.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
make your head spin!
curl is powered by libcurl for all transfer-related features. See
-\fIlibcurl(3)\fP for details.
+.BR libcurl (3)
+for details.
.SH URL
The URL syntax is protocol-dependent. You'll find a detailed description in
RFC 3986.
.IP "--ciphers <list of ciphers>"
(SSL) Specifies which ciphers to use in the connection. The list of ciphers
must specify valid ciphers. Read up on SSL cipher list details on this URL:
-\fIhttps://www.openssl.org/docs/apps/ciphers.html\fP
+\fIhttp://www.openssl.org/docs/apps/ciphers.html\fP
NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS
ciphers is in the NSSCipherSuite entry at this URL:
-\fIhttps://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
+\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
If this option is used several times, the last one will be used.
.IP "--compressed"
using the content-type application/x-www-form-urlencoded. Compare to
\fI-F, --form\fP.
-\fI-d, --data\fP is the same as \fI--data-ascii\fP. \fI--data-raw\fP is almost
-the same but does not have a special interpretation of the @ character. To
-post data purely binary, you should instead use the \fI--data-binary\fP option.
-To URL-encode the value of a form field you may use \fI--data-urlencode\fP.
+\fI-d, --data\fP is the same as \fI--data-ascii\fP. To post data purely binary,
+you should instead use the \fI--data-binary\fP option. To URL-encode the value
+of a form field you may use \fI--data-urlencode\fP.
If any of these options is used more than once on the same command line, the
data pieces specified will be merged together with a separating
stdin. Multiple files can also be specified. Posting data from a file
named 'foobar' would thus be done with \fI--data\fP @foobar. When --data is
told to read from a file like that, carriage returns and newlines will be
-stripped out. If you don't want the @ character to have a special
-interpretation use \fI--data-raw\fP instead.
+stripped out.
.IP "-D, --dump-header <file>"
Write the protocol headers to the specified file.
If this option is used several times, the ones following the first will append
data as described in \fI-d, --data\fP.
-.IP "--data-raw <data>"
-(HTTP) This posts data similarly to \fI--data\fP but without the special
-interpretation of the @ character. See \fI-d, --data\fP.
-(Added in 7.43.0)
.IP "--data-urlencode <data>"
(HTTP) This posts data, similar to the other --data options with the exception
that this performs URL-encoding. (Added in 7.18.0)
If this option is set, the default capath value will be ignored, and if it is
used several times, the last one will be used.
-.IP "--pinnedpubkey <pinned public key (hashes)>"
-(SSL) Tells curl to use the specified public key file (or hashes) to verify the
-peer. This can be a path to a file which contains a single public key in PEM or
-DER format, or any number of base64 encoded sha256 hashes preceded by
-\'sha256//\' and seperated by \';\'
+.IP "--pinnedpubkey <pinned public key>"
+(SSL) Tells curl to use the specified public key file to verify the peer. The
+file must contain a single public key in PEM or DER format.
When negotiating a TLS or SSL connection, the server sends a certificate
indicating its identity. A public key is extracted from this certificate and
if it does not exactly match the public key provided to this option, curl will
abort the connection before sending or receiving any data.
-Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and
-wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL,
-GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported.
+This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.
If this option is used several times, the last one will be used.
-.IP "--cert-status"
-(SSL) Tells curl to verify the status of the server certificate by using the
-Certificate Status Request (aka. OCSP stapling) TLS extension.
-
-If this option is enabled and the server sends an invalid (e.g. expired)
-response, if the response suggests that the server certificate has been revoked,
-or no response at all is received, the verification fails.
-
-This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
-(Added in 7.41.0)
-.IP "--false-start"
-
-(SSL) Tells curl to use false start during the TLS handshake. False start is a
-mode where a TLS client will start sending application data before verifying
-the server's Finished message, thus saving a round trip when performing a full
-handshake.
-
-This is currently only implemented in the NSS and Secure Transport (on iOS 7.0
-or later, or OS X 10.9 or later) backends.
-(Added in 7.42.0)
+(Added in 7.39.0)
.IP "-f, --fail"
(HTTP) Fail silently (no output at all) on server errors. This is mostly done
to better enable scripts etc to better deal with failed attempts. In normal
\fBcurl\fP -F password=@/etc/passwd www.mypasswords.com
To read content from stdin instead of a file, use - as the filename. This goes
-for both @ and < constructs. Unfortunately it does not support reading the
-file from a named pipe or similar, as it needs the full size before the
-transfer starts.
+for both @ and < constructs.
You can also tell curl what Content-Type to use by using 'type=', in a manner
similar to:
\&"normally" (like in the multicwd case). This is somewhat more standards
compliant than 'nocwd' but without the full penalty of 'multicwd'.
.RE
-.IP
(Added in 7.15.1)
.IP "--ftp-pasv"
(FTP) Use passive mode for the data connection. Passive is the internal default
\&# curl -H "X-First-Name: Joe" http://192.168.0.1/
-\fBWARNING\fP: headers set with this option will be set in all requests - even
-after redirects are followed, like when told with \fB-L, --location\fP. This
-can lead to the header being sent to other hosts than the original host, so
-sensitive headers should be used with caution combined with following
-redirects.
-
This option can be used multiple times to add/replace/remove multiple headers.
.IP "--hostpubmd5 <md5>"
(SCP/SFTP) Pass a string containing 32 hexadecimal digits. The string should
Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's
home directory for login name and password. This is typically used for FTP on
Unix. If used with HTTP, curl will enable user authentication. See
-\fInetrc(5)\fP \fIftp(1)\fP for details on the file format. Curl will not
-complain if that file doesn't have the right permissions (it should not be
-either world- or group-readable). The environment variable "HOME" is used to
-find the home directory.
+.BR netrc(4)
+or
+.BR ftp(1)
+for details on the file format. Curl will not complain if that file
+doesn't have the right permissions (it should not be either world- or
+group-readable). The environment variable "HOME" is used to find the home
+directory.
A quick and very simple example of how to setup a \fI.netrc\fP to allow curl
to FTP to the machine host.domain.com with user name \&'myself' and password
make curl pick the same IP address that is already used for the control
connection
.RE
-.IP
+
If this option is used several times, the last one will be used. Disable the
use of PORT with \fI--ftp-pasv\fP. Disable the attempt to use the EPRT command
instead of PORT by using \fI--disable-eprt\fP. EPRT is really PORT++.
(SSL/SSH) Passphrase for the private key
If this option is used several times, the last one will be used.
-.IP "--path-as-is"
-Tell curl to not handle sequences of /../ or /./ in the given URL
-path. Normally curl will squash or merge them according to standards but with
-this option set you tell it not to do that.
-
-(Added in 7.42.0)
.IP "--post301"
(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
into GET requests when following a 301 redirection. The non-RFC behaviour is
.IP "--proxy-ntlm"
Tells curl to use HTTP NTLM authentication when communicating with the given
proxy. Use \fI--ntlm\fP for enabling NTLM with a remote host.
-.IP "--proxy-service-name <servicename>"
-This option allows you to change the service name for proxy negotiation.
-
-Examples: --proxy-negotiate proxy-name \fI--proxy-service-name\fP sockd would use
-sockd/proxy-name. (Added in 7.43.0).
.IP "--proxy1.0 <proxyhost[:port]>"
Use the specified HTTP 1.0 proxy. If the port number is not specified, it is
assumed at port 1080.
.B 100-199,500-599
specifies two separate 100-byte ranges(*)(H)
.RE
-.IP
+
(*) = NOTE that this will cause the server to reply with a multipart
response!
.IP "--sasl-ir"
Enable initial response in SASL authentication.
(Added in 7.31.0)
-.IP "--service-name <servicename>"
-This option allows you to change the service name for SPNEGO.
-
-Examples: --negotiate \fI--service-name\fP sockd would use
-sockd/server-name. (Added in 7.43.0).
.IP "-S, --show-error"
When used with \fI-s\fP it makes curl show an error message if it fails.
.IP "--ssl"
may use workarounds known to cause interoperability problems with some older
SSL implementations. WARNING: this option loosens the SSL security, and by
using this flag you ask for exactly that. (Added in 7.25.0)
-.IP "--ssl-no-revoke"
-(WinSSL) This option tells curl to disable certificate revocation checks.
-WARNING: this option loosens the SSL security, and by using this flag you ask
-for exactly that. (Added in 7.44.0)
.IP "--socks4 <host[:port]>"
Use the specified SOCKS4 proxy. If the port number is not specified, it is
assumed at port 1080. (Added in 7.15.2)
still.
When using Kerberos V5 with a Windows based server you should include the
-Windows domain name in the user name, in order for the server to successfully
+Windows domain name in the user name, in order for the server to succesfully
obtain a Kerberos Ticket. If you don't then the initial authentication
handshake may fail.
The URL that was fetched last. This is most meaningful if you've told curl
to follow location: headers.
.RE
-.IP
+
If this option is used several times, the last one will be used.
.IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>"
Use the specified proxy.
If this option is used several times, the last one will be used.
.IP "-X, --request <command>"
(HTTP) Specifies a custom request method to use when communicating with the
-HTTP server. The specified request method will be used instead of the method
+HTTP server. The specified request will be used instead of the method
otherwise used (which defaults to GET). Read the HTTP 1.1 specification for
details and explanations. Common additional HTTP requests include PUT and
DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and
request, using -X HEAD will not suffice. You need to use the \fI-I, --head\fP
option.
-The method string you set with -X will be used for all requests, which if you
-for example use \fB-L, --location\fP may cause unintended side-effects when
-curl doesn't change request method according to the HTTP 30x response codes -
-and similar.
-
(FTP)
Specifies a custom FTP command to use instead of LIST when doing file lists
with FTP.