’s certificate chain.
(Schannel only) This option is supported for Schannel in Windows 7 or later with libcurl 7. 60 or later. This option is supported for backward compatibility with other SSL engines; instead it is recommended to use Windows’ store of root certificates (the default for Schannel).
If this option is used several times, the last one will be used.
Example: curl –cacert
–capath


(TLS) Tells curl to use the specified certificate directory to verify the peer. Multiple paths can be provided by separating them with “:” (e. g. “path1:path2:path3”). The certificates must be in PEM format, and if curl is built against OpenSSL, the directory must have been processed using the c_rehash utility supplied with OpenSSL. Using –capath can allow OpenSSL-powered curl to make SSL-connections much more efficiently than using –cacert if the –cacert file contains many CA certificates.
If this option is set, the default capath value will be ignored, and if it is used several times, the last one will be used.
Example: curl –capath /local/directory
–cert-status
(TLS) Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka. OCSP stapling) TLS extension.
If this option is enabled and the server sends an invalid (e. expired) response, if the response suggests that the server certificate has been revoked, or no response at all is received, the verification fails.
This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
Example: curl –cert-status
Added in 7. 41. 0.
–cert-type
(TLS) Tells curl what type the provided client certificate is using. PEM, DER, ENG and P12 are recognized types. If not specified, PEM is assumed.
Example: curl –cert-type PEM –cert file
See also -E, –cert, –key and –key-type.
-E, –cert
(TLS) Tells curl to use the specified client certificate file when getting a file with HTTPS, FTPS or another SSL-based protocol. The certificate must be in PKCS#12 format if using Secure Transport, or PEM format if using any other engine. If the optional password isn’t specified, it will be queried for on the terminal. Note that this option assumes a “certificate” file that is the private key and the client certificate concatenated! See -E, –cert and –key to specify them independently.
If curl is built against the NSS SSL library then this option can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module () is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with “. /” prefix, in order to avoid confusion with a nickname. If the nickname contains “:”, it needs to be preceded by “\” so that it is not recognized as password delimiter. If the nickname contains “”\””
it needs to be escaped as

it needs to be escaped as “”\\”” so that it is not recognized as an escape character.

Frequently Asked Questions about curl flags

Leave a Reply