-Updated: December 7, 2011 (http://curl.haxx.se/docs/faq.html)
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
1.12 I have a problem who can I chat with?
1.13 curl's ECCN number?
1.14 How do I submit my patch?
+ 1.15 How do I port libcurl to my OS?
2. Install Related Problems
2.1 configure doesn't find OpenSSL even when it is installed
3.19 How do I get HTTP from a host using a specific IP address?
3.20 How to SFTP from my user's home directory?
3.21 Protocol xxx not supported or disabled in libcurl
+ 3.22 curl -X gives me HTTP problems
4. Running Problems
4.1 Problems connecting to SSL servers.
4.16 My HTTP POST or PUT requests are slow!
4.17 Non-functional connect timeouts on Windows
4.18 file:// URLs containing drive letters (Windows, NetWare)
- 4.19 Why doesn't cURL return an error when the network cable is unplugged?
+ 4.19 Why doesn't curl return an error when the network cable is unplugged?
+ 4.20 curl doesn't return error for HTTP non-200 responses!
+ 4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
5. libcurl Issues
5.1 Is libcurl thread-safe?
5.13 How do I stop an ongoing transfer?
5.14 Using C++ non-static functions for callbacks?
5.15 How do I get an FTP directory listing?
+ 5.16 I want a different time-out!
+ 5.17 Can I write a server with libcurl?
+ 5.18 Does libcurl use threads?
6. License Issues
6.1 I have a GPL program, can I use the libcurl library?
7.1 What is PHP/CURL?
7.2 Who wrote PHP/CURL?
7.3 Can I perform multiple requests using the same handle?
+ 7.4 Does PHP/CURL have dependencies?
==============================================================================
A free and easy-to-use client-side URL transfer library, supporting DICT,
FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3,
- POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP.
+ POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP.
libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading,
- kerberos, HTTP form based upload, proxies, cookies, user+password
+ Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password
authentication, file transfer resume, http proxy tunneling and more!
libcurl is highly portable, it builds and works identically on numerous
- platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HPUX,
- IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOs, Mac
+ platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HP-UX,
+ IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac
OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF,
Android, Minix, IBM TPF and more...
Since curl uses libcurl, curl supports the same wide range of common
Internet protocols that libcurl does.
- We pronounce curl and cURL with an initial k sound: [kurl].
+ We pronounce curl with an initial k sound. It rhymes with words like girl
+ and earl. This is a short WAV file to help you:
+
+ https://media.merriam-webster.com/soundc11/c/curl0001.wav
There are numerous sub-projects and related projects that also use the word
curl in the project names in various combinations, but you should take
better. We do however believe in a few rules when it comes to the future of
curl:
- * Curl -- the command line tool -- is to remain a non-graphical command line
- tool. If you want GUIs or fancy scripting capabilities, you should look
- for another tool that uses libcurl.
+ Curl -- the command line tool -- is to remain a non-graphical command line
+ tool. If you want GUIs or fancy scripting capabilities, you should look for
+ another tool that uses libcurl.
- * We do not add things to curl that other small and available tools already
- do very fine at the side. Curl's output is fine to pipe into another
- program or redirect to another file for the next program to interpret.
+ We do not add things to curl that other small and available tools already do
+ very well at the side. Curl's output can be piped into another program or
+ redirected to another file for the next program to interpret.
- * We focus on protocol related issues and improvements. If you wanna do more
- magic with the supported protocols than curl currently does, chances are
- big we will agree. If you wanna add more protocols, we may very well
- agree.
+ We focus on protocol related issues and improvements. If you want to do more
+ magic with the supported protocols than curl currently does, chances are good
+ we will agree. If you want to add more protocols, we may very well agree.
- * If you want someone else to make all the work while you wait for us to
- implement it for you, that is not a very friendly attitude. We spend a
- considerable time already on maintaining and developing curl. In order to
- get more out of us, you should consider trading in some of your time and
- efforts in return.
+ If you want someone else to do all the work while you wait for us to
+ implement it for you, that is not a very friendly attitude. We spend a
+ considerable time already on maintaining and developing curl. In order to
+ get more out of us, you should consider trading in some of your time and
+ effort in return. Simply go to the GitHub repo which resides at
+ https://github.com/curl/curl, fork the project, and create pull requests
+ with your proposed changes.
- * If you write the code, chances are bigger that it will get into curl
- faster.
+ If you write the code, chances are better that it will get into curl faster.
1.5 Who makes curl?
project leader and main developer, but other persons' submissions are
important and crucial. Anyone can contribute and post their changes and
improvements and have them inserted in the main sources (of course on the
- condition that developers agree on that the fixes are good).
+ condition that developers agree that the fixes are good).
The full list of all contributors is found in the docs/THANKS file.
1.6 What do you get for making curl?
Project cURL is entirely free and open. No person gets paid for developing
- (lib)curl on full or even part time. We do this voluntarily on our spare
- time. Occasionally companies pay individual developers to work on curl, but
- that's up to each company and developer. It is not controlled by nor
- supervised in any way by the project.
+ curl full time. We do this voluntarily, mostly in our spare time.
+ Occasionally companies pay individual developers to work on curl, but that's
+ up to each company and developer. This is not controlled by nor supervised in
+ any way by the project.
We still get help from companies. Haxx provides web site, bandwidth, mailing
- lists etc and sourceforge.net hosts project services we take advantage from,
- like the bug tracker. Also again, some companies have sponsored certain
- parts of the development in the past and I hope some will continue to do so
- in the future.
+ lists etc, sourceforge.net hosts project services we take advantage from,
+ like the bug tracker, and GitHub hosts the primary git repository at
+ https://github.com/curl/curl. Also again, some companies have sponsored
+ certain parts of the development in the past and I hope some will continue to
+ do so in the future.
If you want to support our project, consider a donation or a banner-program
- or even better: by helping us coding, documenting, testing etc.
+ or even better: by helping us with coding, documenting or testing etc.
1.7 What about CURL from curl.com?
- During the summer 2001, curl.com was busy advertising their client-side
+ During the summer of 2001, curl.com was busy advertising their client-side
programming language for the web, named CURL.
We are in no way associated with curl.com or their CURL programming
Our project name curl has been in effective use since 1998. We were not the
first computer related project to use the name "curl" and do not claim any
- first-hand rights to the name.
+ rights to the name.
We recognize that we will be living in parallel with curl.com and wish them
every success.
- 1.8 I have a problem who do I mail?
+ 1.8 I have a problem whom do I mail?
Please do not mail any single individual unless you really need to. Keep
curl-related questions on a suitable mailing list. All available mailing
lists are listed in the MANUAL document and online at
- http://curl.haxx.se/mail/
+ https://curl.haxx.se/mail/
Keeping curl-related questions and discussions on mailing lists allows
- others to join in and help, to share their ideas, contribute their
- suggestions and spread their wisdom. Keeping discussions on public mailing
+ others to join in and help, to share their ideas, to contribute their
+ suggestions and to spread their wisdom. Keeping discussions on public mailing
lists also allows for others to learn from this (both current and future
users thanks to the web based archives of the mailing lists), thus saving us
from having to repeat ourselves even more. Thanks for respecting this.
your curl-related problems.
We list available alternatives on the curl web site:
- http://curl.haxx.se/support.html
+ https://curl.haxx.se/support.html
1.10 How many are using curl?
We don't know how many users that downloaded or installed curl and then
never use it.
- Some facts to use as input to the math:
-
- curl packages are downloaded from the curl.haxx.se and mirrors over a
- million times per year. curl is installed by default with most Linux
- distributions. curl is installed by default with Mac OS X. curl and libcurl
- as used by numerous applications that include libcurl binaries in their
- distribution packages (like Adobe Acrobat Reader and Google Earth).
-
- More than a hundred known named companies use curl in commercial
- environments and products and more than a hundred known named open source
- projects depend on (lib)curl.
-
- In a poll on the curl web site mid-2005, more than 50% of the 300+ answers
- estimated a user base of one million users or more.
-
- In March 2005, the "Linux Counter project" estimated a total Linux user base
- of some 29 millions, while Netcraft detected some 4 million "active" Linux
- based web servers. A guess is that a fair amount of these Linux
- installations have curl installed.
-
- The Debian project maintains statistics on packages installed by people
- who have voluntarily run their package counting application. In mid-2010,
- libcurl3 was installed on over 55000 such systems (62% of reporting systems)
- and was one of the 320 most popular installed packages (out of about 107000
- possible packages).
-
- All this taken together, there is no doubt that there are millions of
- (lib)curl users.
+ In May 2012 Daniel did a counting game and came up with a number that may
+ be completely wrong or somewhat accurate. Over 500 million!
- http://curl.haxx.se/docs/companies.html
- http://curl.haxx.se/docs/programs.html
- http://curl.haxx.se/libcurl/using/apps.html
- http://counter.li.org/estimates.php
- http://news.netcraft.com/archives/2005/03/14/fedora_makes_rapid_progress.html
- http://qa.debian.org/popcon.php?package=curl
+ See https://daniel.haxx.se/blog/2012/05/16/300m-users/
1.11 Why don't you update ca-bundle.crt
- The ca-bundle.crt file that used to be bundled with curl was very outdated
- (it being last modified year 2000 should tell) and must be replaced with a
- much more modern and up-to-date version by anyone who wants to verify peers
- anyway. It is no longer provided, the last curl release that shipped it was
- curl 7.18.0.
+ The ca cert bundle that used to be shipped with curl was very outdated and
+ must be replaced with an up-to-date version by anyone who wants to verify
+ peers. It is no longer provided by curl. The last curl release that ever
+ shipped a ca cert bundle was curl 7.18.0.
In the cURL project we've decided not to attempt to keep this file updated
(or even present anymore) since deciding what to add to a ca cert bundle is
If you want the most recent collection of ca certs that Mozilla Firefox
uses, we recommend that you extract the collection yourself from Mozilla
Firefox (by running 'make ca-bundle), or by using our online service setup
- for this purpose: http://curl.haxx.se/docs/caextract.html
+ for this purpose: https://curl.haxx.se/docs/caextract.html
1.12 I have a problem who can I chat with?
There's a bunch of friendly people hanging out in the #curl channel on the
- IRC network irc.freenode.net. If you're polite and nice, chances are big
+ IRC network irc.freenode.net. If you're polite and nice, chances are good
that you can get -- or provide -- help instantly.
1.13 curl's ECCN number?
cryptography. When doing so, the Export Control Classification Number (ECCN)
is used to identify the level of export control etc.
- ASF gives a good explanation at http://www.apache.org/dev/crypto.html
+ Apache Software Foundation gives a good explanation of ECCNs at
+ https://www.apache.org/dev/crypto.html
We believe curl's number might be ECCN 5D002, another possibility is
- 5D992. It seems necessary to write them, asking to confirm.
+ 5D992. It seems necessary to write them (the authority that administers ECCN
+ numbers), asking to confirm.
- Comprehensible explanations of the meaning of such numbers and how to
- obtain them (resp.) are here
+ Comprehensible explanations of the meaning of such numbers and how to obtain
+ them (resp.) are here
- http://www.bis.doc.gov/licensing/exportingbasics.htm
- http://www.bis.doc.gov/licensing/do_i_needaneccn.html
+ https://www.bis.doc.gov/licensing/exportingbasics.htm
+ https://www.bis.doc.gov/licensing/do_i_needaneccn.html
An incomprehensible description of the two numbers above is here
http://www.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf
Lots of more details are found in the CONTRIBUTE and INTERNALS docs.
+ 1.15 How do I port libcurl to my OS?
+
+ Here's a rough step-by-step:
+
+ 1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h
+
+ 2. edit lib/config-[youros].h to match your OS and setup
+
+ 3. edit lib/curl_setup.h to include config-[youros].h when your OS is
+ detected by the preprocessor, in the style others already exist
+
+ 4. compile lib/*.c and make them into a library
+
2. Install Related Problems
2.1.2 only the libssl lib is missing
If all include files and the libcrypto lib is present, with only the
- libssl being missing according to configure, this is mostly likely because
+ libssl being missing according to configure, this is most likely because
a few functions are left out from the libssl.
If the function names missing include RSA or RSAREF you can be certain
2.2 Does curl work/build with other SSL libraries?
- Curl has been written to use OpenSSL, GnuTLS, yassl, NSS, PolarSSL, axTLS or
- qssl, although there should not be many problems using a different
- library. If anyone does "port" curl to use a different SSL library, we are
- of course very interested in getting the patch!
+ Curl has been written to use a generic SSL function layer internally, and
+ that SSL functionality can then be provided by one out of many different SSL
+ backends.
+
+ curl can be built to use one of the following SSL alternatives: OpenSSL,
+ GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),
+ WinSSL (native Windows) or GSKit (native IBM i). They all have their pros
+ and cons, and we try to maintain a comparison of them here:
+ https://curl.haxx.se/docs/ssl-compared.html
2.3 Where can I find a copy of LIBEAY32.DLL?
That is an OpenSSL binary built for Windows.
- Curl uses OpenSSL to do the SSL stuff. The LIBEAY32.DLL is what curl needs
- on a windows machine to do https://. Check out the curl web site to find
- accurate and up-to-date pointers to recent OpenSSL DLLs and other binary
- packages.
+ Curl can be built with OpenSSL to do the SSL stuff. The LIBEAY32.DLL is then
+ what curl needs on a windows machine to do https:// etc. Check out the curl
+ web site to find accurate and up-to-date pointers to recent OpenSSL DLLs and
+ other binary packages.
2.4 Does curl support SOCKS (RFC 1928) ?
3.3 Why doesn't my posting using -F work?
- You can't simply use -F or -d at your choice. The web server that will
- receive your post assumes one of the formats. If the form you're trying to
- "fake" sets the type to 'multipart/form-data', then and only then you must
- use the -F type. In all the most common cases, you should use -d which then
- causes a posting with the type 'application/x-www-form-urlencoded'.
+ You can't arbitrarily use -F or -d, the choice between -F or -d depends on the
+ HTTP operation you need curl to do and what the web server that will receive
+ your post expects.
+
+ If the form you're trying to submit uses the type 'multipart/form-data', then
+ and only then you must use the -F type. In all the most common cases, you
+ should use -d which then causes a posting with the type
+ 'application/x-www-form-urlencoded'.
This is described in some detail in the MANUAL and TheArtOfHttpScripting
documents, and if you don't understand it the first time, read it again
You can tell curl to perform optional commands both before and/or after a
file transfer. Study the -Q/--quote option.
- Since curl is used for file transfers, you don't use curl to just perform
- FTP commands without transferring anything. Therefore you must always specify
- a URL to transfer to/from even when doing custom FTP commands.
+ Since curl is used for file transfers, you don't normally use curl to
+ perform FTP commands without transferring anything. Therefore you must
+ always specify a URL to transfer to/from even when doing custom FTP
+ commands, or use -I which implies the "no body" option sent to libcurl.
3.5 How can I disable the Accept: */* header?
3.6 Does curl support ASP, XML, XHTML or HTML version Y?
To curl, all contents are alike. It doesn't matter how the page was
- generated. It may be ASP, PHP, Perl, shell-script, SSI or plain
- HTML-files. There's no difference to curl and it doesn't even know what kind
- of language that generated the page.
+ generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML
+ files. There's no difference to curl and it doesn't even know what kind of
+ language that generated the page.
See also item 3.14 regarding javascript.
Find out more about which languages that support curl directly, and how to
install and use them, in the libcurl section of the curl web site:
- http://curl.haxx.se/libcurl/
+ https://curl.haxx.se/libcurl/
All the various bindings to libcurl are made by other projects and people,
outside of the cURL project. The cURL project itself only produces libcurl
In October 2009, there were interfaces available for the following
languages: Ada95, Basic, C, C++, Ch, Cocoa, D, Dylan, Eiffel, Euphoria,
Ferite, Gambas, glib/GTK+, Haskell, ILE/RPG, Java, Lisp, Lua, Mono, .NET,
- Object-Pascal, O'Caml, Pascal, Perl, PHP, PostgreSQL, Python, R, Rexx, Ruby,
+ Object-Pascal, OCaml, Pascal, Perl, PHP, PostgreSQL, Python, R, Rexx, Ruby,
Scheme, S-Lang, Smalltalk, SP-Forth, SPL, Tcl, Visual Basic, Visual FoxPro,
Q, wxwidgets and XBLite. By the time you read this, additional ones may have
appeared!
XML-RPC are all such ones. You can use -X to set custom requests and -H to
set custom headers (or replace internally generated ones).
- Using libcurl is of course just as fine and you'd just use the proper
+ Using libcurl is of course just as good and you'd just use the proper
library options to do the same.
3.11 How do I POST with a different Content-Type?
There is one exception to this rule, and that is if you can "tunnel through"
the given HTTP proxy. Proxy tunneling is enabled with a special option (-p)
and is generally not available as proxy admins usually disable tunneling to
- other ports than 443 (which is used for HTTPS access through proxies).
+ ports other than 443 (which is used for HTTPS access through proxies).
3.13 Why does my single/double quotes fail?
Windows/DOS prompts I believe you're forced to use double (") quotes.
Please study the documentation for your particular environment. Examples in
- the curl docs will use a mix of both these ones as shown above. You must
+ the curl docs will use a mix of both of these as shown above. You must
adjust them to work in your environment.
Remember that curl works and runs on more operating systems than most single
Some workarounds usually suggested to overcome this Javascript dependency:
- - Depending on the Javascript complexity, write up a script that
- translates it to another language and execute that.
+ Depending on the Javascript complexity, write up a script that translates it
+ to another language and execute that.
- - Read the Javascript code and rewrite the same logic in another language.
+ Read the Javascript code and rewrite the same logic in another language.
- - Implement a Javascript interpreter, people have successfully used the
- Mozilla Javascript engine in the past.
+ Implement a Javascript interpreter, people have successfully used the
+ Mozilla Javascript engine in the past.
- - Ask your admins to stop this, for a static proxy setup or similar.
+ Ask your admins to stop this, for a static proxy setup or similar.
3.15 Can I do recursive fetches with curl?
No. curl itself has no code that performs recursive operations, such as
those performed by wget and similar tools.
- There exist wrapper scripts with that functionality (for example the
+ There exists wrapper scripts with that functionality (for example the
curlmirror perl script), and you can write programs based on libcurl to do
it, but the command line tool curl itself cannot.
There are three different kinds of "certificates" to keep track of when we
talk about using SSL-based protocols (HTTPS or FTPS) using curl or libcurl.
- - Client certificate. The server you communicate may require that you can
- provide this in order to prove that you actually are who you claim to be.
- If the server doesn't require this, you don't need a client certificate.
-
- A client certificate is always used together with a private key, and the
- private key has a pass phrase that protects it.
-
- - Server certificate. The server you communicate with has a server
- certificate. You can and should verify this certificate to make sure that
- you are truly talking to the real server and not a server impersonating
- it.
-
- - Certificate Authority certificate ("CA cert"). You often have several CA
- certs in a CA cert bundle that can be used to verify a server certificate
- that was signed by one of the authorities in the bundle. curl does not
- come with a CA cert bundle but most curl installs provide one. You can
- also override the default.
-
- The server certificate verification process is made by using a Certificate
- Authority certificate ("CA cert") that was used to sign the server
- certificate. Server certificate verification is enabled by default in curl
- and libcurl and is often the reason for problems as explained in FAQ entry
- 4.12 and the SSLCERTS document
- (http://curl.haxx.se/docs/sslcerts.html). Server certificates that are
- "self-signed" or otherwise signed by a CA that you do not have a CA cert
- for, cannot be verified. If the verification during a connect fails, you
- are refused access. You then need to explicitly disable the verification
- to connect to the server.
+ CLIENT CERTIFICATE
+
+ The server you communicate with may require that you can provide this in
+ order to prove that you actually are who you claim to be. If the server
+ doesn't require this, you don't need a client certificate.
+
+ A client certificate is always used together with a private key, and the
+ private key has a pass phrase that protects it.
+
+ SERVER CERTIFICATE
+
+ The server you communicate with has a server certificate. You can and should
+ verify this certificate to make sure that you are truly talking to the real
+ server and not a server impersonating it.
+
+ CERTIFICATE AUTHORITY CERTIFICATE ("CA cert")
+
+ You often have several CA certs in a CA cert bundle that can be used to
+ verify a server certificate that was signed by one of the authorities in the
+ bundle. curl does not come with a CA cert bundle but most curl installs
+ provide one. You can also override the default.
+
+ The server certificate verification process is made by using a Certificate
+ Authority certificate ("CA cert") that was used to sign the server
+ certificate. Server certificate verification is enabled by default in curl
+ and libcurl and is often the reason for problems as explained in FAQ entry
+ 4.12 and the SSLCERTS document
+ (https://curl.haxx.se/docs/sslcerts.html). Server certificates that are
+ "self-signed" or otherwise signed by a CA that you do not have a CA cert
+ for, cannot be verified. If the verification during a connect fails, you are
+ refused access. You then need to explicitly disable the verification to
+ connect to the server.
3.17 How do I list the root dir of an FTP server?
When passing on a URL to curl to use, it may respond that the particular
protocol is not supported or disabled. The particular way this error message
is phrased is because curl doesn't make a distinction internally of whether
- a particular protocol is not supported (ie never got any code added that
+ a particular protocol is not supported (i.e. never got any code added that
knows how to speak that protocol) or if it was explicitly disabled. curl can
be built to only support a given set of protocols, and the rest would then
be disabled or not supported.
part as in "htpt://example.com" or as in the less evident case if you prefix
the protocol part with a space as in " http://example.com/".
+ 3.22 curl -X gives me HTTP problems
+
+ In normal circumstances, -X should hardly ever be used.
+
+ By default you use curl without explicitly saying which request method to
+ use when the URL identifies a HTTP transfer. If you just pass in a URL like
+ "curl http://example.com" it will use GET. If you use -d or -F curl will use
+ POST, -I will cause a HEAD and -T will make it a PUT.
+
+ If for whatever reason you're not happy with these default choices that curl
+ does for you, you can override those request methods by specifying -X
+ [WHATEVER]. This way you can for example send a DELETE by doing "curl -X
+ DELETE [URL]".
+
+ It is thus pointless to do "curl -XGET [URL]" as GET would be used
+ anyway. In the same vein it is pointless to do "curl -X POST -d data
+ [URL]"... But you can make a fun and somewhat rare request that sends a
+ request-body in a GET request with something like "curl -X GET -d data
+ [URL]"
+
+ Note that -X doesn't actually change curl's behavior as it only modifies the
+ actual string sent in the request, but that may of course trigger a
+ different set of events.
+
+ Accordingly, by using -XPOST on a command line that for example would follow
+ a 303 redirect, you will effectively prevent curl from behaving
+ correctly. Be aware.
+
4. Running Problems
curl 'http://www.altavista.com/cgi-bin/query?text=yes&q=curl'
- In Windows, the standard DOS shell treats the %-symbol specially and you
- need to use TWO %-symbols for each single one you want to use in the URL.
+ In Windows, the standard DOS shell treats the percent sign specially and you
+ need to use TWO percent signs for each single one you want to use in the
+ URL.
- Also note that if you want the literal %-symbol to be part of the data you
- pass in a POST using -d/--data you must encode it as '%25' (which then also
- needs the %-symbol doubled on Windows machines).
+ If you want a literal percent sign to be part of the data you pass in a POST
+ using -d/--data you must encode it as '%25' (which then also needs the
+ percent sign doubled on Windows machines).
4.3 How can I use {, }, [ or ] to specify multiple URLs?
- Because those letters have a special meaning to the shell, and to be used in
+ Because those letters have a special meaning to the shell, to be used in
a URL specified to curl you must quote them.
- An example that downloads two URLs (sequentially) would do:
+ An example that downloads two URLs (sequentially) would be:
curl '{curl,www}.haxx.se'
- To be able to use those letters as actual parts of the URL (without using
+ To be able to use those characters as actual parts of the URL (without using
them for the curl URL "globbing" system), use the -g/--globoff option:
curl -g 'www.site.com/weirdname[].html'
4.5.3 "403 Forbidden"
- The server understood the request, but is refusing to fulfill it.
+ The server understood the request, but is refusing to fulfil it.
Authorization will not help and the request SHOULD NOT be repeated.
4.5.4 "404 Not Found"
4.9 Curl can't authenticate to the server that requires NTLM?
- NTLM support requires OpenSSL, GnuTLS, NSS or Microsoft Windows libraries at
- build-time to provide this functionality.
+ NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or
+ Microsoft Windows libraries at build-time to provide this functionality.
NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You
should not use such ones.
this check.
Details are also in the SSLCERTS file in the release archives, found online
- here: http://curl.haxx.se/docs/sslcerts.html
+ here: https://curl.haxx.se/docs/sslcerts.html
4.13 Why is curl -R on Windows one hour off?
- During daylight savings time, when -R is used, curl will set a time that
- appears one hour off. This happens due to a flaw in how Windows stores and
- uses file modification times and it is not easily worked around. For details
- on this problem, read this: http://www.codeproject.com/datetime/dstbugs.asp
+ Since curl 7.53.0 this issue should be fixed as long as curl was built with
+ any modern compiler that allows for a 64-bit curl_off_t type. For older
+ compilers or prior curl versions it may set a time that appears one hour off.
+ This happens due to a flaw in how Windows stores and uses file modification
+ times and it is not easily worked around. For more details read this:
+ https://www.codeproject.com/Articles/1144/Beating-the-Daylight-Savings-Time-bug-and-getting
4.14 Redirects work in browser but not with curl!
- curl supports HTTP redirects fine (see item 3.8). Browsers generally support
- at least two other ways to perform directs that curl does not:
+ curl supports HTTP redirects well (see item 3.8). Browsers generally support
+ at least two other ways to perform redirects that curl does not:
- - Meta tags. You can write a HTML tag that will cause the browser to
- redirect to another given URL after a certain time.
+ Meta tags. You can write a HTML tag that will cause the browser to redirect
+ to another given URL after a certain time.
- - Javascript. You can write a Javascript program embedded in a HTML page
- that redirects the browser to another given URL.
+ Javascript. You can write a Javascript program embedded in a HTML page that
+ redirects the browser to another given URL.
There is no way to make curl follow these redirects. You must either
manually figure out what the page is set to do, or you write a script that
To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one
of its related flavours). This is the most common method, and the one
- mandated by RFC4217. This kind of connection then of course uses the
+ mandated by RFC4217. This kind of connection will then of course use the
standard FTP port 21 by default.
4.16 My HTTP POST or PUT requests are slow!
libcurl makes all POST and PUT requests (except for POST requests with a
very tiny request body) use the "Expect: 100-continue" header. This header
allows the server to deny the operation early so that libcurl can bail out
- already before having to send any data. This is useful in authentication
+ before having to send any data. This is useful in authentication
cases and others.
However, many servers don't implement the Expect: stuff properly and if the
timeout is set.
See option TcpMaxConnectRetransmissions on this page:
- http://support.microsoft.com/?scid=kb%3Ben-us%3B175523&x=6&y=7
+ https://support.microsoft.com/en-us/kb/175523/en-us
Also, even on non-Windows systems there may run a firewall or anti-virus
software or similar that accepts the connection but does not actually do
4.18 file:// URLs containing drive letters (Windows, NetWare)
- When using cURL to try to download a local file, one might use a URL
+ When using curl to try to download a local file, one might use a URL
in this format:
file://D:/blah.txt
- You'll find that even if D:\blah.txt does exist, cURL returns a 'file
+ You'll find that even if D:\blah.txt does exist, curl returns a 'file
not found' error.
- According to RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html),
+ According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt),
file:// URLs must contain a host component, but it is ignored by
most implementations. In the above example, 'D:' is treated as the
- host component, and is taken away. Thus, cURL tries to open '/blah.txt'.
+ host component, and is taken away. Thus, curl tries to open '/blah.txt'.
If your system is installed to drive C:, that will resolve to 'C:\blah.txt',
and if that doesn't exist you will get the not found error.
file://localhost/D:/blah.txt
- In either case, cURL should now be looking for the correct file.
+ In either case, curl should now be looking for the correct file.
- 4.19 Why doesn't cURL return an error when the network cable is unplugged?
+ 4.19 Why doesn't curl return an error when the network cable is unplugged?
- Unplugging the cable is not an error situation. The TCP/IP protocol stack
+ Unplugging a cable is not an error situation. The TCP/IP protocol stack
was designed to be fault tolerant, so even though there may be a physical
break somewhere the connection shouldn't be affected, just possibly
delayed. Eventually, the physical break will be fixed or the data will be
- re-routed around the physical problem.
+ re-routed around the physical problem through another path.
In such cases, the TCP/IP stack is responsible for detecting when the
network connection is irrevocably lost. Since with some protocols it is
- perfectly legal for the client wait indefinitely for data, the stack may
+ perfectly legal for the client to wait indefinitely for data, the stack may
never report a problem, and even when it does, it can take up to 20 minutes
for it to detect an issue. The curl option --keepalive-time enables
keep-alive support in the TCP/IP stack which makes it periodically probe the
falls too low, and --connect-timeout and --max-time can be used to put an
overall timeout on the connection phase or the entire transfer.
+ A libcurl-using application running in a known physical environment (e.g.
+ an embedded device with only a single network connection) may want to act
+ immediately if its lone network connection goes down. That can be achieved
+ by having the application monitor the network connection on its own using an
+ OS-specific mechanism, then signalling libcurl to abort (see also item 5.13).
+
+ 4.20 curl doesn't return error for HTTP non-200 responses!
+
+ Correct. Unless you use -f (--fail).
+
+ When doing HTTP transfers, curl will perform exactly what you're asking it
+ to do and if successful it will not return an error. You can use curl to
+ test your web server's "file not found" page (that gets 404 back), you can
+ use it to check your authentication protected web pages (that gets a 401
+ back) and so on.
+
+ The specific HTTP response code does not constitute a problem or error for
+ curl. It simply sends and delivers HTTP as you asked and if that worked,
+ everything is fine and dandy. The response code is generally providing more
+ higher level error information that curl doesn't care about. The error was
+ not in the HTTP transfer.
+
+ If you want your command line to treat error codes in the 400 and up range
+ as errors and thus return a non-zero value and possibly show an error
+ message, curl has a dedicated option for that: -f (CURLOPT_FAILONERROR in
+ libcurl speak).
+
+ You can also use the -w option and the variable %{response_code} to extract
+ the exact response code that was returned in the response.
+
+ 4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
+
+ If you use verbose to see the HTTP request when you send off a HTTP/2
+ request, it will still say 1.1.
+
+ The reason for this is that we first generate the request to send using the
+ old 1.1 style and show that request in the verbose output, and then we
+ convert it over to the binary header-compressed HTTP/2 style. The actual
+ "1.1" part from that request is then not actually used in the transfer.
+ The binary HTTP/2 headers are not human readable.
5. libcurl Issues
We have written the libcurl code specifically adjusted for multi-threaded
programs. libcurl will use thread-safe functions instead of non-safe ones if
- your system has such.
-
- If you use a OpenSSL-powered libcurl in a multi-threaded environment, you
- need to provide one or two locking functions:
-
- http://www.openssl.org/docs/crypto/threads.html
+ your system has such. Note that you must never share the same handle in
+ multiple threads.
- If you use a GnuTLS-powered libcurl in a multi-threaded environment, you
- need to provide locking function(s) for libgcrypt (which is used by GnuTLS
- for the crypto functions).
-
- http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html
-
- No special locking is needed with a NSS-powered libcurl. NSS is thread-safe.
+ There may be some exceptions to thread safety depending on how libcurl was
+ built. Please review the guidelines for thread safety to learn more:
+ https://curl.haxx.se/libcurl/c/threadsafe.html
5.2 How can I receive all data into a large memory chunk?
libcurl will reuse connections for all transfers that are made using the
same libcurl handle.
- When you use the easy interface, the connection cache is kept within the
- easy handle. If you instead use the multi interface, the connection cache
- will be kept within the multi handle and will be shared among all the easy
- handles that are used within the same multi handle.
+ When you use the easy interface the connection cache is kept within the easy
+ handle. If you instead use the multi interface, the connection cache will be
+ kept within the multi handle and will be shared among all the easy handles
+ that are used within the same multi handle.
5.7 Link errors when building libcurl on Windows!
you want to change name resolver function you must rebuild libcurl and tell
it to use a different function.
- - The non-ipv6 resolver that can use one out of four host name resolve calls
- (depending on what your system supports):
+ - The non-IPv6 resolver that can use one of four different host name resolve
+ calls (depending on what your system supports):
A - gethostbyname()
B - gethostbyname_r() with 3 arguments
C - gethostbyname_r() with 5 arguments
D - gethostbyname_r() with 6 arguments
- - The ipv6-resolver that uses getaddrinfo()
+ - The IPv6-resolver that uses getaddrinfo()
- The c-ares based name resolver that uses the c-ares library for resolves.
Using this offers asynchronous name resolves.
- The threaded resolver (default option on Windows). It uses:
- A - gethostbyname() on plain ipv4 hosts
- B - getaddrinfo() on ipv6-enabled hosts
+ A - gethostbyname() on plain IPv4 hosts
+ B - getaddrinfo() on IPv6 enabled hosts
Also note that libcurl never resolves or reverse-lookups addresses given as
pure numbers, such as 127.0.0.1 or ::1.
5.12 Can I make libcurl fake or hide my real IP address?
- No. libcurl operates on a higher level than so. Besides, faking IP address
- would imply sending IP packages with a made-up source address, and then you
- normally get a problem with intercepting the packages sent back as they
- would then not be routed to you!
+ No. libcurl operates on a higher level. Besides, faking IP address would
+ imply sending IP packets with a made-up source address, and then you normally
+ get a problem with receiving the packet sent back as they would then not be
+ routed to you!
If you use a proxy to access remote sites, the sites will not see your local
IP address but instead the address of the proxy.
Also note that on many networks NATs or other IP-munging techniques are used
that makes you see and use a different IP address locally than what the
- remote server will see you coming from.
+ remote server will see you coming from. You may also consider using
+ https://www.torproject.org/ .
5.13 How do I stop an ongoing transfer?
If you're using the multi interface, you can also stop a transfer by
removing the particular easy handle from the multi stack at any moment you
- think the transfer is done.
+ think the transfer is done or when you wish to abort the transfer.
5.14 Using C++ non-static functions for callbacks?
libcurl is a C library, it doesn't know anything about C++ member functions.
- You can overcome this "limitation" with a relative ease using a static
+ You can overcome this "limitation" with relative ease using a static
member function that is passed a pointer to the class:
// f is the pointer to your object.
- static YourClass::func(void *buffer, size_t sz, size_t n, void *f)
+ static size_t YourClass::func(void *buffer, size_t sz, size_t n, void *f)
{
// Call non-static member function.
static_cast<YourClass*>(f)->nonStaticFunction();
}
// This is how you pass pointer to the static function:
- curl_easy_setopt(hcurl, CURLOPT_WRITEFUNCTION, YourClass:func);
+ curl_easy_setopt(hcurl, CURLOPT_WRITEFUNCTION, YourClass::func);
curl_easy_setopt(hcurl, CURLOPT_WRITEDATA, this);
5.15 How do I get an FTP directory listing?
CURLOPT_CUSTOMREQUEST to alter what exact listing command libcurl would use
to list the files.
- The follow-up question that tend to follow the previous one, is how a
- program is supposed to parse the directory listing. How does it know what's
- a file and what's a dir and what's a symlink etc. The harsh reality is that
- FTP provides no such fine and easy-to-parse output. The output format FTP
- servers respond to LIST commands are entirely at the server's own liking and
- the NLST output doesn't reveal any types and in many cases don't even
- include all the directory entries. Also, both LIST and NLST tend to hide
- unix-style hidden files (those that start with a dot) by default so you need
- to do "LIST -a" or similar to see them.
-
- The application thus needs to parse the LIST output. One such existing
- list parser is available at http://cr.yp.to/ftpparse.html Versions of
+ The follow-up question tends to be how is a program supposed to parse the
+ directory listing. How does it know what's a file and what's a dir and what's
+ a symlink etc. If the FTP server supports the MLSD command then it will
+ return data in a machine-readable format that can be parsed for type. The
+ types are specified by RFC3659 section 7.5.1. If MLSD is not supported then
+ you have to work with what you're given. The LIST output format is entirely
+ at the server's own liking and the NLST output doesn't reveal any types and
+ in many cases doesn't even include all the directory entries. Also, both LIST
+ and NLST tend to hide unix-style hidden files (those that start with a dot)
+ by default so you need to do "LIST -a" or similar to see them.
+
+ Example - List only directories.
+ ftp.funet.fi supports MLSD and ftp.kernel.org does not:
+
+ curl -s ftp.funet.fi/pub/ -X MLSD | \
+ perl -lne 'print if s/(?:^|;)type=dir;[^ ]+ (.+)$/$1/'
+
+ curl -s ftp.kernel.org/pub/linux/kernel/ | \
+ perl -lne 'print if s/^d[-rwx]{9}(?: +[^ ]+){7} (.+)$/$1/'
+
+ If you need to parse LIST output in libcurl one such existing
+ list parser is available at https://cr.yp.to/ftpparse.html Versions of
libcurl since 7.21.0 also provide the ability to specify a wildcard to
download multiple files from one FTP directory.
+ 5.16 I want a different time-out!
+
+ Time and time again users realize that CURLOPT_TIMEOUT and
+ CURLOPT_CONNECTIMEOUT are not sufficiently advanced or flexible to cover all
+ the various use cases and scenarios applications end up with.
+
+ libcurl offers many more ways to time-out operations. A common alternative
+ is to use the CURLOPT_LOW_SPEED_LIMIT and CURLOPT_LOW_SPEED_TIME options to
+ specify the lowest possible speed to accept before to consider the transfer
+ timed out.
+
+ The most flexible way is by writing your own time-out logic and using
+ CURLOPT_XFERINFOFUNCTION (perhaps in combination with other callbacks) and
+ use that to figure out exactly when the right condition is met when the
+ transfer should get stopped.
+
+ 5.17 Can I write a server with libcurl?
+
+ No. libcurl offers no functions or building blocks to build any kind of
+ internet protocol server. libcurl is only a client-side library. For server
+ libraries, you need to continue your search elsewhere but there exist many
+ good open source ones out there for most protocols you could possibly want a
+ server for. And there are really good stand-alone ones that have been tested
+ and proven for many years. There's no need for you to reinvent them!
+
+ 5.18 Does libcurl use threads?
+
+ Put simply: no, libcurl will execute in the same thread you call it in. All
+ callbacks will be called in the same thread as the one you call libcurl in.
+
+ If you want to avoid your thread to be blocked by the libcurl call, you make
+ sure you use the non-blocking API which will do transfers asynchronously -
+ but still in the same single thread.
+
+ libcurl will potentially internally use threads for name resolving, if it
+ was built to work like that, but in those cases it'll create the child
+ threads by itself and they will only be used and then killed internally by
+ libcurl and never exposed to the outside.
6. License Issues
notice" somewhere. Most probably like in the documentation or in the section
where other third party dependencies already are mentioned and acknowledged.
- As can be seen here: http://curl.haxx.se/docs/companies.html and elsewhere,
+ As can be seen here: https://curl.haxx.se/docs/companies.html and elsewhere,
more and more companies are discovering the power of libcurl and take
advantage of it even in commercial environments.
7.2 Who wrote PHP/CURL?
- PHP/CURL is a module that comes with the regular PHP package. It depends and
- uses libcurl, so you need to have libcurl installed properly first before
- PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.
+ PHP/CURL was initially written by Sterling Hughes.
7.3 Can I perform multiple requests using the same handle?
unknown to me).
After a transfer, you just set new options in the handle and make another
- transfer. This will make libcurl to re-use the same connection if it can.
+ transfer. This will make libcurl re-use the same connection if it can.
+
+ 7.4 Does PHP/CURL have dependencies?
+
+ PHP/CURL is a module that comes with the regular PHP package. It depends on
+ and uses libcurl, so you need to have libcurl installed properly before
+ PHP/CURL can be used.
projects / platform / upstream / curl.git / blobdiff