Add a demo of what an enhanced help system for curl might look like
This script demonstrates what help output might look like if it were
broken down into multiple categories so only a few related options are
displayed at the same time rather than all 231 at once.
The curlh script works just like curl but has different help options.
run "curlh --help-demo" to see which options are available and
"curlh --help" to see what ones might be available in the full version.
Only a few of the possible categories are implemented here but it should
be enough to get a flavour of what a full implementation might be like.
diff --git a/docs/examples/curlh b/docs/examples/curlh
new file mode 100755
index 0000000..28b9cce
--- /dev/null
+++ b/docs/examples/curlh
@@ -0,0 +1,2626 @@
+#!/bin/bash
+# Test program to demonstrate what a more powerful set of curl --help options
+# might look like.
+# Based on curl 7.70.0
+# Dan Fandrich
+# May 2020
+
+if [[ -z "$1" ]]; then
+ echo "curl: try 'curlh --help' or 'curlh --manual' for more information"
+ echo "or 'curlh --help-demo' for information about this demonstration script"
+ exit 2
+fi
+
+ALL_OPTS="$@"
+HELP_TYPE=
+VERBOSE=
+while [[ -n "$1" ]]; do
+ case "$1" in
+ --help | -h)
+ HELP_TYPE=basic
+ ;;
+ --help-clientauth)
+ # Special case both --help-clientauth and --help-ftps being used at the same time
+ if [[ "$HELP_TYPE" == "ftps" ]]; then
+ HELP_TYPE=clientauth+ftps
+ else
+ HELP_TYPE=clientauth
+ fi
+ ;;
+ --no-help-https)
+ if [[ -n "$HELP_TYPE" ]]; then
+ HELP_TYPE="$HELP_TYPE"-https
+ else
+ HELP_TYPE=-https
+ fi
+ ;;
+ --help-ftps)
+ if [[ "$HELP_TYPE" == "clientauth" ]]; then
+ HELP_TYPE=clientauth+ftps
+ elif [[ "$HELP_TYPE" == "-https" ]]; then
+ HELP_TYPE=ftps-https
+ else
+ HELP_TYPE=ftps
+ fi
+ ;;
+ --help-search)
+ case "$2" in
+ sni)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+These matching options were found for "sni":
+
+--connect-to <HOST1:PORT1:HOST2:PORT2>
+
+ For a request to the given HOST1:PORT1 pair, connect to
+ HOST2:PORT2 instead. This option is suitable to direct requests
+ at a specific server, e.g. at a specific cluster node in a clus-
+ ter of servers. This option is only used to establish the net-
+ work connection. It does NOT affect the hostname/port that is
+ used for TLS/SSL (e.g. SNI, certificate verification) or for the
+ application protocols. "HOST1" and "PORT1" may be the empty
+ string, meaning "any host/port". "HOST2" and "PORT2" may also be
+ the empty string, meaning "use the request's original
+ host/port".
+
+ A "host" specified to this option is compared as a string, so it
+ needs to match the name used in request URL. It can be either
+ numerical such as "127.0.0.1" or the full host name such as "ex-
+ ample.org".
+
+ This option can be used many times to add many connect rules.
+
+ See also --resolve and -H, --header. Added in 7.49.0.
+EOF
+ else
+ cat <<EOF
+These matching options were found for "sni":
+
+ --connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
+EOF
+ fi
+ exit 0;
+ ;;
+
+ epsv)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Verbose help TBD
+EOF
+ else
+ cat <<EOF
+These matching options were found for "epsv":
+
+ --disable-epsv Inhibit using EPSV
+ --ftp-pasv Use PASV/EPSV instead of PORT
+ --ftp-pret Send PRET before PASV
+ --ftp-skip-pasv-ip Skip the IP address for PASV
+EOF
+ fi
+ exit 0;
+ ;;
+ *)
+ echo "Error: you're confusing my brain with this search!"
+ echo "I only know about sni and epsv."
+ exit 1
+ ;;
+ esac
+ ;;
+
+ --help-*)
+ HELP_TYPE="${1#--help-}"
+ ;;
+ --verbose | -v)
+ VERBOSE=1
+ ;;
+ esac
+ shift
+done
+
+# Restore options in case we need to call curl
+set -- $ALL_OPTS
+
+if [[ -n "$HELP_TYPE" ]]; then
+ case "$HELP_TYPE" in
+ basic)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Basic options:
+
+--anyauth
+ (HTTP) Tells curl to figure out authentication method by itself, and
+ use the most secure one the remote site claims to support. This is
+ done by first doing a request and checking the response-headers, thus
+ possibly inducing an extra network round-trip. This is used instead of
+ setting a specific authentication method, which you can do with --ba‐
+ sic, --digest, --ntlm, and --negotiate.
+
+ Using --anyauth is not recommended if you do uploads from stdin, since
+ it may require data to be sent twice and then the client must be able
+ to rewind. If the need should arise when uploading from stdin, the up‐
+ load operation will fail.
+
+ Used together with -u, --user.
+
+ See also --proxy-anyauth and --basic and --digest.
+
+-a, --append
+ (FTP SFTP) When used in an upload, this makes curl append to the tar‐
+ get file instead of overwriting it. If the remote file doesn't exist,
+ it will be created. Note that this flag is ignored by some SFTP
+ servers (including OpenSSH).
+
+--basic
+ (HTTP) Tells curl to use HTTP Basic authentication with the remote
+ host. This is the default and this option is usually pointless, unless
+ you use it to override a previously set option that sets a different
+ authentication method (such as --ntlm, --digest, or --negotiate).
+
+ Used together with -u, --user.
+
+ See also --proxy-basic.
+
+-K, --config <file>
+
+ Specify a text file to read curl arguments from. The command line ar‐
+ guments found in the text file will be used as if they were provided
+ on the command line.
+
+ Options and their parameters must be specified on the same line in the
+ file, separated by whitespace, colon, or the equals sign. Long option
+ names can optionally be given in the config file without the initial
+ double dashes and if so, the colon or equals characters can be used as
+ separators. If the option is specified with one or two dashes, there
+ can be no colon or equals character between the option and its parame‐
+ ter.
+
+ If the parameter contains whitespace (or starts with : or =), the pa‐
+ rameter must be enclosed within quotes. Within double quotes, the fol‐
+ lowing escape sequences are available: \\, \", \t, \n, \r and \v. A
+ backslash preceding any other letter is ignored. If the first column
+ of a config line is a '#' character, the rest of the line will be
+ treated as a comment. Only write one option per physical line in the
+ config file.
+
+ Specify the filename to -K, --config as '-' to make curl read the file
+ from stdin.
+
+ Note that to be able to specify a URL in the config file, you need to
+ specify it using the --url option, and not by simply writing the URL
+ on its own line. So, it could look similar to this:
+
+ url = "https://curl.haxx.se/docs/"
+
+ When curl is invoked, it (unless -q, --disable is used) checks for a
+ default config file and uses it if found. The default config file is
+ checked for in the following places in this order:
+
+ 1) curl tries to find the "home dir": It first checks for the
+ CURL_HOME and then the HOME environment variables. Failing that, it
+ uses getpwuid() on Unix-like systems (which returns the home dir given
+ the current user in your system). On Windows, it then checks for the
+ APPDATA variable, or as a last resort the '%USERPROFILE%\Application
+ Data'.
+
+ 2) On windows, if there is no .curlrc file in the home dir, it checks
+ for one in the same dir the curl executable is placed. On Unix-like
+ systems, it will simply try to load .curlrc from the determined home
+ dir.
+
+ # --- Example file ---
+ # this is a comment
+ url = "example.com"
+ output = "curlhere.html"
+ user-agent = "superagent/1.0"
+
+ # and fetch another URL too
+ url = "example.com/docs/manpage.html"
+ -O
+ referer = "http://nowhereatall.example.com/"
+ # --- End of example file ---
+
+ This option can be used multiple times to load multiple config files.
+
+--connect-timeout <seconds>
+ Maximum time in seconds that you allow curl's connection to take.
+ This only limits the connection phase, so if curl connects within the
+ given period it will continue - if not it will exit. Since version
+ 7.32.0, this option accepts decimal values.
+
+ If this option is used several times, the last one will be used.
+
+ See also -m, --max-time.
+
+-c, --cookie-jar <filename>
+ (HTTP) Specify to which file you want curl to write all cookies after
+ a completed operation. Curl writes all cookies from its in-memory
+ cookie storage to the given file at the end of operations. If no cook‐
+ ies are known, no data will be written. The file will be written using
+ the Netscape cookie file format. If you set the file name to a single
+ dash, "-", the cookies will be written to stdout.
+
+ This command line option will activate the cookie engine that makes
+ curl record and use cookies. Another way to activate it is to use the
+ -b, --cookie option.
+
+ If the cookie jar can't be created or written to, the whole curl oper‐
+ ation won't fail or even report an error clearly. Using -v, --verbose
+ will get a warning displayed, but that is the only visible feedback
+ you get about this possibly lethal situation.
+
+ If this option is used several times, the last specified file name
+ will be used.
+
+-b, --cookie <data|filename>
+ (HTTP) Pass the data to the HTTP server in the Cookie header. It is
+ supposedly the data previously received from the server in a "Set-
+ Cookie:" line. The data should be in the format "NAME1=VALUE1;
+ NAME2=VALUE2".
+
+ If no '=' symbol is used in the argument, it is instead treated as a
+ filename to read previously stored cookie from. This option also acti‐
+ vates the cookie engine which will make curl record incoming cookies,
+ which may be handy if you're using this in combination with the -L,
+ --location option or do multiple URL transfers on the same invoke. If
+ the file name is exactly a minus ("-"), curl will instead the contents
+ from stdin.
+
+ The file format of the file to read cookies from should be plain HTTP
+ headers (Set-Cookie style) or the Netscape/Mozilla cookie file format.
+
+ The file specified with -b, --cookie is only used as input. No cookies
+ will be written to the file. To store cookies, use the -c, --cookie-
+ jar option.
+
+ Exercise caution if you are using this option and multiple transfers
+ may occur. If you use the NAME1=VALUE1; format, or in a file use the
+ Set-Cookie format and don't specify a domain, then the cookie is sent
+ for any domain (even after redirects are followed) and cannot be modi‐
+ fied by a server-set cookie. If the cookie engine is enabled and a
+ server sets a cookie of the same name then both will be sent on a fu‐
+ ture transfer to that server, likely not what you intended. To ad‐
+ dress these issues set a domain in Set-Cookie (doing that will include
+ sub domains) or use the Netscape format.
+
+ If this option is used several times, the last one will be used.
+
+ Users very often want to both read cookies from a file and write up‐
+ dated cookies back to a file, so using both -b, --cookie and -c,
+ --cookie-jar in the same command line is common.
+
+-d, --data <data>
+ (HTTP) Sends the specified data in a POST request to the HTTP server,
+ in the same way that a browser does when a user has filled in an HTML
+ form and presses the submit button. This will cause curl to pass the
+ data to the server using the content-type application/x-www-form-ur‐
+ lencoded. Compare to -F, --form.
+
+ --data-raw is almost the same but does not have a special interpreta‐
+ tion of the @ character. To post data purely binary, you should in‐
+ stead use the --data-binary option. To URL-encode the value of a form
+ field you may use --data-urlencode.
+
+ If any of these options is used more than once on the same command
+ line, the data pieces specified will be merged together with a sepa‐
+ rating &-symbol. Thus, using '-d name=daniel -d skill=lousy' would
+ generate a post chunk that looks like 'name=daniel&skill=lousy'.
+
+ If you start the data with the letter @, the rest should be a file
+ name to read the data from, or - if you want curl to read the data
+ from stdin. Multiple files can also be specified. Posting data from a
+ file named 'foobar' would thus be done with -d, --data @foobar. When
+ --data is told to read from a file like that, carriage returns and
+ newlines will be stripped out. If you don't want the @ character to
+ have a special interpretation use --data-raw instead.
+
+ See also --data-binary and --data-urlencode and --data-raw. This op‐
+ tion overrides -F, --form and -I, --head and -T, --upload-file.
+
+-f, --fail
+ (HTTP) Fail silently (no output at all) on server errors. This is
+ mostly done to better enable scripts etc to better deal with failed
+ attempts. In normal cases when an HTTP server fails to deliver a docu‐
+ ment, it returns an HTML document stating so (which often also de‐
+ scribes why and more). This flag will prevent curl from outputting
+ that and return error 22.
+
+ This method is not fail-safe and there are occasions where non-suc‐
+ cessful response codes will slip through, especially when authentica‐
+ tion is involved (response codes 401 and 407).
+
+--fail-early
+ Fail and exit on the first detected transfer error.
+
+ When curl is used to do multiple transfers on the command line, it
+ will attempt to operate on each given URL, one by one. By default, it
+ will ignore errors if there are more URLs given and the last URL's
+ success will determine the error code curl returns. So early failures
+ will be "hidden" by subsequent successful transfers.
+
+ Using this option, curl will instead return an error on the first
+ transfer that fails, independent of the amount of URLs that are given
+ on the command line. This way, no transfer failures go undetected by
+ scripts and similar.
+
+ This option is global and does not need to be specified for each use
+ of -:, --next.
+
+ This option does not imply -f, --fail, which causes transfers to fail
+ due to the server's HTTP status code. You can combine the two options,
+ however note -f, --fail is not global and is therefore contained by
+ -:, --next.
+
+ Added in 7.52.0.
+
+-F, --form <name=content>
+ (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a
+ filled-in form in which a user has pressed the submit button. This
+ causes curl to POST data using the Content-Type multipart/form-data
+ according to RFC 2388.
+
+ For SMTP and IMAP protocols, this is the mean to compose a multipart
+ mail message to transmit.
+
+ This enables uploading of binary files etc. To force the 'content'
+ part to be a file, prefix the file name with an @ sign. To just get
+ the content part from a file, prefix the file name with the symbol <.
+ The difference between @ and < is then that @ makes a file get at‐
+ tached in the post as a file upload, while the < makes a text field
+ and just get the contents for that text field from a file.
+
+ Tell curl to read content from stdin instead of a file by using - as
+ filename. This goes for both @ and < constructs. When stdin is used,
+ the contents is buffered in memory first by curl to determine its size
+ and allow a possible resend. Defining a part's data from a named non-
+ regular file (such as a named pipe or similar) is unfortunately not
+ subject to buffering and will be effectively read at transmission
+ time; since the full size is unknown before the transfer starts, such
+ data is sent as chunks by HTTP and rejected by IMAP.
+
+ Example: send an image to an HTTP server, where 'profile' is the name
+ of the form-field to which the file portrait.jpg will be the input:
+
+ curl -F profile=@portrait.jpg https://example.com/upload.cgi
+
+ Example: send a your name and shoe size in two text fields to the
+ server:
+
+ curl -F name=John -F shoesize=11 https://example.com/
+
+ Example: send a your essay in a text field to the server. Send it as a
+ plain text field, but get the contents for it from a local file:
+
+ curl -F "story=<hugefile.txt" https://example.com/
+
+ You can also tell curl what Content-Type to use by using 'type=', in a
+ manner similar to:
+
+ curl -F "web=@index.html;type=text/html" example.com
+
+ or
+
+ curl -F "name=daniel;type=text/foo" example.com
+
+ You can also explicitly change the name field of a file upload part by
+ setting filename=, like this:
+
+ curl -F "file=@localfile;filename=nameinpost" example.com
+
+ If filename/path contains ',' or ';', it must be quoted by double-
+ quotes like:
+
+ curl -F "file=@\"localfile\";filename=\"nameinpost\"" example.com
+
+ or
+
+ curl -F 'file=@"localfile";filename="nameinpost"' example.com
+
+ Note that if a filename/path is quoted by double-quotes, any double-
+ quote or backslash within the filename must be escaped by backslash.
+
+ Quoting must also be applied to non-file data if it contains semi‐
+ colons, leading/trailing spaces or leading double quotes:
+
+ curl -F 'colors="red; green; blue";type=text/x-myapp' example.com
+
+ You can add custom headers to the field by setting headers=, like
+
+ curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
+
+ or
+
+ curl -F "submit=OK;headers=@headerfile" example.com
+
+ The headers= keyword may appear more that once and above notes about
+ quoting apply. When headers are read from a file, Empty lines and
+ lines starting with '#' are comments and ignored; each header can be
+ folded by splitting between two words and starting the continuation
+ line with a space; embedded carriage-returns and trailing spaces are
+ stripped. Here is an example of a header file contents:
+
+ # This file contain two headers.
+ X-header-1: this is a header
+
+ # The following header is folded.
+ X-header-2: this is
+ another header
+
+ To support sending multipart mail messages, the syntax is extended as
+ follows:
+ - name can be omitted: the equal sign is the first character of the
+ argument,
+ - if data starts with '(', this signals to start a new multipart: it
+ can be followed by a content type specification.
+ - a multipart can be terminated with a '=)' argument.
+
+ Example: the following command sends an SMTP mime e-mail consisting in
+ an inline part in two alternative formats: plain text and HTML. It at‐
+ taches a text file:
+
+ curl -F '=(;type=multipart/alternative' \
+ -F '=plain text message' \
+ -F '= <body>HTML message</body>;type=text/html' \
+ -F '=)' -F '=@textfile.txt' ... smtp://example.com
+
+ Data can be encoded for transfer using encoder=. Available encodings
+ are binary and 8bit that do nothing else than adding the corresponding
+ Content-Transfer-Encoding header, 7bit that only rejects 8-bit charac‐
+ ters with a transfer error, quoted-printable and base64 that encodes
+ data according to the corresponding schemes, limiting lines length to
+ 76 characters.
+
+ Example: send multipart mail with a quoted-printable text message and
+ a base64 attached file:
+
+ curl -F '=text message;encoder=quoted-printable' \
+ -F '=@localfile;encoder=base64' ... smtp://example.com
+
+ See further examples and details in the MANUAL.
+
+ This option can be used multiple times.
+
+ This option overrides -d, --data and -I, --head and -T, --upload-file.
+
+--form-string <name=string>
+ (HTTP SMTP IMAP) Similar to -F, --form except that the value string
+ for the named parameter is used literally. Leading '@' and '<' charac‐
+ ters, and the ';type=' string in the value have no special meaning.
+ Use this in preference to -F, --form if there's any possibility that
+ the string value may accidentally trigger the '@' or '<' features of
+ -F, --form.
+
+ See also -F, --form.
+
+-G, --get
+ When used, this option will make all data specified with -d, --data,
+ --data-binary or --data-urlencode to be used in an HTTP GET request
+ instead of the POST request that otherwise would be used. The data
+ will be appended to the URL with a '?' separator.
+
+ If used in combination with -I, --head, the POST data will instead be
+ appended to the URL with a HEAD request.
+
+ If this option is used several times, only the first one is used. This
+ is because undoing a GET doesn't make sense, but you should then in‐
+ stead enforce the alternative method you prefer.
+
+-g, --globoff
+ This option switches off the "URL globbing parser". When you set this
+ option, you can specify URLs that contain the letters {}[] without
+ having them being interpreted by curl itself. Note that these letters
+ are not normal legal URL contents but they should be encoded according
+ to the URI standard.
+
+-I, --head
+ (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the com‐
+ mand HEAD which this uses to get nothing but the header of a document.
+ When used on an FTP or FILE file, curl displays the file size and last
+ modification time only.
+
+-H, --header <header/@file>
+ (HTTP) Extra header to include in the request when sending HTTP to a
+ server. You may specify any number of extra headers. Note that if you
+ should add a custom header that has the same name as one of the inter‐
+ nal ones curl would use, your externally set header will be used in‐
+ stead of the internal one. This allows you to make even trickier stuff
+ than curl would normally do. You should not replace internally set
+ headers without knowing perfectly well what you're doing. Remove an
+ internal header by giving a replacement without content on the right
+ side of the colon, as in: -H "Host:". If you send the custom header
+ with no-value then its header must be terminated with a semicolon,
+ such as -H "X-Custom-Header;" to send "X-Custom-Header:".
+
+ curl will make sure that each header you add/replace is sent with the
+ proper end-of-line marker, you should thus not add that as a part of
+ the header content: do not add newlines or carriage returns, they will
+ only mess things up for you.
+
+ Starting in 7.55.0, this option can take an argument in @filename
+ style, which then adds a header for each line in the input file. Using
+ @- will make curl read the header file from stdin.
+
+ See also the -A, --user-agent and -e, --referer options.
+
+ Starting in 7.37.0, you need --proxy-header to send custom headers in‐
+ tended for a proxy.
+
+ Example:
+
+ curl -H "X-First-Name: Joe" http://example.com/
+
+ WARNING: headers set with this option will be set in all requests -
+ even after redirects are followed, like when told with -L, --location.
+ This can lead to the header being sent to other hosts than the origi‐
+ nal host, so sensitive headers should be used with caution combined
+ with following redirects.
+
+ This option can be used multiple times to add/replace/remove multiple
+ headers.
+
+-h, --help
+ Usage help. This lists all basic command line options with a short
+ description.
+
+-k, --insecure
+ (TLS) By default, every SSL connection curl makes is verified to be
+ secure. This option allows curl to proceed and operate even for server
+ connections otherwise considered insecure.
+
+ The server connection is verified by making sure the server's certifi‐
+ cate contains the right name and verifies successfully using the cert
+ store.
+
+ See this online resource for further details:
+ https://curl.haxx.se/docs/sslcerts.html
+
+ See also --proxy-insecure and --cacert.
+
+-L, --location
+ (HTTP) If the server reports that the requested page has moved to a
+ different location (indicated with a Location: header and a 3XX re‐
+ sponse code), this option will make curl redo the request on the new
+ place. If used together with -i, --include or -I, --head, headers from
+ all requested pages will be shown. When authentication is used, curl
+ only sends its credentials to the initial host. If a redirect takes
+ curl to a different host, it won't be able to intercept the user+pass‐
+ word. See also --location-trusted on how to change this. You can limit
+ the amount of redirects to follow by using the --max-redirs option.
+
+ When curl follows a redirect and the request is not a plain GET (for
+ example POST or PUT), it will do the following request with a GET if
+ the HTTP response was 301, 302, or 303. If the response code was any
+ other 3xx code, curl will re-send the following request using the same
+ unmodified method.
+
+ You can tell curl to not change the non-GET request method to GET af‐
+ ter a 30x response by using the dedicated options for that: --post301,
+ --post302 and --post303.
+
+-M, --manual
+ Manual. Display the huge help text.
+
+-m, --max-time <seconds>
+ Maximum time in seconds that you allow the whole operation to take.
+ This is useful for preventing your batch jobs from hanging for hours
+ due to slow networks or links going down. Since 7.32.0, this option
+ accepts decimal values, but the actual timeout will decrease in accu‐
+ racy as the specified timeout increases in decimal precision.
+
+ If this option is used several times, the last one will be used.
+
+ See also --connect-timeout.
+
+-n, --netrc
+ Makes curl scan the .netrc (_netrc on Windows) file in the user's home
+ directory for login name and password. This is typically used for FTP
+ on Unix. If used with HTTP, curl will enable user authentication. See
+ netrc(5) ftp(1) for details on the file format. Curl will not complain
+ if that file doesn't have the right permissions (it should not be ei‐
+ ther world- or group-readable). The environment variable "HOME" is
+ used to find the home directory.
+
+ A quick and very simple example of how to setup a .netrc to allow curl
+ to FTP to the machine host.domain.com with user name 'myself' and
+ password 'secret' should look similar to:
+
+ machine host.domain.com login myself password secret
+
+-o, --output <file>
+ Write output to <file> instead of stdout. If you are using {} or [] to
+ fetch multiple documents, you can use '#' followed by a number in the
+ <file> specifier. That variable will be replaced with the current
+ string for the URL being fetched. Like in:
+
+ curl http://{one,two}.example.com -o "file_#1.txt"
+
+ or use several variables like:
+
+ curl http://{site,host}.host[1-5].com -o "#1_#2"
+
+ You may use this option as many times as the number of URLs you have.
+ For example, if you specify two URLs on the same command line, you can
+ use it like this:
+
+ curl -o aa example.com -o bb example.net
+
+ and the order of the -o options and the URLs doesn't matter, just that
+ the first -o is for the first URL and so on, so the above command line
+ can also be written as
+
+ curl example.com example.net -o aa -o bb
+
+ See also the --create-dirs option to create the local directories dy‐
+ namically. Specifying the output as '-' (a single dash) will force the
+ output to be done to stdout.
+
+ See also -O, --remote-name and --remote-name-all and -J, --remote-
+ header-name.
+
+-#, --progress-bar
+ Make curl display transfer progress as a simple progress bar instead
+ of the standard, more informational, meter.
+
+ This progress bar draws a single line of '#' characters across the
+ screen and shows a percentage if the transfer size is known. For
+ transfers without a known size, there will be space ship (-=o=-) that
+ moves back and forth but only while data is being transferred, with a
+ set of flying hash sign symbols on top.
+
+-x, --proxy [protocol://]host[:port]
+ Use the specified proxy.
+
+ The proxy string can be specified with a protocol:// prefix. No proto‐
+ col specified or http:// will be treated as HTTP proxy. Use socks4://,
+ socks4a://, socks5:// or socks5h:// to request a specific SOCKS ver‐
+ sion to be used. (The protocol support was added in curl 7.21.7)
+
+ HTTPS proxy support via https:// protocol prefix was added in 7.52.0
+ for OpenSSL, GnuTLS and NSS.
+
+ Unrecognized and unsupported proxy protocols cause an error since
+ 7.52.0. Prior versions may ignore the protocol and use http:// in‐
+ stead.
+
+ If the port number is not specified in the proxy string, it is assumed
+ to be 1080.
+
+ This option overrides existing environment variables that set the
+ proxy to use. If there's an environment variable setting a proxy, you
+ can set proxy to "" to override it.
+
+ All operations that are performed over an HTTP proxy will transpar‐
+ ently be converted to HTTP. It means that certain protocol specific
+ operations might not be available. This is not the case if you can
+ tunnel through the proxy, as one with the -p, --proxytunnel option.
+
+ User and password that might be provided in the proxy string are URL
+ decoded by curl. This allows you to pass in special characters such as
+ @ by using %40 or pass in a colon with %3a.
+
+ The proxy host can be specified the exact same way as the proxy envi‐
+ ronment variables, including the protocol prefix (http://) and the em‐
+ bedded user + password.
+
+ If this option is used several times, the last one will be used.
+
+-U, --proxy-user <user:password>
+ Specify the user name and password to use for proxy authentication.
+
+ If you use a Windows SSPI-enabled curl binary and do either Negotiate
+ or NTLM authentication then you can tell curl to select the user name
+ and password from your environment by specifying a single colon with
+ this option: "-U :".
+
+ On systems where it works, curl will hide the given option argument
+ from process listings. This is not enough to protect credentials from
+ possibly getting seen by other users on the same system as they will
+ still be visible for a brief moment before cleared. Such sensitive
+ data should be retrieved from a file instead or similar and never used
+ in clear text in a command line.
+
+ If this option is used several times, the last one will be used.
+
+--retry <num>
+ If a transient error is returned when curl tries to perform a trans‐
+ fer, it will retry this number of times before giving up. Setting the
+ number to 0 makes curl do no retries (which is the default). Transient
+ error means either: a timeout, an FTP 4xx response code or an HTTP 408
+ or 5xx response code.
+
+ When curl is about to retry a transfer, it will first wait one second
+ and then for all forthcoming retries it will double the waiting time
+ until it reaches 10 minutes which then will be the delay between the
+ rest of the retries. By using --retry-delay you disable this exponen‐
+ tial backoff algorithm. See also --retry-max-time to limit the total
+ time allowed for retries.
+
+ Since curl 7.66.0, curl will comply with the Retry-After: response
+ header if one was present to know when to issue the next retry.
+
+ If this option is used several times, the last one will be used.
+
+ Added in 7.12.3.
+
+-s, --silent
+ Silent or quiet mode. Don't show progress meter or error messages.
+ Makes Curl mute. It will still output the data you ask for, poten‐
+ tially even to the terminal/stdout unless you redirect it.
+
+ Use -S, --show-error in addition to this option to disable progress
+ meter but still show error messages.
+
+ See also -v, --verbose and --stderr.
+
+--ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection. Reverts
+ to a non-secure connection if the server doesn't support SSL/TLS. See
+ also --ftp-ssl-control and --ssl-reqd for different levels of encryp‐
+ tion required.
+
+ This option was formerly known as --ftp-ssl (Added in 7.11.0). That
+ option name can still be used but will be removed in a future version.
+
+ Added in 7.20.0.
+
+--trace <file>
+ Enables a full trace dump of all incoming and outgoing data, including
+ descriptive information, to the given output file. Use "-" as filename
+ to have the output sent to stdout. Use "%" as filename to have the
+ output sent to stderr.
+
+ If this option is used several times, the last one will be used.
+
+ This option overrides -v, --verbose and --trace-ascii.
+
+-T, --upload-file <file>
+ This transfers the specified local file to the remote URL. If there is
+ no file part in the specified URL, curl will append the local file
+ name. NOTE that you must use a trailing / on the last directory to re‐
+ ally prove to Curl that there is no file name or curl will think that
+ your last directory name is the remote file name to use. That will
+ most likely cause the upload operation to fail. If this is used on an
+ HTTP(S) server, the PUT command will be used.
+
+ Use the file name "-" (a single dash) to use stdin instead of a given
+ file. Alternately, the file name "." (a single period) may be speci‐
+ fied instead of "-" to use stdin in non-blocking mode to allow reading
+ server output while stdin is being uploaded.
+
+ You can specify one -T, --upload-file for each URL on the command
+ line. Each -T, --upload-file + URL pair specifies what to upload and
+ to where. curl also supports "globbing" of the -T, --upload-file argu‐
+ ment, meaning that you can upload multiple files to a single URL by
+ using the same URL globbing style supported in the URL, like this:
+
+ curl --upload-file "{file1,file2}" http://www.example.com
+
+ or even
+
+ curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
+
+ When uploading to an SMTP server: the uploaded data is assumed to be
+ RFC 5322 formatted. It has to feature the necessary set of headers and
+ mail body formatted correctly by the user as curl will not transcode
+ nor encode it further in any way.
+
+-u, --user <user:password>
+ Specify the user name and password to use for server authentication.
+ Overrides -n, --netrc and --netrc-optional.
+
+ If you simply specify the user name, curl will prompt for a password.
+
+ The user name and passwords are split up on the first colon, which
+ makes it impossible to use a colon in the user name with this option.
+ The password can, still.
+
+ On systems where it works, curl will hide the given option argument
+ from process listings. This is not enough to protect credentials from
+ possibly getting seen by other users on the same system as they will
+ still be visible for a brief moment before cleared. Such sensitive
+ data should be retrieved from a file instead or similar and never used
+ in clear text in a command line.
+
+ When using Kerberos V5 with a Windows based server you should include
+ the Windows domain name in the user name, in order for the server to
+ successfully obtain a Kerberos Ticket. If you don't then the initial
+ authentication handshake may fail.
+
+ When using NTLM, the user name can be specified simply as the user
+ name, without the domain, if there is a single domain and forest in
+ your setup for example.
+
+ To specify the domain name use either Down-Level Logon Name or UPN
+ (User Principal Name) formats. For example, EXAMPLE\user and user@ex‐
+ ample.com respectively.
+
+ If you use a Windows SSPI-enabled curl binary and perform Kerberos V5,
+ Negotiate, NTLM or Digest authentication then you can tell curl to se‐
+ lect the user name and password from your environment by specifying a
+ single colon with this option: "-u :".
+
+ If this option is used several times, the last one will be used.
+
+-v, --verbose
+ Makes curl verbose during the operation. Useful for debugging and see‐
+ ing what's going on "under the hood". A line starting with '>' means
+ "header data" sent by curl, '<' means "header data" received by curl
+ that is hidden in normal cases, and a line starting with '*' means ad‐
+ ditional info provided by curl.
+
+ If you only want HTTP headers in the output, -i, --include might be
+ the option you're looking for.
+
+ If you think this option still doesn't give you enough details, con‐
+ sider using --trace or --trace-ascii instead.
+
+ Use -s, --silent to make curl really quiet.
+
+ See also -i, --include. This option overrides --trace and --trace-
+ ascii.
+
+
+-V, --version
+ Displays information about curl and the libcurl version it uses.
+
+ The first line includes the full version of curl, libcurl and
+ other 3rd party libraries linked with the executable.
+
+ The second line (starts with "Protocols:") shows all protocols
+ that libcurl reports to support.
+
+ The third line (starts with "Features:") shows specific features
+ libcurl reports to offer. Available features include:
+
+ IPv6 You can use IPv6 with this.
+
+ krb4 Krb4 for FTP is supported.
+
+ SSL SSL versions of various protocols are supported, such as
+ HTTPS, FTPS, POP3S and so on.
+
+ libz Automatic decompression of compressed files over HTTP is
+ supported.
+
+ NTLM NTLM authentication is supported.
+
+ Debug This curl uses a libcurl built with Debug. This enables
+ more error-tracking and memory debugging etc. For curl-
+ developers only!
+
+ AsynchDNS
+ This curl uses asynchronous name resolves. Asynchronous
+ name resolves can be done using either the c-ares or the
+ threaded resolver backends.
+
+ SPNEGO SPNEGO authentication is supported.
+
+ Largefile
+ This curl supports transfers of large files, files larger
+ than 2GB.
+
+ IDN This curl supports IDN - international domain names.
+
+ GSS-API
+ GSS-API is supported.
+
+ SSPI SSPI is supported.
+
+ TLS-SRP
+ SRP (Secure Remote Password) authentication is supported
+ for TLS.
+
+ HTTP2 HTTP/2 support has been built-in.
+
+ UnixSockets
+ Unix sockets support is provided.
+
+ HTTPS-proxy
+ This curl is built to support HTTPS proxy.
+
+ Metalink
+ This curl supports Metalink (both version 3 and 4 (RFC
+ 5854)), which describes mirrors and hashes. curl will
+ use mirrors for failover if there are errors (such as the
+ file or server not being available).
+
+ PSL PSL is short for Public Suffix List and means that this
+ curl has been built with knowledge about "public suf‐
+ fixes".
+
+ MultiSSL
+ This curl supports multiple TLS backends.
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+For help on a specific category, use --help-CATEGORY where CATEGORY is one of:
+ all, clientauth, debug, encryption, net, output, post, proxy, resolv,
+ request, script, serverauth,
+or a protocol scheme:
+ dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3,
+ pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp,
+If multiple help options are given the result is the intersection.
+Search the manual text for matching options with --help-search KEYWORD
+For detailed option help, use --verbose or -v with a --help option.
+For the curl manual, use --manual.
+
+Basic options:
+ --anyauth Pick any authentication method
+ -a, --append Append to target file when uploading
+ --basic Use HTTP Basic Authentication
+ -K, --config <file> Read config from a file
+ --connect-timeout <seconds> Maximum time allowed for connection
+ -b, --cookie <data|filename> Send cookies from string/file
+ -c, --cookie-jar <filename> Write cookies to <filename> after operation
+ -d, --data <data> HTTP POST data
+ -f, --fail Fail silently (no output at all) on HTTP errors
+ --fail-early Fail on first transfer error, do not continue
+ -F, --form <name=content> Specify multipart MIME data
+ --form-string <name=string> Specify multipart MIME data
+ -G, --get Put the post data in the URL and use GET
+ -g, --globoff Disable URL sequences and ranges using {} and []
+ -I, --head Show document info only
+ -H, --header <header/@file> Pass custom header(s) to server
+ -h, --help This help text
+ -k, --insecure Allow insecure server connections when using SSL
+ -L, --location Follow redirects
+ -M, --manual Display the full manual
+ -m, --max-time <seconds> Maximum time allowed for the transfer
+ -n, --netrc Must read .netrc for user name and password
+ -o, --output <file> Write to file instead of stdout
+ -#, --progress-bar Display transfer progress as a bar
+ -x, --proxy [protocol://]host[:port] Use this proxy
+ -U, --proxy-user <user:password> Proxy user and password
+ --retry <num> Retry request if transient problems occur
+ -s, --silent Silent mode
+ --ssl Try SSL/TLS
+ --trace <file> Write a debug trace to FILE
+ -T, --upload-file <file> Transfer local FILE to destination
+ -u, --user <user:password> Server user and password
+ -v, --verbose Make the operation more talkative
+ -V, --version Show version number and quit
+EOF
+ fi
+ exit 0
+ ;;
+
+ clientauth+ftps)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Verbose help TBD
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+These options affect client authentication with ftps:
+ -E, --cert <certificate[:password]> Client certificate file and password
+ --cert-type <type> Certificate file type (DER/PEM/ENG)
+ --delegation <LEVEL> GSS-API delegation permission
+ --disallow-username-in-url Disallow username in url
+ --ftp-account <data> Account data string
+ --ftp-alternative-to-user <command> String to replace USER [name]
+ --key <key> Private key file name
+ --key-type <type> Private key file type (DER/PEM/ENG)
+ --krb <level> Enable Kerberos with security <level>
+ --negotiate Use HTTP Negotiate (SPNEGO) authentication
+ -n, --netrc Must read .netrc for user name and password
+ --pass <phrase> Pass phrase for the private key
+ --proxy-anyauth Pick any proxy authentication method
+ --proxy-basic Use Basic authentication on the proxy
+ --proxy-cert <cert[:passwd]> Set client certificate for proxy
+ --proxy-cert-type <type> Client certificate type for HTTPS proxy
+ --proxy-digest Use Digest authentication on the proxy
+ --proxy-key <key> Private key for HTTPS proxy
+ --proxy-key-type <type> Private key file type for proxy
+ --proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
+ --proxy-ntlm Use NTLM authentication on the proxy
+ --proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
+ --proxy-service-name <name> SPNEGO proxy service name
+ --proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
+ --proxy-tlspassword <string> TLS password for HTTPS proxy
+ --proxy-tlsuser <name> TLS username for HTTPS proxy
+ -U, --proxy-user <user:password> Proxy user and password
+ --service-name <name> SPNEGO service name
+ --socks5-basic Enable username/password auth for SOCKS5 proxies
+ --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
+ --socks5-gssapi-nec Compatibility with NEC SOCKS5 server
+ --socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
+ --tlsauthtype <type> TLS authentication type
+ --tlspassword TLS password
+ --tlsuser <name> TLS user name
+ -u, --user <user:password> Server user and password
+EOF
+ fi
+ exit 0
+ ;;
+
+
+ clientauth)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Verbose help TBD
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+These options affect transport- or protocol-level client authentication:
+ --anyauth Pick any authentication method
+ --basic Use HTTP Basic Authentication
+ -E, --cert <certificate[:password]> Client certificate file and password
+ --cert-type <type> Certificate file type (DER/PEM/ENG)
+ --delegation <LEVEL> GSS-API delegation permission
+ --digest Use HTTP Digest Authentication
+ --disallow-username-in-url Disallow username in url
+ --ftp-account <data> Account data string
+ --ftp-alternative-to-user <command> String to replace USER [name]
+ --key <key> Private key file name
+ --key-type <type> Private key file type (DER/PEM/ENG)
+ --krb <level> Enable Kerberos with security <level>
+ --login-options <options> Server login options
+ --negotiate Use HTTP Negotiate (SPNEGO) authentication
+ -n, --netrc Must read .netrc for user name and password
+ --ntlm Use HTTP NTLM authentication
+ --ntlm-wb Use HTTP NTLM authentication with winbind
+ --oauth2-bearer <token> OAuth 2 Bearer Token
+ --pass <phrase> Pass phrase for the private key
+ --proxy-anyauth Pick any proxy authentication method
+ --proxy-basic Use Basic authentication on the proxy
+ --proxy-cert <cert[:passwd]> Set client certificate for proxy
+ --proxy-cert-type <type> Client certificate type for HTTPS proxy
+ --proxy-digest Use Digest authentication on the proxy
+ --proxy-key <key> Private key for HTTPS proxy
+ --proxy-key-type <type> Private key file type for proxy
+ --proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
+ --proxy-ntlm Use NTLM authentication on the proxy
+ --proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
+ --proxy-service-name <name> SPNEGO proxy service name
+ --proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
+ --proxy-tlspassword <string> TLS password for HTTPS proxy
+ --proxy-tlsuser <name> TLS username for HTTPS proxy
+ -U, --proxy-user <user:password> Proxy user and password
+ --pubkey <key> SSH Public key file name
+ --sasl-authzid <identity> Use this identity to act as during SASL PLAIN authentication
+ --sasl-ir Enable initial response in SASL authentication
+ --service-name <name> SPNEGO service name
+ --socks5-basic Enable username/password auth for SOCKS5 proxies
+ --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
+ --socks5-gssapi-nec Compatibility with NEC SOCKS5 server
+ --socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
+ --tlsauthtype <type> TLS authentication type
+ --tlspassword TLS password
+ --tlsuser <name> TLS user name
+ -u, --user <user:password> Server user and password
+EOF
+ fi
+ exit 0
+ ;;
+
+ serverauth)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Verbose help TBD
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+These options affect transport- or protocol-level server authentication:
+Usage: curl [options...] <url>
+ --cacert <file> CA certificate to verify peer against
+ --capath <dir> CA directory to verify peer against
+ --cert-status Verify the status of the server certificate
+ --crlfile <file> Get a CRL list in PEM format from the given file
+ --delegation <LEVEL> GSS-API delegation permission
+ --hostpubmd5 <md5> Acceptable MD5 hash of the host public key
+ -k, --insecure Allow insecure server connections when using SSL
+ --krb <level> Enable Kerberos with security <level>
+ --negotiate Use HTTP Negotiate (SPNEGO) authentication
+ --pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
+ --proxy-cacert <file> CA certificate to verify peer against for proxy
+ --proxy-capath <dir> CA directory to verify peer against for proxy
+ --proxy-crlfile <file> Set a CRL list for proxy
+ --proxy-insecure Do HTTPS proxy connections without verifying the proxy
+ --proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
+ --proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
+ --proxy-service-name <name> SPNEGO proxy service name
+ --service-name <name> SPNEGO service name
+ --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
+ --ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
+EOF
+ fi
+ exit 0
+ ;;
+
+
+ all)
+ if [[ -n "$VERBOSE" ]]; then
+ curl --manual
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+ --abstract-unix-socket <path> Connect via abstract Unix domain socket
+ --alt-svc <file name> Enable alt-svc with this cache file
+ --anyauth Pick any authentication method
+ -a, --append Append to target file when uploading
+ --basic Use HTTP Basic Authentication
+ --cacert <file> CA certificate to verify peer against
+ --capath <dir> CA directory to verify peer against
+ -E, --cert <certificate[:password]> Client certificate file and password
+ --cert-status Verify the status of the server certificate
+ --cert-type <type> Certificate file type (DER/PEM/ENG)
+ --ciphers <list of ciphers> SSL ciphers to use
+ --compressed Request compressed response
+ --compressed-ssh Enable SSH compression
+ -K, --config <file> Read config from a file
+ --connect-timeout <seconds> Maximum time allowed for connection
+ --connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
+ -C, --continue-at <offset> Resumed transfer offset
+ -b, --cookie <data|filename> Send cookies from string/file
+ -c, --cookie-jar <filename> Write cookies to <filename> after operation
+ --create-dirs Create necessary local directory hierarchy
+ --crlf Convert LF to CRLF in upload
+ --crlfile <file> Get a CRL list in PEM format from the given file
+ -d, --data <data> HTTP POST data
+ --data-ascii <data> HTTP POST ASCII data
+ --data-binary <data> HTTP POST binary data
+ --data-raw <data> HTTP POST data, '@' allowed
+ --data-urlencode <data> HTTP POST data url encoded
+ --delegation <LEVEL> GSS-API delegation permission
+ --digest Use HTTP Digest Authentication
+ -q, --disable Disable .curlrc
+ --disable-eprt Inhibit using EPRT or LPRT
+ --disable-epsv Inhibit using EPSV
+ --disallow-username-in-url Disallow username in url
+ --dns-interface <interface> Interface to use for DNS requests
+ --dns-ipv4-addr <address> IPv4 address to use for DNS requests
+ --dns-ipv6-addr <address> IPv6 address to use for DNS requests
+ --dns-servers <addresses> DNS server addrs to use
+ --doh-url <URL> Resolve host names over DOH
+ -D, --dump-header <filename> Write the received headers to <filename>
+ --egd-file <file> EGD socket path for random data
+ --engine <name> Crypto engine to use
+ --etag-save <file> Get an ETag from response header and save it to a FILE
+ --etag-compare <file> Get an ETag from a file and send a conditional request
+ --expect100-timeout <seconds> How long to wait for 100-continue
+ -f, --fail Fail silently (no output at all) on HTTP errors
+ --fail-early Fail on first transfer error, do not continue
+ --false-start Enable TLS False Start
+ -F, --form <name=content> Specify multipart MIME data
+ --form-string <name=string> Specify multipart MIME data
+ --ftp-account <data> Account data string
+ --ftp-alternative-to-user <command> String to replace USER [name]
+ --ftp-create-dirs Create the remote dirs if not present
+ --ftp-method <method> Control CWD usage
+ --ftp-pasv Use PASV/EPSV instead of PORT
+ -P, --ftp-port <address> Use PORT instead of PASV
+ --ftp-pret Send PRET before PASV
+ --ftp-skip-pasv-ip Skip the IP address for PASV
+ --ftp-ssl-ccc Send CCC after authenticating
+ --ftp-ssl-ccc-mode <active/passive> Set CCC mode
+ --ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer
+ -G, --get Put the post data in the URL and use GET
+ -g, --globoff Disable URL sequences and ranges using {} and []
+ --happy-eyeballs-timeout-ms <milliseconds> How long to wait in milliseconds for IPv6 before trying IPv4
+ --haproxy-protocol Send HAProxy PROXY protocol v1 header
+ -I, --head Show document info only
+ -H, --header <header/@file> Pass custom header(s) to server
+ -h, --help This help text
+ --hostpubmd5 <md5> Acceptable MD5 hash of the host public key
+ --http0.9 Allow HTTP 0.9 responses
+ -0, --http1.0 Use HTTP 1.0
+ --http1.1 Use HTTP 1.1
+ --http2 Use HTTP 2
+ --http2-prior-knowledge Use HTTP 2 without HTTP/1.1 Upgrade
+ --http3 Use HTTP v3
+ --ignore-content-length Ignore the size of the remote resource
+ -i, --include Include protocol response headers in the output
+ -k, --insecure Allow insecure server connections when using SSL
+ --interface <name> Use network INTERFACE (or address)
+ -4, --ipv4 Resolve names to IPv4 addresses
+ -6, --ipv6 Resolve names to IPv6 addresses
+ -j, --junk-session-cookies Ignore session cookies read from file
+ --keepalive-time <seconds> Interval time for keepalive probes
+ --key <key> Private key file name
+ --key-type <type> Private key file type (DER/PEM/ENG)
+ --krb <level> Enable Kerberos with security <level>
+ --libcurl <file> Dump libcurl equivalent code of this command line
+ --limit-rate <speed> Limit transfer speed to RATE
+ -l, --list-only List only mode
+ --local-port <num/range> Force use of RANGE for local port numbers
+ -L, --location Follow redirects
+ --location-trusted Like --location, and send auth to other hosts
+ --login-options <options> Server login options
+ --mail-auth <address> Originator address of the original email
+ --mail-from <address> Mail from this address
+ --mail-rcpt <address> Mail to this address
+ --mail-rcpt-allowfails Allow RCPT TO command to fail for some recipients
+ -M, --manual Display the full manual
+ --max-filesize <bytes> Maximum file size to download
+ --max-redirs <num> Maximum number of redirects allowed
+ -m, --max-time <seconds> Maximum time allowed for the transfer
+ --metalink Process given URLs as metalink XML file
+ --negotiate Use HTTP Negotiate (SPNEGO) authentication
+ -n, --netrc Must read .netrc for user name and password
+ --netrc-file <filename> Specify FILE for netrc
+ --netrc-optional Use either .netrc or URL
+ -:, --next Make next URL use its separate set of options
+ --no-alpn Disable the ALPN TLS extension
+ -N, --no-buffer Disable buffering of the output stream
+ --no-keepalive Disable TCP keepalive on the connection
+ --no-npn Disable the NPN TLS extension
+ --no-progress-meter Do not show the progress meter
+ --no-sessionid Disable SSL session-ID reusing
+ --noproxy <no-proxy-list> List of hosts which do not use proxy
+ --ntlm Use HTTP NTLM authentication
+ --ntlm-wb Use HTTP NTLM authentication with winbind
+ --oauth2-bearer <token> OAuth 2 Bearer Token
+ -o, --output <file> Write to file instead of stdout
+ -Z, --parallel Perform transfers in parallel
+ --parallel-immediate Do not wait for multiplexing (with --parallel)
+ --parallel-max Maximum concurrency for parallel transfers
+ --pass <phrase> Pass phrase for the private key
+ --path-as-is Do not squash .. sequences in URL path
+ --pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
+ --post301 Do not switch to GET after following a 301
+ --post302 Do not switch to GET after following a 302
+ --post303 Do not switch to GET after following a 303
+ --preproxy [protocol://]host[:port] Use this proxy first
+ -#, --progress-bar Display transfer progress as a bar
+ --proto <protocols> Enable/disable PROTOCOLS
+ --proto-default <protocol> Use PROTOCOL for any URL missing a scheme
+ --proto-redir <protocols> Enable/disable PROTOCOLS on redirect
+ -x, --proxy [protocol://]host[:port] Use this proxy
+ --proxy-anyauth Pick any proxy authentication method
+ --proxy-basic Use Basic authentication on the proxy
+ --proxy-cacert <file> CA certificate to verify peer against for proxy
+ --proxy-capath <dir> CA directory to verify peer against for proxy
+ --proxy-cert <cert[:passwd]> Set client certificate for proxy
+ --proxy-cert-type <type> Client certificate type for HTTPS proxy
+ --proxy-ciphers <list> SSL ciphers to use for proxy
+ --proxy-crlfile <file> Set a CRL list for proxy
+ --proxy-digest Use Digest authentication on the proxy
+ --proxy-header <header/@file> Pass custom header(s) to proxy
+ --proxy-insecure Do HTTPS proxy connections without verifying the proxy
+ --proxy-key <key> Private key for HTTPS proxy
+ --proxy-key-type <type> Private key file type for proxy
+ --proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
+ --proxy-ntlm Use NTLM authentication on the proxy
+ --proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
+ --proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
+ --proxy-service-name <name> SPNEGO proxy service name
+ --proxy-ssl-allow-beast Allow security flaw for interop for HTTPS proxy
+ --proxy-tls13-ciphers <list> TLS 1.3 ciphersuites for proxy (OpenSSL)
+ --proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
+ --proxy-tlspassword <string> TLS password for HTTPS proxy
+ --proxy-tlsuser <name> TLS username for HTTPS proxy
+ --proxy-tlsv1 Use TLSv1 for HTTPS proxy
+ -U, --proxy-user <user:password> Proxy user and password
+ --proxy1.0 <host[:port]> Use HTTP/1.0 proxy on given port
+ -p, --proxytunnel Operate through an HTTP proxy tunnel (using CONNECT)
+ --pubkey <key> SSH Public key file name
+ -Q, --quote Send command(s) to server before transfer
+ --random-file <file> File for reading random data from
+ -r, --range <range> Retrieve only the bytes within RANGE
+ --raw Do HTTP "raw"; no transfer decoding
+ -e, --referer <URL> Referrer URL
+ -J, --remote-header-name Use the header-provided filename
+ -O, --remote-name Write output to a file named as the remote file
+ --remote-name-all Use the remote file name for all URLs
+ -R, --remote-time Set the remote file's time on the local output
+ -X, --request <command> Specify request command to use
+ --request-target Specify the target for this request
+ --resolve <host:port:address[,address]...> Resolve the host+port to this address
+ --retry <num> Retry request if transient problems occur
+ --retry-connrefused Retry on connection refused (use with --retry)
+ --retry-delay <seconds> Wait time between retries
+ --retry-max-time <seconds> Retry only within this period
+ --sasl-authzid <identity> Use this identity to act as during SASL PLAIN authentication
+ --sasl-ir Enable initial response in SASL authentication
+ --service-name <name> SPNEGO service name
+ -S, --show-error Show error even when -s is used
+ -s, --silent Silent mode
+ --socks4 <host[:port]> SOCKS4 proxy on given host + port
+ --socks4a <host[:port]> SOCKS4a proxy on given host + port
+ --socks5 <host[:port]> SOCKS5 proxy on given host + port
+ --socks5-basic Enable username/password auth for SOCKS5 proxies
+ --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
+ --socks5-gssapi-nec Compatibility with NEC SOCKS5 server
+ --socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
+ --socks5-hostname <host[:port]> SOCKS5 proxy, pass host name to proxy
+ -Y, --speed-limit <speed> Stop transfers slower than this
+ -y, --speed-time <seconds> Trigger 'speed-limit' abort after this time
+ --ssl Try SSL/TLS
+ --ssl-allow-beast Allow security flaw to improve interop
+ --ssl-no-revoke Disable cert revocation checks (Schannel)
+ --ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
+ --ssl-reqd Require SSL/TLS
+ -2, --sslv2 Use SSLv2
+ -3, --sslv3 Use SSLv3
+ --stderr Where to redirect stderr
+ --styled-output Enable styled output for HTTP headers
+ --suppress-connect-headers Suppress proxy CONNECT response headers
+ --tcp-fastopen Use TCP Fast Open
+ --tcp-nodelay Use the TCP_NODELAY option
+ -t, --telnet-option <opt=val> Set telnet option
+ --tftp-blksize <value> Set TFTP BLKSIZE option
+ --tftp-no-options Do not send any TFTP options
+ -z, --time-cond <time> Transfer based on a time condition
+ --tls-max <VERSION> Set maximum allowed TLS version
+ --tls13-ciphers <list> TLS 1.3 ciphersuites (OpenSSL)
+ --tlsauthtype <type> TLS authentication type
+ --tlspassword TLS password
+ --tlsuser <name> TLS user name
+ -1, --tlsv1 Use TLSv1.0 or greater
+ --tlsv1.0 Use TLSv1.0 or greater
+ --tlsv1.1 Use TLSv1.1 or greater
+ --tlsv1.2 Use TLSv1.2 or greater
+ --tlsv1.3 Use TLSv1.3 or greater
+ --tr-encoding Request compressed transfer encoding
+ --trace <file> Write a debug trace to FILE
+ --trace-ascii <file> Like --trace, but without hex output
+ --trace-time Add time stamps to trace/verbose output
+ --unix-socket <path> Connect through this Unix domain socket
+ -T, --upload-file <file> Transfer local FILE to destination
+ --url <url> URL to work with
+ -B, --use-ascii Use ASCII/text transfer
+ -u, --user <user:password> Server user and password
+ -A, --user-agent <name> Send User-Agent <name> to server
+ -v, --verbose Make the operation more talkative
+ -V, --version Show version number and quit
+ -w, --write-out <format> Use output FORMAT after completion
+ --xattr Store metadata in extended file attributes
+EOF
+ fi
+ exit 0
+ ;;
+
+ debug)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+These options are used for debugging a transfer:
+
+-D, --dump-header <filename>
+ (HTTP FTP) Write the received protocol headers to the specified
+ file.
+
+ This option is handy to use when you want to store the headers
+ that an HTTP site sends to you. Cookies from the headers could
+ then be read in a second curl invocation by using the -b,
+ --cookie option! The -c, --cookie-jar option is a better way to
+ store cookies.
+
+ If no headers are received, the use of this option will create
+ an empty file.
+
+ When used in FTP, the FTP server response lines are considered
+ being "headers" and thus are saved there.
+
+ If this option is used several times, the last one will be used.
+
+ See also -o, --output.
+
+-I, --head
+ (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
+ command HEAD which this uses to get nothing but the header of a
+ document. When used on an FTP or FILE file, curl displays the
+ file size and last modification time only.
+
+-i, --include
+ Include the HTTP response headers in the output. The HTTP re-
+ sponse headers can include things like server name, cookies,
+ date of the document, HTTP version and more...
+
+ To view the request headers, consider the -v, --verbose option.
+
+ See also -v, --verbose.
+
+--stderr
+ Redirect all writes to stderr to the specified file instead. If
+ the file name is a plain '-', it is instead written to stdout.
+
+ If this option is used several times, the last one will be used.
+
+ See also -v, --verbose and -s, --silent.
+
+--trace-ascii <file>
+ Enables a full trace dump of all incoming and outgoing data, in-
+ cluding descriptive information, to the given output file. Use
+ "-" as filename to have the output sent to stdout.
+
+ This is very similar to --trace, but leaves out the hex part and
+ only shows the ASCII part of the dump. It makes smaller output
+ that might be easier to read for untrained humans.
+
+ If this option is used several times, the last one will be used.
+
+ This option overrides --trace and -v, --verbose.
+
+--trace-time
+ Prepends a time stamp to each trace or verbose line that curl
+ displays.
+
+ Added in 7.14.0.
+
+--trace <file>
+ Enables a full trace dump of all incoming and outgoing data, in-
+ cluding descriptive information, to the given output file. Use
+ "-" as filename to have the output sent to stdout. Use "%" as
+ filename to have the output sent to stderr.
+
+ If this option is used several times, the last one will be used.
+
+ This option overrides -v, --verbose and --trace-ascii.
+
+-v, --verbose
+ Makes curl verbose during the operation. Useful for debugging
+ and seeing what's going on "under the hood". A line starting
+ with '>' means "header data" sent by curl, '<' means "header
+ data" received by curl that is hidden in normal cases, and a
+ line starting with '*' means additional info provided by curl.
+
+ If you only want HTTP headers in the output, -i, --include might
+ be the option you're looking for.
+
+ If you think this option still doesn't give you enough details,
+ consider using --trace or --trace-ascii instead.
+
+ Use -s, --silent to make curl really quiet.
+
+ See also -i, --include. This option overrides --trace and
+ --trace-ascii.
+
+-V, --version
+ Displays information about curl and the libcurl version it uses.
+
+ The first line includes the full version of curl, libcurl and
+ other 3rd party libraries linked with the executable.
+
+ The second line (starts with "Protocols:") shows all protocols
+ that libcurl reports to support.
+
+ The third line (starts with "Features:") shows specific features
+ libcurl reports to offer. Available features include:
+
+ IPv6 You can use IPv6 with this.
+
+ krb4 Krb4 for FTP is supported.
+
+ SSL SSL versions of various protocols are supported, such as
+ HTTPS, FTPS, POP3S and so on.
+
+ libz Automatic decompression of compressed files over HTTP is
+ supported.
+
+ NTLM NTLM authentication is supported.
+
+ Debug This curl uses a libcurl built with Debug. This enables
+ more error-tracking and memory debugging etc. For curl-
+ developers only!
+
+ AsynchDNS
+ This curl uses asynchronous name resolves. Asynchronous
+ name resolves can be done using either the c-ares or the
+ threaded resolver backends.
+
+ SPNEGO SPNEGO authentication is supported.
+
+ Largefile
+ This curl supports transfers of large files, files larger
+ than 2GB.
+
+ IDN This curl supports IDN - international domain names.
+
+ GSS-API
+ GSS-API is supported.
+
+ SSPI SSPI is supported.
+
+ TLS-SRP
+ SRP (Secure Remote Password) authentication is supported
+ for TLS.
+
+ HTTP2 HTTP/2 support has been built-in.
+
+ UnixSockets
+ Unix sockets support is provided.
+
+ HTTPS-proxy
+ This curl is built to support HTTPS proxy.
+
+ Metalink
+ This curl supports Metalink (both version 3 and 4 (RFC
+ 5854)), which describes mirrors and hashes. curl will
+ use mirrors for failover if there are errors (such as the
+ file or server not being available).
+
+ PSL PSL is short for Public Suffix List and means that this
+ curl has been built with knowledge about "public suf‐
+ fixes".
+
+ MultiSSL
+ This curl supports multiple TLS backends.
+
+-w, --write-out <format>
+ Make curl display information on stdout after a completed trans‐
+ fer. The format is a string that may contain plain text mixed
+ with any number of variables. The format can be specified as a
+ literal "string", or you can have curl read the format from a
+ file with "@filename" and to tell curl to read the format from
+ stdin you write "@-".
+
+ The variables present in the output format will be substituted
+ by the value or text that curl thinks fit, as described below.
+ All variables are specified as %{variable_name} and to output a
+ normal % you just write them as %%. You can output a newline by
+ using \n, a carriage return with \r and a tab space with \t.
+
+ The output will be written to standard output, but this can be
+ switched to standard error by using %{stderr}.
+
+ NOTE: The %-symbol is a special symbol in the win32-environment,
+ where all occurrences of % must be doubled when using this op‐
+ tion.
+
+ The variables available are:
+
+ content_type The Content-Type of the requested document, if
+ there was any.
+
+ filename_effective
+ The ultimate filename that curl writes out to.
+ This is only meaningful if curl is told to write
+ to a file with the -O, --remote-name or -o,
+ --output option. It's most useful in combination
+ with the -J, --remote-header-name option. (Added
+ in 7.26.0)
+
+ ftp_entry_path The initial path curl ended up in when logging on
+ to the remote FTP server. (Added in 7.15.4)
+
+ http_code The numerical response code that was found in the
+ last retrieved HTTP(S) or FTP(s) transfer. In
+ 7.18.2 the alias response_code was added to show
+ the same info.
+
+ http_connect The numerical code that was found in the last re‐
+ sponse (from a proxy) to a curl CONNECT request.
+ (Added in 7.12.4)
+
+ http_version The http version that was effectively used.
+ (Added in 7.50.0)
+
+ local_ip The IP address of the local end of the most re‐
+ cently done connection - can be either IPv4 or
+ IPv6 (Added in 7.29.0)
+
+ local_port The local port number of the most recently done
+ connection (Added in 7.29.0)
+
+ num_connects Number of new connects made in the recent trans‐
+ fer. (Added in 7.12.3)
+
+ num_redirects Number of redirects that were followed in the re‐
+ quest. (Added in 7.12.3)
+
+ proxy_ssl_verify_result
+ The result of the HTTPS proxy's SSL peer certifi‐
+ cate verification that was requested. 0 means the
+ verification was successful. (Added in 7.52.0)
+
+ redirect_url When an HTTP request was made without -L, --loca‐
+ tion to follow redirects (or when --max-redir is
+ met), this variable will show the actual URL a
+ redirect would have gone to. (Added in 7.18.2)
+
+ remote_ip The remote IP address of the most recently done
+ connection - can be either IPv4 or IPv6 (Added in
+ 7.29.0)
+
+ remote_port The remote port number of the most recently done
+ connection (Added in 7.29.0)
+
+ scheme The URL scheme (sometimes called protocol) that
+ was effectively used (Added in 7.52.0)
+
+ size_download The total amount of bytes that were downloaded.
+
+ size_header The total amount of bytes of the downloaded head‐
+ ers.
+
+ size_request The total amount of bytes that were sent in the
+ HTTP request.
+
+ size_upload The total amount of bytes that were uploaded.
+
+ speed_download The average download speed that curl measured for
+ the complete download. Bytes per second.
+
+ speed_upload The average upload speed that curl measured for
+ the complete upload. Bytes per second.
+
+ ssl_verify_result
+ The result of the SSL peer certificate verifica‐
+ tion that was requested. 0 means the verification
+ was successful. (Added in 7.19.0)
+
+ stderr From this point on, the -w, --write-out output
+ will be written to standard error. (Added in
+ 7.63.0)
+
+ stdout From this point on, the -w, --write-out output
+ will be written to standard output. This is the
+ default, but can be used to switch back after
+ switching to stderr. (Added in 7.63.0)
+
+ time_appconnect
+ The time, in seconds, it took from the start un‐
+ til the SSL/SSH/etc connect/handshake to the re‐
+ mote host was completed. (Added in 7.19.0)
+
+ time_connect The time, in seconds, it took from the start un‐
+ til the TCP connect to the remote host (or proxy)
+ was completed.
+
+ time_namelookup
+ The time, in seconds, it took from the start un‐
+ til the name resolving was completed.
+
+ time_pretransfer
+ The time, in seconds, it took from the start un‐
+ til the file transfer was just about to begin.
+ This includes all pre-transfer commands and nego‐
+ tiations that are specific to the particular pro‐
+ tocol(s) involved.
+
+ time_redirect The time, in seconds, it took for all redirection
+ steps including name lookup, connect, pretransfer
+ and transfer before the final transaction was
+ started. time_redirect shows the complete execu‐
+ tion time for multiple redirections. (Added in
+ 7.12.3)
+
+ time_starttransfer
+ The time, in seconds, it took from the start un‐
+ til the first byte was just about to be trans‐
+ ferred. This includes time_pretransfer and also
+ the time the server needed to calculate the re‐
+ sult.
+
+ time_total The total time, in seconds, that the full opera‐
+ tion lasted.
+
+ url_effective The URL that was fetched last. This is most mean‐
+ ingful if you've told curl to follow location:
+ headers.
+
+ If this option is used several times, the last one will be used.
+
+
+
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+ -D, --dump-header <filename> Write the received headers to <filename>
+ -I, --head Show document info only
+ -i, --include Include protocol response headers in the output
+ --stderr Where to redirect stderr
+ --trace <file> Write a debug trace to FILE
+ --trace-ascii <file> Like --trace, but without hex output
+ --trace-time Add time stamps to trace/verbose output
+ -v, --verbose Make the operation more talkative
+ -V, --version Show version number and quit
+ -w, --write-out <format> Use output FORMAT after completion
+EOF
+ fi
+ exit 0
+ ;;
+
+ ftps)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Verbose help TBD
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+These options are valid on ftps transfers:
+ -a, --append Append to target file when uploading
+ --cacert <file> CA certificate to verify peer against
+ --capath <dir> CA directory to verify peer against
+ -E, --cert <certificate[:password]> Client certificate file and password
+ --cert-status Verify the status of the server certificate
+ --cert-type <type> Certificate file type (DER/PEM/ENG)
+ --ciphers <list of ciphers> SSL ciphers to use
+ -K, --config <file> Read config from a file
+ --connect-timeout <seconds> Maximum time allowed for connection
+ --connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
+ -C, --continue-at <offset> Resumed transfer offset
+ --create-dirs Create necessary local directory hierarchy
+ --crlf Convert LF to CRLF in upload
+ --crlfile <file> Get a CRL list in PEM format from the given file
+ --delegation <LEVEL> GSS-API delegation permission
+ -q, --disable Disable .curlrc
+ --disable-eprt Inhibit using EPRT or LPRT
+ --disable-epsv Inhibit using EPSV
+ --disallow-username-in-url Disallow username in url
+ --dns-interface <interface> Interface to use for DNS requests
+ --dns-ipv4-addr <address> IPv4 address to use for DNS requests
+ --dns-ipv6-addr <address> IPv6 address to use for DNS requests
+ --dns-servers <addresses> DNS server addrs to use
+ --doh-url <URL> Resolve host names over DOH
+ -D, --dump-header <filename> Write the received headers to <filename>
+ --egd-file <file> EGD socket path for random data
+ --engine <name> Crypto engine to use
+ -f, --fail Fail silently (no output at all) on HTTP errors
+ --fail-early Fail on first transfer error, do not continue
+ --false-start Enable TLS False Start
+ --ftp-account <data> Account data string
+ --ftp-alternative-to-user <command> String to replace USER [name]
+ --ftp-create-dirs Create the remote dirs if not present
+ --ftp-method <method> Control CWD usage
+ --ftp-pasv Use PASV/EPSV instead of PORT
+ -P, --ftp-port <address> Use PORT instead of PASV
+ --ftp-pret Send PRET before PASV
+ --ftp-skip-pasv-ip Skip the IP address for PASV
+ --ftp-ssl-ccc Send CCC after authenticating
+ --ftp-ssl-ccc-mode <active/passive> Set CCC mode
+ --ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer
+ -g, --globoff Disable URL sequences and ranges using {} and []
+ --happy-eyeballs-timeout-ms <milliseconds> How long to wait in milliseconds for IPv6 before trying IPv4
+ --haproxy-protocol Send HAProxy PROXY protocol v1 header
+ -I, --head Show document info only
+ --ignore-content-length Ignore the size of the remote resource
+ -i, --include Include protocol response headers in the output
+ -k, --insecure Allow insecure server connections when using SSL
+ --interface <name> Use network INTERFACE (or address)
+ -4, --ipv4 Resolve names to IPv4 addresses
+ -6, --ipv6 Resolve names to IPv6 addresses
+ --keepalive-time <seconds> Interval time for keepalive probes
+ --key <key> Private key file name
+ --key-type <type> Private key file type (DER/PEM/ENG)
+ --krb <level> Enable Kerberos with security <level>
+ --libcurl <file> Dump libcurl equivalent code of this command line
+ --limit-rate <speed> Limit transfer speed to RATE
+ -l, --list-only List only mode
+ --local-port <num/range> Force use of RANGE for local port numbers
+ -M, --manual Display the full manual
+ --max-filesize <bytes> Maximum file size to download
+ -m, --max-time <seconds> Maximum time allowed for the transfer
+ --metalink Process given URLs as metalink XML file
+ --negotiate Use HTTP Negotiate (SPNEGO) authentication
+ -n, --netrc Must read .netrc for user name and password
+ --netrc-file <filename> Specify FILE for netrc
+ --netrc-optional Use either .netrc or URL
+ -:, --next Make next URL use its separate set of options
+ --no-alpn Disable the ALPN TLS extension
+ -N, --no-buffer Disable buffering of the output stream
+ --no-keepalive Disable TCP keepalive on the connection
+ --no-npn Disable the NPN TLS extension
+ --no-progress-meter Do not show the progress meter
+ --no-sessionid Disable SSL session-ID reusing
+ --noproxy <no-proxy-list> List of hosts which do not use proxy
+ -o, --output <file> Write to file instead of stdout
+ -Z, --parallel Perform transfers in parallel
+ --parallel-immediate Do not wait for multiplexing (with --parallel)
+ --parallel-max Maximum concurrency for parallel transfers
+ --pass <phrase> Pass phrase for the private key
+ --path-as-is Do not squash .. sequences in URL path
+ --pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
+ --preproxy [protocol://]host[:port] Use this proxy first
+ -#, --progress-bar Display transfer progress as a bar
+ --proto <protocols> Enable/disable PROTOCOLS
+ --proto-default <protocol> Use PROTOCOL for any URL missing a scheme
+ --proto-redir <protocols> Enable/disable PROTOCOLS on redirect
+ -x, --proxy [protocol://]host[:port] Use this proxy
+ --proxy-anyauth Pick any proxy authentication method
+ --proxy-basic Use Basic authentication on the proxy
+ --proxy-cacert <file> CA certificate to verify peer against for proxy
+ --proxy-capath <dir> CA directory to verify peer against for proxy
+ --proxy-cert <cert[:passwd]> Set client certificate for proxy
+ --proxy-cert-type <type> Client certificate type for HTTPS proxy
+ --proxy-ciphers <list> SSL ciphers to use for proxy
+ --proxy-crlfile <file> Set a CRL list for proxy
+ --proxy-digest Use Digest authentication on the proxy
+ --proxy-header <header/@file> Pass custom header(s) to proxy
+ --proxy-insecure Do HTTPS proxy connections without verifying the proxy
+ --proxy-key <key> Private key for HTTPS proxy
+ --proxy-key-type <type> Private key file type for proxy
+ --proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
+ --proxy-ntlm Use NTLM authentication on the proxy
+ --proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
+ --proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
+ --proxy-service-name <name> SPNEGO proxy service name
+ --proxy-ssl-allow-beast Allow security flaw for interop for HTTPS proxy
+ --proxy-tls13-ciphers <list> TLS 1.3 ciphersuites for proxy (OpenSSL)
+ --proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
+ --proxy-tlspassword <string> TLS password for HTTPS proxy
+ --proxy-tlsuser <name> TLS username for HTTPS proxy
+ --proxy-tlsv1 Use TLSv1 for HTTPS proxy
+ -U, --proxy-user <user:password> Proxy user and password
+ --proxy1.0 <host[:port]> Use HTTP/1.0 proxy on given port
+ -p, --proxytunnel Operate through an HTTP proxy tunnel (using CONNECT)
+ -Q, --quote Send command(s) to server before transfer
+ --random-file <file> File for reading random data from
+ -r, --range <range> Retrieve only the bytes within RANGE
+ -e, --referer <URL> Referrer URL
+ -O, --remote-name Write output to a file named as the remote file
+ --remote-name-all Use the remote file name for all URLs
+ -R, --remote-time Set the remote file's time on the local output
+ -X, --request <command> Specify request command to use
+ --resolve <host:port:address[,address]...> Resolve the host+port to this address
+ --retry <num> Retry request if transient problems occur
+ --retry-connrefused Retry on connection refused (use with --retry)
+ --retry-delay <seconds> Wait time between retries
+ --retry-max-time <seconds> Retry only within this period
+ --service-name <name> SPNEGO service name
+ -S, --show-error Show error even when -s is used
+ -s, --silent Silent mode
+ --socks4 <host[:port]> SOCKS4 proxy on given host + port
+ --socks4a <host[:port]> SOCKS4a proxy on given host + port
+ --socks5 <host[:port]> SOCKS5 proxy on given host + port
+ --socks5-basic Enable username/password auth for SOCKS5 proxies
+ --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
+ --socks5-gssapi-nec Compatibility with NEC SOCKS5 server
+ --socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
+ --socks5-hostname <host[:port]> SOCKS5 proxy, pass host name to proxy
+ -Y, --speed-limit <speed> Stop transfers slower than this
+ -y, --speed-time <seconds> Trigger 'speed-limit' abort after this time
+ --ssl Try SSL/TLS
+ --ssl-allow-beast Allow security flaw to improve interop
+ --ssl-no-revoke Disable cert revocation checks (Schannel)
+ --ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
+ --ssl-reqd Require SSL/TLS
+ -2, --sslv2 Use SSLv2
+ -3, --sslv3 Use SSLv3
+ --stderr Where to redirect stderr
+ --suppress-connect-headers Suppress proxy CONNECT response headers
+ --tcp-fastopen Use TCP Fast Open
+ --tcp-nodelay Use the TCP_NODELAY option
+ -z, --time-cond <time> Transfer based on a time condition
+ --tls-max <VERSION> Set maximum allowed TLS version
+ --tls13-ciphers <list> TLS 1.3 ciphersuites (OpenSSL)
+ --tlsauthtype <type> TLS authentication type
+ --tlspassword TLS password
+ --tlsuser <name> TLS user name
+ -1, --tlsv1 Use TLSv1.0 or greater
+ --tlsv1.0 Use TLSv1.0 or greater
+ --tlsv1.1 Use TLSv1.1 or greater
+ --tlsv1.2 Use TLSv1.2 or greater
+ --tlsv1.3 Use TLSv1.3 or greater
+ --trace <file> Write a debug trace to FILE
+ --trace-ascii <file> Like --trace, but without hex output
+ --trace-time Add time stamps to trace/verbose output
+ -T, --upload-file <file> Transfer local FILE to destination
+ --url <url> URL to work with
+ -B, --use-ascii Use ASCII/text transfer
+ -u, --user <user:password> Server user and password
+ -A, --user-agent <name> Send User-Agent <name> to server
+ -v, --verbose Make the operation more talkative
+ -V, --version Show version number and quit
+ -w, --write-out <format> Use output FORMAT after completion
+ --xattr Store metadata in extended file attributes
+EOF
+ fi
+ exit 0
+ ;;
+
+ https)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Verbose help TBD
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+These options are valid on https transfers:
+ --abstract-unix-socket <path> Connect via abstract Unix domain socket
+ --alt-svc <file name> Enable alt-svc with this cache file
+ --anyauth Pick any authentication method
+ -a, --append Append to target file when uploading
+ --basic Use HTTP Basic Authentication
+ --cacert <file> CA certificate to verify peer against
+ --capath <dir> CA directory to verify peer against
+ -E, --cert <certificate[:password]> Client certificate file and password
+ --cert-status Verify the status of the server certificate
+ --cert-type <type> Certificate file type (DER/PEM/ENG)
+ --ciphers <list of ciphers> SSL ciphers to use
+ --compressed Request compressed response
+ -K, --config <file> Read config from a file
+ --connect-timeout <seconds> Maximum time allowed for connection
+ --connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
+ -C, --continue-at <offset> Resumed transfer offset
+ -b, --cookie <data|filename> Send cookies from string/file
+ -c, --cookie-jar <filename> Write cookies to <filename> after operation
+ --create-dirs Create necessary local directory hierarchy
+ --crlf Convert LF to CRLF in upload
+ --crlfile <file> Get a CRL list in PEM format from the given file
+ -d, --data <data> HTTP POST data
+ --data-ascii <data> HTTP POST ASCII data
+ --data-binary <data> HTTP POST binary data
+ --data-raw <data> HTTP POST data, '@' allowed
+ --data-urlencode <data> HTTP POST data url encoded
+ --delegation <LEVEL> GSS-API delegation permission
+ --digest Use HTTP Digest Authentication
+ -q, --disable Disable .curlrc
+ --disable-eprt Inhibit using EPRT or LPRT
+ --disable-epsv Inhibit using EPSV
+ --disallow-username-in-url Disallow username in url
+ --dns-interface <interface> Interface to use for DNS requests
+ --dns-ipv4-addr <address> IPv4 address to use for DNS requests
+ --dns-ipv6-addr <address> IPv6 address to use for DNS requests
+ --dns-servers <addresses> DNS server addrs to use
+ --doh-url <URL> Resolve host names over DOH
+ -D, --dump-header <filename> Write the received headers to <filename>
+ --egd-file <file> EGD socket path for random data
+ --engine <name> Crypto engine to use
+ --etag-save <file> Get an ETag from response header and save it to a FILE
+ --etag-compare <file> Get an ETag from a file and send a conditional request
+ --expect100-timeout <seconds> How long to wait for 100-continue
+ -f, --fail Fail silently (no output at all) on HTTP errors
+ --fail-early Fail on first transfer error, do not continue
+ --false-start Enable TLS False Start
+ -F, --form <name=content> Specify multipart MIME data
+ --form-string <name=string> Specify multipart MIME data
+ -G, --get Put the post data in the URL and use GET
+ -g, --globoff Disable URL sequences and ranges using {} and []
+ --happy-eyeballs-timeout-ms <milliseconds> How long to wait in milliseconds for IPv6 before trying IPv4
+ --haproxy-protocol Send HAProxy PROXY protocol v1 header
+ -I, --head Show document info only
+ -H, --header <header/@file> Pass custom header(s) to server
+ -h, --help This help text
+ --http0.9 Allow HTTP 0.9 responses
+ -0, --http1.0 Use HTTP 1.0
+ --http1.1 Use HTTP 1.1
+ --http2 Use HTTP 2
+ --http2-prior-knowledge Use HTTP 2 without HTTP/1.1 Upgrade
+ --http3 Use HTTP v3
+ --ignore-content-length Ignore the size of the remote resource
+ -i, --include Include protocol response headers in the output
+ -k, --insecure Allow insecure server connections when using SSL
+ --interface <name> Use network INTERFACE (or address)
+ -4, --ipv4 Resolve names to IPv4 addresses
+ -6, --ipv6 Resolve names to IPv6 addresses
+ -j, --junk-session-cookies Ignore session cookies read from file
+ --keepalive-time <seconds> Interval time for keepalive probes
+ --key <key> Private key file name
+ --key-type <type> Private key file type (DER/PEM/ENG)
+ --krb <level> Enable Kerberos with security <level>
+ --libcurl <file> Dump libcurl equivalent code of this command line
+ --limit-rate <speed> Limit transfer speed to RATE
+ --local-port <num/range> Force use of RANGE for local port numbers
+ -L, --location Follow redirects
+ --location-trusted Like --location, and send auth to other hosts
+ -M, --manual Display the full manual
+ --max-filesize <bytes> Maximum file size to download
+ --max-redirs <num> Maximum number of redirects allowed
+ -m, --max-time <seconds> Maximum time allowed for the transfer
+ --metalink Process given URLs as metalink XML file
+ --negotiate Use HTTP Negotiate (SPNEGO) authentication
+ -n, --netrc Must read .netrc for user name and password
+ --netrc-file <filename> Specify FILE for netrc
+ --netrc-optional Use either .netrc or URL
+ -:, --next Make next URL use its separate set of options
+ --no-alpn Disable the ALPN TLS extension
+ -N, --no-buffer Disable buffering of the output stream
+ --no-keepalive Disable TCP keepalive on the connection
+ --no-npn Disable the NPN TLS extension
+ --no-progress-meter Do not show the progress meter
+ --no-sessionid Disable SSL session-ID reusing
+ --noproxy <no-proxy-list> List of hosts which do not use proxy
+ --ntlm Use HTTP NTLM authentication
+ --ntlm-wb Use HTTP NTLM authentication with winbind
+ --oauth2-bearer <token> OAuth 2 Bearer Token
+ -o, --output <file> Write to file instead of stdout
+ -Z, --parallel Perform transfers in parallel
+ --parallel-immediate Do not wait for multiplexing (with --parallel)
+ --parallel-max Maximum concurrency for parallel transfers
+ --pass <phrase> Pass phrase for the private key
+ --path-as-is Do not squash .. sequences in URL path
+ --pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
+ --post301 Do not switch to GET after following a 301
+ --post302 Do not switch to GET after following a 302
+ --post303 Do not switch to GET after following a 303
+ --preproxy [protocol://]host[:port] Use this proxy first
+ -#, --progress-bar Display transfer progress as a bar
+ --proto <protocols> Enable/disable PROTOCOLS
+ --proto-default <protocol> Use PROTOCOL for any URL missing a scheme
+ --proto-redir <protocols> Enable/disable PROTOCOLS on redirect
+ -x, --proxy [protocol://]host[:port] Use this proxy
+ --proxy-anyauth Pick any proxy authentication method
+ --proxy-basic Use Basic authentication on the proxy
+ --proxy-cacert <file> CA certificate to verify peer against for proxy
+ --proxy-capath <dir> CA directory to verify peer against for proxy
+ --proxy-cert <cert[:passwd]> Set client certificate for proxy
+ --proxy-cert-type <type> Client certificate type for HTTPS proxy
+ --proxy-ciphers <list> SSL ciphers to use for proxy
+ --proxy-crlfile <file> Set a CRL list for proxy
+ --proxy-digest Use Digest authentication on the proxy
+ --proxy-header <header/@file> Pass custom header(s) to proxy
+ --proxy-insecure Do HTTPS proxy connections without verifying the proxy
+ --proxy-key <key> Private key for HTTPS proxy
+ --proxy-key-type <type> Private key file type for proxy
+ --proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
+ --proxy-ntlm Use NTLM authentication on the proxy
+ --proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
+ --proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
+ --proxy-service-name <name> SPNEGO proxy service name
+ --proxy-ssl-allow-beast Allow security flaw for interop for HTTPS proxy
+ --proxy-tls13-ciphers <list> TLS 1.3 ciphersuites for proxy (OpenSSL)
+ --proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
+ --proxy-tlspassword <string> TLS password for HTTPS proxy
+ --proxy-tlsuser <name> TLS username for HTTPS proxy
+ --proxy-tlsv1 Use TLSv1 for HTTPS proxy
+ -U, --proxy-user <user:password> Proxy user and password
+ --proxy1.0 <host[:port]> Use HTTP/1.0 proxy on given port
+ -p, --proxytunnel Operate through an HTTP proxy tunnel (using CONNECT)
+ --random-file <file> File for reading random data from
+ -r, --range <range> Retrieve only the bytes within RANGE
+ --raw Do HTTP "raw"; no transfer decoding
+ -e, --referer <URL> Referrer URL
+ -J, --remote-header-name Use the header-provided filename
+ -O, --remote-name Write output to a file named as the remote file
+ --remote-name-all Use the remote file name for all URLs
+ -R, --remote-time Set the remote file's time on the local output
+ -X, --request <command> Specify request command to use
+ --request-target Specify the target for this request
+ --resolve <host:port:address[,address]...> Resolve the host+port to this address
+ --retry <num> Retry request if transient problems occur
+ --retry-connrefused Retry on connection refused (use with --retry)
+ --retry-delay <seconds> Wait time between retries
+ --retry-max-time <seconds> Retry only within this period
+ --service-name <name> SPNEGO service name
+ -S, --show-error Show error even when -s is used
+ -s, --silent Silent mode
+ --socks4 <host[:port]> SOCKS4 proxy on given host + port
+ --socks4a <host[:port]> SOCKS4a proxy on given host + port
+ --socks5 <host[:port]> SOCKS5 proxy on given host + port
+ --socks5-basic Enable username/password auth for SOCKS5 proxies
+ --socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
+ --socks5-gssapi-nec Compatibility with NEC SOCKS5 server
+ --socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
+ --socks5-hostname <host[:port]> SOCKS5 proxy, pass host name to proxy
+ -Y, --speed-limit <speed> Stop transfers slower than this
+ -y, --speed-time <seconds> Trigger 'speed-limit' abort after this time
+ --ssl Try SSL/TLS
+ --ssl-allow-beast Allow security flaw to improve interop
+ --ssl-no-revoke Disable cert revocation checks (Schannel)
+ --ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
+ --ssl-reqd Require SSL/TLS
+ -2, --sslv2 Use SSLv2
+ -3, --sslv3 Use SSLv3
+ --stderr Where to redirect stderr
+ --styled-output Enable styled output for HTTP headers
+ --suppress-connect-headers Suppress proxy CONNECT response headers
+ --tcp-fastopen Use TCP Fast Open
+ --tcp-nodelay Use the TCP_NODELAY option
+ -z, --time-cond <time> Transfer based on a time condition
+ --tls-max <VERSION> Set maximum allowed TLS version
+ --tls13-ciphers <list> TLS 1.3 ciphersuites (OpenSSL)
+ --tlsauthtype <type> TLS authentication type
+ --tlspassword TLS password
+ --tlsuser <name> TLS user name
+ -1, --tlsv1 Use TLSv1.0 or greater
+ --tlsv1.0 Use TLSv1.0 or greater
+ --tlsv1.1 Use TLSv1.1 or greater
+ --tlsv1.2 Use TLSv1.2 or greater
+ --tlsv1.3 Use TLSv1.3 or greater
+ --tr-encoding Request compressed transfer encoding
+ --trace <file> Write a debug trace to FILE
+ --trace-ascii <file> Like --trace, but without hex output
+ --trace-time Add time stamps to trace/verbose output
+ --unix-socket <path> Connect through this Unix domain socket
+ -T, --upload-file <file> Transfer local FILE to destination
+ --url <url> URL to work with
+ -u, --user <user:password> Server user and password
+ -A, --user-agent <name> Send User-Agent <name> to server
+ -v, --verbose Make the operation more talkative
+ -V, --version Show version number and quit
+ -w, --write-out <format> Use output FORMAT after completion
+ --xattr Store metadata in extended file attributes
+EOF
+ fi
+ exit 0
+ ;;
+
+ ftps-https)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Verbose help TBD
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+These options affect ftps but not https:
+ -B, --use-ascii Use ASCII/text transfer
+ --ftp-account <data> Account data string
+ --ftp-alternative-to-user <command> String to replace USER [name]
+ --ftp-create-dirs Create the remote dirs if not present
+ --ftp-method <method> Control CWD usage
+ --ftp-pasv Use PASV/EPSV instead of PORT
+ --ftp-pret Send PRET before PASV
+ --ftp-skip-pasv-ip Skip the IP address for PASV
+ --ftp-ssl-ccc-mode <active/passive> Set CCC mode
+ --ftp-ssl-ccc Send CCC after authenticating
+ --ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer
+ -l, --list-only List only mode
+ -P, --ftp-port <address> Use PORT instead of PASV
+ -Q, --quote Send command(s) to server before transfer
+EOF
+ fi
+ exit 0
+ ;;
+
+
+
+ output)
+ if [[ -n "$VERBOSE" ]]; then
+ cat <<EOF
+Usage: curl [options...] <url>
+These options are used to modify the local output of the transfer:
+
+--create-dirs
+ When used in conjunction with the -o, --output option, curl will
+ create the necessary local directory hierarchy as needed. This
+ option creates the dirs mentioned with the -o, --output option,
+ nothing else. If the --output file name uses no dir or if the
+ dirs it mentions already exist, no dir will be created.
+
+ To create remote directories when using FTP or SFTP, try --ftp-
+ create-dirs.
+
+-i, --include
+ Include the HTTP response headers in the output. The HTTP re‐
+ sponse headers can include things like server name, cookies,
+ date of the document, HTTP version and more...
+
+ To view the request headers, consider the -v, --verbose option.
+
+ See also -v, --verbose.
+
+-N, --no-buffer
+ Disables the buffering of the output stream. In normal work sit‐
+ uations, curl will use a standard buffered output stream that
+ will have the effect that it will output the data in chunks, not
+ necessarily exactly when the data arrives. Using this option
+ will disable that buffering.
+
+ Note that this is the negated option name documented. You can
+ thus use --buffer to enforce the buffering.
+
+-o, --output <file>
+ Write output to <file> instead of stdout. If you are using {} or
+ [] to fetch multiple documents, you can use '#' followed by a
+ number in the <file> specifier. That variable will be replaced
+ with the current string for the URL being fetched. Like in:
+
+ curl http://{one,two}.example.com -o "file_#1.txt"
+
+ or use several variables like:
+
+ curl http://{site,host}.host[1-5].com -o "#1_#2"
+
+ You may use this option as many times as the number of URLs you
+ have. For example, if you specify two URLs on the same command
+ line, you can use it like this:
+
+ curl -o aa example.com -o bb example.net
+
+ and the order of the -o options and the URLs doesn't matter,
+ just that the first -o is for the first URL and so on, so the
+ above command line can also be written as
+
+ curl example.com example.net -o aa -o bb
+
+ See also the --create-dirs option to create the local directo‐
+ ries dynamically. Specifying the output as '-' (a single dash)
+ will force the output to be done to stdout.
+
+ See also -O, --remote-name and --remote-name-all and -J, --re‐
+ mote-header-name.
+
+-J, --remote-header-name
+ (HTTP) This option tells the -O, --remote-name option to use the
+ server-specified Content-Disposition filename instead of ex‐
+ tracting a filename from the URL.
+
+ If the server specifies a file name and a file with that name
+ already exists in the current working directory it will not be
+ overwritten and an error will occur. If the server doesn't spec‐
+ ify a file name then this option has no effect.
+
+ There's no attempt to decode %-sequences (yet) in the provided
+ file name, so this option may provide you with rather unexpected
+ file names.
+
+ WARNING: Exercise judicious use of this option, especially on
+ Windows. A rogue server could send you the name of a DLL or
+ other file that could possibly be loaded automatically by Win‐
+ dows or some third party software.
+
+--remote-name-all
+ This option changes the default action for all given URLs to be
+ dealt with as if -O, --remote-name were used for each one. So if
+ you want to disable that for a specific URL after --remote-name-
+ all has been used, you must use "-o -" or --no-remote-name.
+
+ Added in 7.19.0.
+
+-O, --remote-name
+ Write output to a local file named like the remote file we get.
+ (Only the file part of the remote file is used, the path is cut
+ off.)
+
+ The file will be saved in the current working directory. If you
+ want the file saved in a different directory, make sure you
+ change the current working directory before invoking curl with
+ this option.
+
+ The remote file name to use for saving is extracted from the
+ given URL, nothing else, and if it already exists it will be
+ overwritten. If you want the server to be able to choose the
+ file name refer to -J, --remote-header-name which can be used in
+ addition to this option. If the server chooses a file name and
+ that name already exists it will not be overwritten.
+
+ There is no URL decoding done on the file name. If it has %20 or
+ other URL encoded parts of the name, they will end up as-is as
+ file name.
+
+ You may use this option as many times as the number of URLs you
+ have.
+
+-R, --remote-time
+ When used, this will make curl attempt to figure out the time‐
+ stamp of the remote file, and if that is available make the lo‐
+ cal file get that same timestamp.
+
+--stderr
+ Redirect all writes to stderr to the specified file instead. If
+ the file name is a plain '-', it is instead written to stdout.
+
+ If this option is used several times, the last one will be used.
+
+ See also -v, --verbose and -s, --silent.
+
+--styled-output
+ Enables the automatic use of bold font styles when writing HTTP
+ headers to the terminal. Use --no-styled-output to switch them
+ off.
+
+ Added in 7.61.0.
+
+--suppress-connect-headers
+ When -p, --proxytunnel is used and a CONNECT request is made
+ don't output proxy CONNECT response headers. This option is
+ meant to be used with -D, --dump-header or -i, --include which
+ are used to show protocol headers in the output. It has no ef‐
+ fect on debug options such as -v, --verbose or --trace, or any
+ statistics.
+
+ See also -D, --dump-header and -i, --include and -p, --proxytun‐
+ nel.
+
+-B, --use-ascii
+ (FTP LDAP) Enable ASCII transfer. For FTP, this can also be en‐
+ forced by using a URL that ends with ";type=A". This option
+ causes data sent to stdout to be in text mode for win32 systems.
+
+-v, --verbose
+ Makes curl verbose during the operation. Useful for debugging
+ and seeing what's going on "under the hood". A line starting
+ with '>' means "header data" sent by curl, '<' means "header
+ data" received by curl that is hidden in normal cases, and a
+ line starting with '*' means additional info provided by curl.
+
+ If you only want HTTP headers in the output, -i, --include might
+ be the option you're looking for.
+
+ If you think this option still doesn't give you enough details,
+ consider using --trace or --trace-ascii instead.
+
+ Use -s, --silent to make curl really quiet.
+
+ See also -i, --include. This option overrides --trace and
+ --trace-ascii.
+
+-V, --version
+ Displays information about curl and the libcurl version it uses.
+
+ The first line includes the full version of curl, libcurl and
+ other 3rd party libraries linked with the executable.
+
+ The second line (starts with "Protocols:") shows all protocols
+ that libcurl reports to support.
+
+ The third line (starts with "Features:") shows specific features
+ libcurl reports to offer. Available features include:
+
+ IPv6 You can use IPv6 with this.
+
+ krb4 Krb4 for FTP is supported.
+
+ SSL SSL versions of various protocols are supported, such as
+ HTTPS, FTPS, POP3S and so on.
+
+ libz Automatic decompression of compressed files over HTTP is
+ supported.
+
+ NTLM NTLM authentication is supported.
+
+ Debug This curl uses a libcurl built with Debug. This enables
+ more error-tracking and memory debugging etc. For curl-
+ developers only!
+
+ AsynchDNS
+ This curl uses asynchronous name resolves. Asynchronous
+ name resolves can be done using either the c-ares or the
+ threaded resolver backends.
+
+ SPNEGO SPNEGO authentication is supported.
+
+ Largefile
+ This curl supports transfers of large files, files larger
+ than 2GB.
+
+ IDN This curl supports IDN - international domain names.
+
+ GSS-API
+ GSS-API is supported.
+
+ SSPI SSPI is supported.
+
+ TLS-SRP
+ SRP (Secure Remote Password) authentication is supported
+ for TLS.
+
+ HTTP2 HTTP/2 support has been built-in.
+
+ UnixSockets
+ Unix sockets support is provided.
+
+ HTTPS-proxy
+ This curl is built to support HTTPS proxy.
+
+ Metalink
+ This curl supports Metalink (both version 3 and 4 (RFC
+ 5854)), which describes mirrors and hashes. curl will
+ use mirrors for failover if there are errors (such as the
+ file or server not being available).
+
+ PSL PSL is short for Public Suffix List and means that this
+ curl has been built with knowledge about "public suf‐
+ fixes".
+
+ MultiSSL
+ This curl supports multiple TLS backends.
+
+-w, --write-out <format>
+ Make curl display information on stdout after a completed trans‐
+ fer. The format is a string that may contain plain text mixed
+ with any number of variables. The format can be specified as a
+ literal "string", or you can have curl read the format from a
+ file with "@filename" and to tell curl to read the format from
+ stdin you write "@-".
+
+ The variables present in the output format will be substituted
+ by the value or text that curl thinks fit, as described below.
+ All variables are specified as %{variable_name} and to output a
+ normal % you just write them as %%. You can output a newline by
+ using \n, a carriage return with \r and a tab space with \t.
+
+ The output will be written to standard output, but this can be
+ switched to standard error by using %{stderr}.
+
+ NOTE: The %-symbol is a special symbol in the win32-environment,
+ where all occurrences of % must be doubled when using this op‐
+ tion.
+
+ The variables available are:
+
+ content_type The Content-Type of the requested document, if
+ there was any.
+
+ filename_effective
+ The ultimate filename that curl writes out to.
+ This is only meaningful if curl is told to write
+ to a file with the -O, --remote-name or -o,
+ --output option. It's most useful in combination
+ with the -J, --remote-header-name option. (Added
+ in 7.26.0)
+
+ ftp_entry_path The initial path curl ended up in when logging on
+ to the remote FTP server. (Added in 7.15.4)
+
+ http_code The numerical response code that was found in the
+ last retrieved HTTP(S) or FTP(s) transfer. In
+ 7.18.2 the alias response_code was added to show
+ the same info.
+
+ http_connect The numerical code that was found in the last re‐
+ sponse (from a proxy) to a curl CONNECT request.
+ (Added in 7.12.4)
+
+ http_version The http version that was effectively used.
+ (Added in 7.50.0)
+
+ local_ip The IP address of the local end of the most re‐
+ cently done connection - can be either IPv4 or
+ IPv6 (Added in 7.29.0)
+
+ local_port The local port number of the most recently done
+ connection (Added in 7.29.0)
+
+ num_connects Number of new connects made in the recent trans‐
+ fer. (Added in 7.12.3)
+
+ num_redirects Number of redirects that were followed in the re‐
+ quest. (Added in 7.12.3)
+
+ proxy_ssl_verify_result
+ The result of the HTTPS proxy's SSL peer certifi‐
+ cate verification that was requested. 0 means the
+ verification was successful. (Added in 7.52.0)
+
+ redirect_url When an HTTP request was made without -L, --loca‐
+ tion to follow redirects (or when --max-redir is
+ met), this variable will show the actual URL a
+ redirect would have gone to. (Added in 7.18.2)
+
+ remote_ip The remote IP address of the most recently done
+ connection - can be either IPv4 or IPv6 (Added in
+ 7.29.0)
+
+ remote_port The remote port number of the most recently done
+ connection (Added in 7.29.0)
+
+ scheme The URL scheme (sometimes called protocol) that
+ was effectively used (Added in 7.52.0)
+
+ size_download The total amount of bytes that were downloaded.
+
+ size_header The total amount of bytes of the downloaded head‐
+ ers.
+
+ size_request The total amount of bytes that were sent in the
+ HTTP request.
+
+ size_upload The total amount of bytes that were uploaded.
+
+ speed_download The average download speed that curl measured for
+ the complete download. Bytes per second.
+
+ speed_upload The average upload speed that curl measured for
+ the complete upload. Bytes per second.
+
+ ssl_verify_result
+ The result of the SSL peer certificate verifica‐
+ tion that was requested. 0 means the verification
+ was successful. (Added in 7.19.0)
+
+ stderr From this point on, the -w, --write-out output
+ will be written to standard error. (Added in
+ 7.63.0)
+
+ stdout From this point on, the -w, --write-out output
+ will be written to standard output. This is the
+ default, but can be used to switch back after
+ switching to stderr. (Added in 7.63.0)
+
+ time_appconnect
+ The time, in seconds, it took from the start un‐
+ til the SSL/SSH/etc connect/handshake to the re‐
+ mote host was completed. (Added in 7.19.0)
+
+ time_connect The time, in seconds, it took from the start un‐
+ til the TCP connect to the remote host (or proxy)
+ was completed.
+
+ time_namelookup
+ The time, in seconds, it took from the start un‐
+ til the name resolving was completed.
+
+ time_pretransfer
+ The time, in seconds, it took from the start un‐
+ til the file transfer was just about to begin.
+ This includes all pre-transfer commands and nego‐
+ tiations that are specific to the particular pro‐
+ tocol(s) involved.
+
+ time_redirect The time, in seconds, it took for all redirection
+ steps including name lookup, connect, pretransfer
+ and transfer before the final transaction was
+ started. time_redirect shows the complete execu‐
+ tion time for multiple redirections. (Added in
+ 7.12.3)
+
+ time_starttransfer
+ The time, in seconds, it took from the start un‐
+ til the first byte was just about to be trans‐
+ ferred. This includes time_pretransfer and also
+ the time the server needed to calculate the re‐
+ sult.
+
+ time_total The total time, in seconds, that the full opera‐
+ tion lasted.
+
+ url_effective The URL that was fetched last. This is most mean‐
+ ingful if you've told curl to follow location:
+ headers.
+
+ If this option is used several times, the last one will be used.
+
+--xattr
+ When saving output to a file, this option tells curl to store
+ certain file metadata in extended file attributes. Currently,
+ the URL is stored in the xdg.origin.url attribute and, for HTTP,
+ the content type is stored in the mime_type attribute. If the
+ file system does not support extended attributes, a warning is
+ issued.
+EOF
+ else
+ cat <<EOF
+Usage: curl [options...] <url>
+These options are used to modify the local output of the transfer:
+ --create-dirs Create necessary local directory hierarchy
+ -i, --include Include protocol response headers in the output
+ -N, --no-buffer Disable buffering of the output stream
+ -o, --output <file> Write to file instead of stdout
+ -J, --remote-header-name Use the header-provided filename
+ -O, --remote-name Write output to a file named as the remote file
+ --remote-name-all Use the remote file name for all URLs
+ -R, --remote-time Set the remote file's time on the local output
+ --stderr Where to redirect stderr
+ --styled-output Enable styled output for HTTP headers
+ --suppress-connect-headers Suppress proxy CONNECT response headers
+ -B, --use-ascii Use ASCII/text transfer
+ -v, --verbose Make the operation more talkative
+ -V, --version Show version number and quit
+ -w, --write-out <format> Use output FORMAT after completion
+ --xattr Store metadata in extended file attributes
+EOF
+ fi
+ exit 0
+ ;;
+
+
+
+ *)
+ cat <<EOF
+No help for --help-$HELP_TYPE. See --help for a help list.
+THIS IS A DEMONSTRATION PROGRAM. The only help options implemented are:
+--help
+--help-basic
+--help-all
+--help-debug
+--help-ftps
+--help-https
+--help-clientauth
+--help-output
+--help-serverauth
+
+as well as the set intersection ones (use both of these at the same time):
+--help-clientauth --help-ftps
+--help-ftps --no-help-https # i.e. ftp options that aren't also https options
+
+and this demo search queries:
+--help-search epsv
+--help-search sni
+
+as well as the verbose versions:
+--help -v
+--help-all -v
+--help-debug -v
+--help-output -v
+-v --help-search sni
+
+
+Note that some of the help options might not be entirely accurate; this is
+just intended as a quick demo.
+
+This was inspired by the talk "--help me if you can" given at curl://up 2020
+https://github.com/curl/curl-up/wiki/2020#recorded-talks
+EOF
+ exit 1
+ ;;
+ esac
+fi
+exec curl "$@"