blob: 28b9cce80796c4dba6f8e72147be241791d846bc [file] [log] [blame]
#!/bin/bash
# Test program to demonstrate what a more powerful set of curl --help options
# might look like.
# Based on curl 7.70.0
# Dan Fandrich
# May 2020
if [[ -z "$1" ]]; then
echo "curl: try 'curlh --help' or 'curlh --manual' for more information"
echo "or 'curlh --help-demo' for information about this demonstration script"
exit 2
fi
ALL_OPTS="$@"
HELP_TYPE=
VERBOSE=
while [[ -n "$1" ]]; do
case "$1" in
--help | -h)
HELP_TYPE=basic
;;
--help-clientauth)
# Special case both --help-clientauth and --help-ftps being used at the same time
if [[ "$HELP_TYPE" == "ftps" ]]; then
HELP_TYPE=clientauth+ftps
else
HELP_TYPE=clientauth
fi
;;
--no-help-https)
if [[ -n "$HELP_TYPE" ]]; then
HELP_TYPE="$HELP_TYPE"-https
else
HELP_TYPE=-https
fi
;;
--help-ftps)
if [[ "$HELP_TYPE" == "clientauth" ]]; then
HELP_TYPE=clientauth+ftps
elif [[ "$HELP_TYPE" == "-https" ]]; then
HELP_TYPE=ftps-https
else
HELP_TYPE=ftps
fi
;;
--help-search)
case "$2" in
sni)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
These matching options were found for "sni":
--connect-to <HOST1:PORT1:HOST2:PORT2>
For a request to the given HOST1:PORT1 pair, connect to
HOST2:PORT2 instead. This option is suitable to direct requests
at a specific server, e.g. at a specific cluster node in a clus-
ter of servers. This option is only used to establish the net-
work connection. It does NOT affect the hostname/port that is
used for TLS/SSL (e.g. SNI, certificate verification) or for the
application protocols. "HOST1" and "PORT1" may be the empty
string, meaning "any host/port". "HOST2" and "PORT2" may also be
the empty string, meaning "use the request's original
host/port".
A "host" specified to this option is compared as a string, so it
needs to match the name used in request URL. It can be either
numerical such as "127.0.0.1" or the full host name such as "ex-
ample.org".
This option can be used many times to add many connect rules.
See also --resolve and -H, --header. Added in 7.49.0.
EOF
else
cat <<EOF
These matching options were found for "sni":
--connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
EOF
fi
exit 0;
;;
epsv)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Verbose help TBD
EOF
else
cat <<EOF
These matching options were found for "epsv":
--disable-epsv Inhibit using EPSV
--ftp-pasv Use PASV/EPSV instead of PORT
--ftp-pret Send PRET before PASV
--ftp-skip-pasv-ip Skip the IP address for PASV
EOF
fi
exit 0;
;;
*)
echo "Error: you're confusing my brain with this search!"
echo "I only know about sni and epsv."
exit 1
;;
esac
;;
--help-*)
HELP_TYPE="${1#--help-}"
;;
--verbose | -v)
VERBOSE=1
;;
esac
shift
done
# Restore options in case we need to call curl
set -- $ALL_OPTS
if [[ -n "$HELP_TYPE" ]]; then
case "$HELP_TYPE" in
basic)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Basic options:
--anyauth
(HTTP) Tells curl to figure out authentication method by itself, and
use the most secure one the remote site claims to support. This is
done by first doing a request and checking the response-headers, thus
possibly inducing an extra network round-trip. This is used instead of
setting a specific authentication method, which you can do with --ba‐
sic, --digest, --ntlm, and --negotiate.
Using --anyauth is not recommended if you do uploads from stdin, since
it may require data to be sent twice and then the client must be able
to rewind. If the need should arise when uploading from stdin, the up‐
load operation will fail.
Used together with -u, --user.
See also --proxy-anyauth and --basic and --digest.
-a, --append
(FTP SFTP) When used in an upload, this makes curl append to the tar‐
get file instead of overwriting it. If the remote file doesn't exist,
it will be created. Note that this flag is ignored by some SFTP
servers (including OpenSSH).
--basic
(HTTP) Tells curl to use HTTP Basic authentication with the remote
host. This is the default and this option is usually pointless, unless
you use it to override a previously set option that sets a different
authentication method (such as --ntlm, --digest, or --negotiate).
Used together with -u, --user.
See also --proxy-basic.
-K, --config <file>
Specify a text file to read curl arguments from. The command line ar‐
guments found in the text file will be used as if they were provided
on the command line.
Options and their parameters must be specified on the same line in the
file, separated by whitespace, colon, or the equals sign. Long option
names can optionally be given in the config file without the initial
double dashes and if so, the colon or equals characters can be used as
separators. If the option is specified with one or two dashes, there
can be no colon or equals character between the option and its parame‐
ter.
If the parameter contains whitespace (or starts with : or =), the pa‐
rameter must be enclosed within quotes. Within double quotes, the fol‐
lowing escape sequences are available: \\, \", \t, \n, \r and \v. A
backslash preceding any other letter is ignored. If the first column
of a config line is a '#' character, the rest of the line will be
treated as a comment. Only write one option per physical line in the
config file.
Specify the filename to -K, --config as '-' to make curl read the file
from stdin.
Note that to be able to specify a URL in the config file, you need to
specify it using the --url option, and not by simply writing the URL
on its own line. So, it could look similar to this:
url = "https://curl.haxx.se/docs/"
When curl is invoked, it (unless -q, --disable is used) checks for a
default config file and uses it if found. The default config file is
checked for in the following places in this order:
1) curl tries to find the "home dir": It first checks for the
CURL_HOME and then the HOME environment variables. Failing that, it
uses getpwuid() on Unix-like systems (which returns the home dir given
the current user in your system). On Windows, it then checks for the
APPDATA variable, or as a last resort the '%USERPROFILE%\Application
Data'.
2) On windows, if there is no .curlrc file in the home dir, it checks
for one in the same dir the curl executable is placed. On Unix-like
systems, it will simply try to load .curlrc from the determined home
dir.
# --- Example file ---
# this is a comment
url = "example.com"
output = "curlhere.html"
user-agent = "superagent/1.0"
# and fetch another URL too
url = "example.com/docs/manpage.html"
-O
referer = "http://nowhereatall.example.com/"
# --- End of example file ---
This option can be used multiple times to load multiple config files.
--connect-timeout <seconds>
Maximum time in seconds that you allow curl's connection to take.
This only limits the connection phase, so if curl connects within the
given period it will continue - if not it will exit. Since version
7.32.0, this option accepts decimal values.
If this option is used several times, the last one will be used.
See also -m, --max-time.
-c, --cookie-jar <filename>
(HTTP) Specify to which file you want curl to write all cookies after
a completed operation. Curl writes all cookies from its in-memory
cookie storage to the given file at the end of operations. If no cook‐
ies are known, no data will be written. The file will be written using
the Netscape cookie file format. If you set the file name to a single
dash, "-", the cookies will be written to stdout.
This command line option will activate the cookie engine that makes
curl record and use cookies. Another way to activate it is to use the
-b, --cookie option.
If the cookie jar can't be created or written to, the whole curl oper‐
ation won't fail or even report an error clearly. Using -v, --verbose
will get a warning displayed, but that is the only visible feedback
you get about this possibly lethal situation.
If this option is used several times, the last specified file name
will be used.
-b, --cookie <data|filename>
(HTTP) Pass the data to the HTTP server in the Cookie header. It is
supposedly the data previously received from the server in a "Set-
Cookie:" line. The data should be in the format "NAME1=VALUE1;
NAME2=VALUE2".
If no '=' symbol is used in the argument, it is instead treated as a
filename to read previously stored cookie from. This option also acti‐
vates the cookie engine which will make curl record incoming cookies,
which may be handy if you're using this in combination with the -L,
--location option or do multiple URL transfers on the same invoke. If
the file name is exactly a minus ("-"), curl will instead the contents
from stdin.
The file format of the file to read cookies from should be plain HTTP
headers (Set-Cookie style) or the Netscape/Mozilla cookie file format.
The file specified with -b, --cookie is only used as input. No cookies
will be written to the file. To store cookies, use the -c, --cookie-
jar option.
Exercise caution if you are using this option and multiple transfers
may occur. If you use the NAME1=VALUE1; format, or in a file use the
Set-Cookie format and don't specify a domain, then the cookie is sent
for any domain (even after redirects are followed) and cannot be modi‐
fied by a server-set cookie. If the cookie engine is enabled and a
server sets a cookie of the same name then both will be sent on a fu‐
ture transfer to that server, likely not what you intended. To ad‐
dress these issues set a domain in Set-Cookie (doing that will include
sub domains) or use the Netscape format.
If this option is used several times, the last one will be used.
Users very often want to both read cookies from a file and write up‐
dated cookies back to a file, so using both -b, --cookie and -c,
--cookie-jar in the same command line is common.
-d, --data <data>
(HTTP) Sends the specified data in a POST request to the HTTP server,
in the same way that a browser does when a user has filled in an HTML
form and presses the submit button. This will cause curl to pass the
data to the server using the content-type application/x-www-form-ur‐
lencoded. Compare to -F, --form.
--data-raw is almost the same but does not have a special interpreta‐
tion of the @ character. To post data purely binary, you should in‐
stead use the --data-binary option. To URL-encode the value of a form
field you may use --data-urlencode.
If any of these options is used more than once on the same command
line, the data pieces specified will be merged together with a sepa‐
rating &-symbol. Thus, using '-d name=daniel -d skill=lousy' would
generate a post chunk that looks like 'name=daniel&skill=lousy'.
If you start the data with the letter @, the rest should be a file
name to read the data from, or - if you want curl to read the data
from stdin. Multiple files can also be specified. Posting data from a
file named 'foobar' would thus be done with -d, --data @foobar. When
--data is told to read from a file like that, carriage returns and
newlines will be stripped out. If you don't want the @ character to
have a special interpretation use --data-raw instead.
See also --data-binary and --data-urlencode and --data-raw. This op‐
tion overrides -F, --form and -I, --head and -T, --upload-file.
-f, --fail
(HTTP) Fail silently (no output at all) on server errors. This is
mostly done to better enable scripts etc to better deal with failed
attempts. In normal cases when an HTTP server fails to deliver a docu‐
ment, it returns an HTML document stating so (which often also de‐
scribes why and more). This flag will prevent curl from outputting
that and return error 22.
This method is not fail-safe and there are occasions where non-suc‐
cessful response codes will slip through, especially when authentica‐
tion is involved (response codes 401 and 407).
--fail-early
Fail and exit on the first detected transfer error.
When curl is used to do multiple transfers on the command line, it
will attempt to operate on each given URL, one by one. By default, it
will ignore errors if there are more URLs given and the last URL's
success will determine the error code curl returns. So early failures
will be "hidden" by subsequent successful transfers.
Using this option, curl will instead return an error on the first
transfer that fails, independent of the amount of URLs that are given
on the command line. This way, no transfer failures go undetected by
scripts and similar.
This option is global and does not need to be specified for each use
of -:, --next.
This option does not imply -f, --fail, which causes transfers to fail
due to the server's HTTP status code. You can combine the two options,
however note -f, --fail is not global and is therefore contained by
-:, --next.
Added in 7.52.0.
-F, --form <name=content>
(HTTP SMTP IMAP) For HTTP protocol family, this lets curl emulate a
filled-in form in which a user has pressed the submit button. This
causes curl to POST data using the Content-Type multipart/form-data
according to RFC 2388.
For SMTP and IMAP protocols, this is the mean to compose a multipart
mail message to transmit.
This enables uploading of binary files etc. To force the 'content'
part to be a file, prefix the file name with an @ sign. To just get
the content part from a file, prefix the file name with the symbol <.
The difference between @ and < is then that @ makes a file get at‐
tached in the post as a file upload, while the < makes a text field
and just get the contents for that text field from a file.
Tell curl to read content from stdin instead of a file by using - as
filename. This goes for both @ and < constructs. When stdin is used,
the contents is buffered in memory first by curl to determine its size
and allow a possible resend. Defining a part's data from a named non-
regular file (such as a named pipe or similar) is unfortunately not
subject to buffering and will be effectively read at transmission
time; since the full size is unknown before the transfer starts, such
data is sent as chunks by HTTP and rejected by IMAP.
Example: send an image to an HTTP server, where 'profile' is the name
of the form-field to which the file portrait.jpg will be the input:
curl -F profile=@portrait.jpg https://example.com/upload.cgi
Example: send a your name and shoe size in two text fields to the
server:
curl -F name=John -F shoesize=11 https://example.com/
Example: send a your essay in a text field to the server. Send it as a
plain text field, but get the contents for it from a local file:
curl -F "story=<hugefile.txt" https://example.com/
You can also tell curl what Content-Type to use by using 'type=', in a
manner similar to:
curl -F "web=@index.html;type=text/html" example.com
or
curl -F "name=daniel;type=text/foo" example.com
You can also explicitly change the name field of a file upload part by
setting filename=, like this:
curl -F "file=@localfile;filename=nameinpost" example.com
If filename/path contains ',' or ';', it must be quoted by double-
quotes like:
curl -F "file=@\"localfile\";filename=\"nameinpost\"" example.com
or
curl -F 'file=@"localfile";filename="nameinpost"' example.com
Note that if a filename/path is quoted by double-quotes, any double-
quote or backslash within the filename must be escaped by backslash.
Quoting must also be applied to non-file data if it contains semi‐
colons, leading/trailing spaces or leading double quotes:
curl -F 'colors="red; green; blue";type=text/x-myapp' example.com
You can add custom headers to the field by setting headers=, like
curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
or
curl -F "submit=OK;headers=@headerfile" example.com
The headers= keyword may appear more that once and above notes about
quoting apply. When headers are read from a file, Empty lines and
lines starting with '#' are comments and ignored; each header can be
folded by splitting between two words and starting the continuation
line with a space; embedded carriage-returns and trailing spaces are
stripped. Here is an example of a header file contents:
# This file contain two headers.
X-header-1: this is a header
# The following header is folded.
X-header-2: this is
another header
To support sending multipart mail messages, the syntax is extended as
follows:
- name can be omitted: the equal sign is the first character of the
argument,
- if data starts with '(', this signals to start a new multipart: it
can be followed by a content type specification.
- a multipart can be terminated with a '=)' argument.
Example: the following command sends an SMTP mime e-mail consisting in
an inline part in two alternative formats: plain text and HTML. It at‐
taches a text file:
curl -F '=(;type=multipart/alternative' \
-F '=plain text message' \
-F '= <body>HTML message</body>;type=text/html' \
-F '=)' -F '=@textfile.txt' ... smtp://example.com
Data can be encoded for transfer using encoder=. Available encodings
are binary and 8bit that do nothing else than adding the corresponding
Content-Transfer-Encoding header, 7bit that only rejects 8-bit charac‐
ters with a transfer error, quoted-printable and base64 that encodes
data according to the corresponding schemes, limiting lines length to
76 characters.
Example: send multipart mail with a quoted-printable text message and
a base64 attached file:
curl -F '=text message;encoder=quoted-printable' \
-F '=@localfile;encoder=base64' ... smtp://example.com
See further examples and details in the MANUAL.
This option can be used multiple times.
This option overrides -d, --data and -I, --head and -T, --upload-file.
--form-string <name=string>
(HTTP SMTP IMAP) Similar to -F, --form except that the value string
for the named parameter is used literally. Leading '@' and '<' charac‐
ters, and the ';type=' string in the value have no special meaning.
Use this in preference to -F, --form if there's any possibility that
the string value may accidentally trigger the '@' or '<' features of
-F, --form.
See also -F, --form.
-G, --get
When used, this option will make all data specified with -d, --data,
--data-binary or --data-urlencode to be used in an HTTP GET request
instead of the POST request that otherwise would be used. The data
will be appended to the URL with a '?' separator.
If used in combination with -I, --head, the POST data will instead be
appended to the URL with a HEAD request.
If this option is used several times, only the first one is used. This
is because undoing a GET doesn't make sense, but you should then in‐
stead enforce the alternative method you prefer.
-g, --globoff
This option switches off the "URL globbing parser". When you set this
option, you can specify URLs that contain the letters {}[] without
having them being interpreted by curl itself. Note that these letters
are not normal legal URL contents but they should be encoded according
to the URI standard.
-I, --head
(HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the com‐
mand HEAD which this uses to get nothing but the header of a document.
When used on an FTP or FILE file, curl displays the file size and last
modification time only.
-H, --header <header/@file>
(HTTP) Extra header to include in the request when sending HTTP to a
server. You may specify any number of extra headers. Note that if you
should add a custom header that has the same name as one of the inter‐
nal ones curl would use, your externally set header will be used in‐
stead of the internal one. This allows you to make even trickier stuff
than curl would normally do. You should not replace internally set
headers without knowing perfectly well what you're doing. Remove an
internal header by giving a replacement without content on the right
side of the colon, as in: -H "Host:". If you send the custom header
with no-value then its header must be terminated with a semicolon,
such as -H "X-Custom-Header;" to send "X-Custom-Header:".
curl will make sure that each header you add/replace is sent with the
proper end-of-line marker, you should thus not add that as a part of
the header content: do not add newlines or carriage returns, they will
only mess things up for you.
Starting in 7.55.0, this option can take an argument in @filename
style, which then adds a header for each line in the input file. Using
@- will make curl read the header file from stdin.
See also the -A, --user-agent and -e, --referer options.
Starting in 7.37.0, you need --proxy-header to send custom headers in‐
tended for a proxy.
Example:
curl -H "X-First-Name: Joe" http://example.com/
WARNING: headers set with this option will be set in all requests -
even after redirects are followed, like when told with -L, --location.
This can lead to the header being sent to other hosts than the origi‐
nal host, so sensitive headers should be used with caution combined
with following redirects.
This option can be used multiple times to add/replace/remove multiple
headers.
-h, --help
Usage help. This lists all basic command line options with a short
description.
-k, --insecure
(TLS) By default, every SSL connection curl makes is verified to be
secure. This option allows curl to proceed and operate even for server
connections otherwise considered insecure.
The server connection is verified by making sure the server's certifi‐
cate contains the right name and verifies successfully using the cert
store.
See this online resource for further details:
https://curl.haxx.se/docs/sslcerts.html
See also --proxy-insecure and --cacert.
-L, --location
(HTTP) If the server reports that the requested page has moved to a
different location (indicated with a Location: header and a 3XX re‐
sponse code), this option will make curl redo the request on the new
place. If used together with -i, --include or -I, --head, headers from
all requested pages will be shown. When authentication is used, curl
only sends its credentials to the initial host. If a redirect takes
curl to a different host, it won't be able to intercept the user+pass‐
word. See also --location-trusted on how to change this. You can limit
the amount of redirects to follow by using the --max-redirs option.
When curl follows a redirect and the request is not a plain GET (for
example POST or PUT), it will do the following request with a GET if
the HTTP response was 301, 302, or 303. If the response code was any
other 3xx code, curl will re-send the following request using the same
unmodified method.
You can tell curl to not change the non-GET request method to GET af‐
ter a 30x response by using the dedicated options for that: --post301,
--post302 and --post303.
-M, --manual
Manual. Display the huge help text.
-m, --max-time <seconds>
Maximum time in seconds that you allow the whole operation to take.
This is useful for preventing your batch jobs from hanging for hours
due to slow networks or links going down. Since 7.32.0, this option
accepts decimal values, but the actual timeout will decrease in accu‐
racy as the specified timeout increases in decimal precision.
If this option is used several times, the last one will be used.
See also --connect-timeout.
-n, --netrc
Makes curl scan the .netrc (_netrc on Windows) file in the user's home
directory for login name and password. This is typically used for FTP
on Unix. If used with HTTP, curl will enable user authentication. See
netrc(5) ftp(1) for details on the file format. Curl will not complain
if that file doesn't have the right permissions (it should not be ei‐
ther world- or group-readable). The environment variable "HOME" is
used to find the home directory.
A quick and very simple example of how to setup a .netrc to allow curl
to FTP to the machine host.domain.com with user name 'myself' and
password 'secret' should look similar to:
machine host.domain.com login myself password secret
-o, --output <file>
Write output to <file> instead of stdout. If you are using {} or [] to
fetch multiple documents, you can use '#' followed by a number in the
<file> specifier. That variable will be replaced with the current
string for the URL being fetched. Like in:
curl http://{one,two}.example.com -o "file_#1.txt"
or use several variables like:
curl http://{site,host}.host[1-5].com -o "#1_#2"
You may use this option as many times as the number of URLs you have.
For example, if you specify two URLs on the same command line, you can
use it like this:
curl -o aa example.com -o bb example.net
and the order of the -o options and the URLs doesn't matter, just that
the first -o is for the first URL and so on, so the above command line
can also be written as
curl example.com example.net -o aa -o bb
See also the --create-dirs option to create the local directories dy‐
namically. Specifying the output as '-' (a single dash) will force the
output to be done to stdout.
See also -O, --remote-name and --remote-name-all and -J, --remote-
header-name.
-#, --progress-bar
Make curl display transfer progress as a simple progress bar instead
of the standard, more informational, meter.
This progress bar draws a single line of '#' characters across the
screen and shows a percentage if the transfer size is known. For
transfers without a known size, there will be space ship (-=o=-) that
moves back and forth but only while data is being transferred, with a
set of flying hash sign symbols on top.
-x, --proxy [protocol://]host[:port]
Use the specified proxy.
The proxy string can be specified with a protocol:// prefix. No proto‐
col specified or http:// will be treated as HTTP proxy. Use socks4://,
socks4a://, socks5:// or socks5h:// to request a specific SOCKS ver‐
sion to be used. (The protocol support was added in curl 7.21.7)
HTTPS proxy support via https:// protocol prefix was added in 7.52.0
for OpenSSL, GnuTLS and NSS.
Unrecognized and unsupported proxy protocols cause an error since
7.52.0. Prior versions may ignore the protocol and use http:// in‐
stead.
If the port number is not specified in the proxy string, it is assumed
to be 1080.
This option overrides existing environment variables that set the
proxy to use. If there's an environment variable setting a proxy, you
can set proxy to "" to override it.
All operations that are performed over an HTTP proxy will transpar‐
ently be converted to HTTP. It means that certain protocol specific
operations might not be available. This is not the case if you can
tunnel through the proxy, as one with the -p, --proxytunnel option.
User and password that might be provided in the proxy string are URL
decoded by curl. This allows you to pass in special characters such as
@ by using %40 or pass in a colon with %3a.
The proxy host can be specified the exact same way as the proxy envi‐
ronment variables, including the protocol prefix (http://) and the em‐
bedded user + password.
If this option is used several times, the last one will be used.
-U, --proxy-user <user:password>
Specify the user name and password to use for proxy authentication.
If you use a Windows SSPI-enabled curl binary and do either Negotiate
or NTLM authentication then you can tell curl to select the user name
and password from your environment by specifying a single colon with
this option: "-U :".
On systems where it works, curl will hide the given option argument
from process listings. This is not enough to protect credentials from
possibly getting seen by other users on the same system as they will
still be visible for a brief moment before cleared. Such sensitive
data should be retrieved from a file instead or similar and never used
in clear text in a command line.
If this option is used several times, the last one will be used.
--retry <num>
If a transient error is returned when curl tries to perform a trans‐
fer, it will retry this number of times before giving up. Setting the
number to 0 makes curl do no retries (which is the default). Transient
error means either: a timeout, an FTP 4xx response code or an HTTP 408
or 5xx response code.
When curl is about to retry a transfer, it will first wait one second
and then for all forthcoming retries it will double the waiting time
until it reaches 10 minutes which then will be the delay between the
rest of the retries. By using --retry-delay you disable this exponen‐
tial backoff algorithm. See also --retry-max-time to limit the total
time allowed for retries.
Since curl 7.66.0, curl will comply with the Retry-After: response
header if one was present to know when to issue the next retry.
If this option is used several times, the last one will be used.
Added in 7.12.3.
-s, --silent
Silent or quiet mode. Don't show progress meter or error messages.
Makes Curl mute. It will still output the data you ask for, poten‐
tially even to the terminal/stdout unless you redirect it.
Use -S, --show-error in addition to this option to disable progress
meter but still show error messages.
See also -v, --verbose and --stderr.
--ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection. Reverts
to a non-secure connection if the server doesn't support SSL/TLS. See
also --ftp-ssl-control and --ssl-reqd for different levels of encryp‐
tion required.
This option was formerly known as --ftp-ssl (Added in 7.11.0). That
option name can still be used but will be removed in a future version.
Added in 7.20.0.
--trace <file>
Enables a full trace dump of all incoming and outgoing data, including
descriptive information, to the given output file. Use "-" as filename
to have the output sent to stdout. Use "%" as filename to have the
output sent to stderr.
If this option is used several times, the last one will be used.
This option overrides -v, --verbose and --trace-ascii.
-T, --upload-file <file>
This transfers the specified local file to the remote URL. If there is
no file part in the specified URL, curl will append the local file
name. NOTE that you must use a trailing / on the last directory to re‐
ally prove to Curl that there is no file name or curl will think that
your last directory name is the remote file name to use. That will
most likely cause the upload operation to fail. If this is used on an
HTTP(S) server, the PUT command will be used.
Use the file name "-" (a single dash) to use stdin instead of a given
file. Alternately, the file name "." (a single period) may be speci‐
fied instead of "-" to use stdin in non-blocking mode to allow reading
server output while stdin is being uploaded.
You can specify one -T, --upload-file for each URL on the command
line. Each -T, --upload-file + URL pair specifies what to upload and
to where. curl also supports "globbing" of the -T, --upload-file argu‐
ment, meaning that you can upload multiple files to a single URL by
using the same URL globbing style supported in the URL, like this:
curl --upload-file "{file1,file2}" http://www.example.com
or even
curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
When uploading to an SMTP server: the uploaded data is assumed to be
RFC 5322 formatted. It has to feature the necessary set of headers and
mail body formatted correctly by the user as curl will not transcode
nor encode it further in any way.
-u, --user <user:password>
Specify the user name and password to use for server authentication.
Overrides -n, --netrc and --netrc-optional.
If you simply specify the user name, curl will prompt for a password.
The user name and passwords are split up on the first colon, which
makes it impossible to use a colon in the user name with this option.
The password can, still.
On systems where it works, curl will hide the given option argument
from process listings. This is not enough to protect credentials from
possibly getting seen by other users on the same system as they will
still be visible for a brief moment before cleared. Such sensitive
data should be retrieved from a file instead or similar and never used
in clear text in a command line.
When using Kerberos V5 with a Windows based server you should include
the Windows domain name in the user name, in order for the server to
successfully obtain a Kerberos Ticket. If you don't then the initial
authentication handshake may fail.
When using NTLM, the user name can be specified simply as the user
name, without the domain, if there is a single domain and forest in
your setup for example.
To specify the domain name use either Down-Level Logon Name or UPN
(User Principal Name) formats. For example, EXAMPLE\user and user@ex‐
ample.com respectively.
If you use a Windows SSPI-enabled curl binary and perform Kerberos V5,
Negotiate, NTLM or Digest authentication then you can tell curl to se‐
lect the user name and password from your environment by specifying a
single colon with this option: "-u :".
If this option is used several times, the last one will be used.
-v, --verbose
Makes curl verbose during the operation. Useful for debugging and see‐
ing what's going on "under the hood". A line starting with '>' means
"header data" sent by curl, '<' means "header data" received by curl
that is hidden in normal cases, and a line starting with '*' means ad‐
ditional info provided by curl.
If you only want HTTP headers in the output, -i, --include might be
the option you're looking for.
If you think this option still doesn't give you enough details, con‐
sider using --trace or --trace-ascii instead.
Use -s, --silent to make curl really quiet.
See also -i, --include. This option overrides --trace and --trace-
ascii.
-V, --version
Displays information about curl and the libcurl version it uses.
The first line includes the full version of curl, libcurl and
other 3rd party libraries linked with the executable.
The second line (starts with "Protocols:") shows all protocols
that libcurl reports to support.
The third line (starts with "Features:") shows specific features
libcurl reports to offer. Available features include:
IPv6 You can use IPv6 with this.
krb4 Krb4 for FTP is supported.
SSL SSL versions of various protocols are supported, such as
HTTPS, FTPS, POP3S and so on.
libz Automatic decompression of compressed files over HTTP is
supported.
NTLM NTLM authentication is supported.
Debug This curl uses a libcurl built with Debug. This enables
more error-tracking and memory debugging etc. For curl-
developers only!
AsynchDNS
This curl uses asynchronous name resolves. Asynchronous
name resolves can be done using either the c-ares or the
threaded resolver backends.
SPNEGO SPNEGO authentication is supported.
Largefile
This curl supports transfers of large files, files larger
than 2GB.
IDN This curl supports IDN - international domain names.
GSS-API
GSS-API is supported.
SSPI SSPI is supported.
TLS-SRP
SRP (Secure Remote Password) authentication is supported
for TLS.
HTTP2 HTTP/2 support has been built-in.
UnixSockets
Unix sockets support is provided.
HTTPS-proxy
This curl is built to support HTTPS proxy.
Metalink
This curl supports Metalink (both version 3 and 4 (RFC
5854)), which describes mirrors and hashes. curl will
use mirrors for failover if there are errors (such as the
file or server not being available).
PSL PSL is short for Public Suffix List and means that this
curl has been built with knowledge about "public suf‐
fixes".
MultiSSL
This curl supports multiple TLS backends.
EOF
else
cat <<EOF
Usage: curl [options...] <url>
For help on a specific category, use --help-CATEGORY where CATEGORY is one of:
all, clientauth, debug, encryption, net, output, post, proxy, resolv,
request, script, serverauth,
or a protocol scheme:
dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3,
pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp,
If multiple help options are given the result is the intersection.
Search the manual text for matching options with --help-search KEYWORD
For detailed option help, use --verbose or -v with a --help option.
For the curl manual, use --manual.
Basic options:
--anyauth Pick any authentication method
-a, --append Append to target file when uploading
--basic Use HTTP Basic Authentication
-K, --config <file> Read config from a file
--connect-timeout <seconds> Maximum time allowed for connection
-b, --cookie <data|filename> Send cookies from string/file
-c, --cookie-jar <filename> Write cookies to <filename> after operation
-d, --data <data> HTTP POST data
-f, --fail Fail silently (no output at all) on HTTP errors
--fail-early Fail on first transfer error, do not continue
-F, --form <name=content> Specify multipart MIME data
--form-string <name=string> Specify multipart MIME data
-G, --get Put the post data in the URL and use GET
-g, --globoff Disable URL sequences and ranges using {} and []
-I, --head Show document info only
-H, --header <header/@file> Pass custom header(s) to server
-h, --help This help text
-k, --insecure Allow insecure server connections when using SSL
-L, --location Follow redirects
-M, --manual Display the full manual
-m, --max-time <seconds> Maximum time allowed for the transfer
-n, --netrc Must read .netrc for user name and password
-o, --output <file> Write to file instead of stdout
-#, --progress-bar Display transfer progress as a bar
-x, --proxy [protocol://]host[:port] Use this proxy
-U, --proxy-user <user:password> Proxy user and password
--retry <num> Retry request if transient problems occur
-s, --silent Silent mode
--ssl Try SSL/TLS
--trace <file> Write a debug trace to FILE
-T, --upload-file <file> Transfer local FILE to destination
-u, --user <user:password> Server user and password
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
EOF
fi
exit 0
;;
clientauth+ftps)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Verbose help TBD
EOF
else
cat <<EOF
Usage: curl [options...] <url>
These options affect client authentication with ftps:
-E, --cert <certificate[:password]> Client certificate file and password
--cert-type <type> Certificate file type (DER/PEM/ENG)
--delegation <LEVEL> GSS-API delegation permission
--disallow-username-in-url Disallow username in url
--ftp-account <data> Account data string
--ftp-alternative-to-user <command> String to replace USER [name]
--key <key> Private key file name
--key-type <type> Private key file type (DER/PEM/ENG)
--krb <level> Enable Kerberos with security <level>
--negotiate Use HTTP Negotiate (SPNEGO) authentication
-n, --netrc Must read .netrc for user name and password
--pass <phrase> Pass phrase for the private key
--proxy-anyauth Pick any proxy authentication method
--proxy-basic Use Basic authentication on the proxy
--proxy-cert <cert[:passwd]> Set client certificate for proxy
--proxy-cert-type <type> Client certificate type for HTTPS proxy
--proxy-digest Use Digest authentication on the proxy
--proxy-key <key> Private key for HTTPS proxy
--proxy-key-type <type> Private key file type for proxy
--proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
--proxy-ntlm Use NTLM authentication on the proxy
--proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
--proxy-service-name <name> SPNEGO proxy service name
--proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
--proxy-tlspassword <string> TLS password for HTTPS proxy
--proxy-tlsuser <name> TLS username for HTTPS proxy
-U, --proxy-user <user:password> Proxy user and password
--service-name <name> SPNEGO service name
--socks5-basic Enable username/password auth for SOCKS5 proxies
--socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
--socks5-gssapi-nec Compatibility with NEC SOCKS5 server
--socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
--tlsauthtype <type> TLS authentication type
--tlspassword TLS password
--tlsuser <name> TLS user name
-u, --user <user:password> Server user and password
EOF
fi
exit 0
;;
clientauth)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Verbose help TBD
EOF
else
cat <<EOF
Usage: curl [options...] <url>
These options affect transport- or protocol-level client authentication:
--anyauth Pick any authentication method
--basic Use HTTP Basic Authentication
-E, --cert <certificate[:password]> Client certificate file and password
--cert-type <type> Certificate file type (DER/PEM/ENG)
--delegation <LEVEL> GSS-API delegation permission
--digest Use HTTP Digest Authentication
--disallow-username-in-url Disallow username in url
--ftp-account <data> Account data string
--ftp-alternative-to-user <command> String to replace USER [name]
--key <key> Private key file name
--key-type <type> Private key file type (DER/PEM/ENG)
--krb <level> Enable Kerberos with security <level>
--login-options <options> Server login options
--negotiate Use HTTP Negotiate (SPNEGO) authentication
-n, --netrc Must read .netrc for user name and password
--ntlm Use HTTP NTLM authentication
--ntlm-wb Use HTTP NTLM authentication with winbind
--oauth2-bearer <token> OAuth 2 Bearer Token
--pass <phrase> Pass phrase for the private key
--proxy-anyauth Pick any proxy authentication method
--proxy-basic Use Basic authentication on the proxy
--proxy-cert <cert[:passwd]> Set client certificate for proxy
--proxy-cert-type <type> Client certificate type for HTTPS proxy
--proxy-digest Use Digest authentication on the proxy
--proxy-key <key> Private key for HTTPS proxy
--proxy-key-type <type> Private key file type for proxy
--proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
--proxy-ntlm Use NTLM authentication on the proxy
--proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
--proxy-service-name <name> SPNEGO proxy service name
--proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
--proxy-tlspassword <string> TLS password for HTTPS proxy
--proxy-tlsuser <name> TLS username for HTTPS proxy
-U, --proxy-user <user:password> Proxy user and password
--pubkey <key> SSH Public key file name
--sasl-authzid <identity> Use this identity to act as during SASL PLAIN authentication
--sasl-ir Enable initial response in SASL authentication
--service-name <name> SPNEGO service name
--socks5-basic Enable username/password auth for SOCKS5 proxies
--socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
--socks5-gssapi-nec Compatibility with NEC SOCKS5 server
--socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
--tlsauthtype <type> TLS authentication type
--tlspassword TLS password
--tlsuser <name> TLS user name
-u, --user <user:password> Server user and password
EOF
fi
exit 0
;;
serverauth)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Verbose help TBD
EOF
else
cat <<EOF
Usage: curl [options...] <url>
These options affect transport- or protocol-level server authentication:
Usage: curl [options...] <url>
--cacert <file> CA certificate to verify peer against
--capath <dir> CA directory to verify peer against
--cert-status Verify the status of the server certificate
--crlfile <file> Get a CRL list in PEM format from the given file
--delegation <LEVEL> GSS-API delegation permission
--hostpubmd5 <md5> Acceptable MD5 hash of the host public key
-k, --insecure Allow insecure server connections when using SSL
--krb <level> Enable Kerberos with security <level>
--negotiate Use HTTP Negotiate (SPNEGO) authentication
--pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
--proxy-cacert <file> CA certificate to verify peer against for proxy
--proxy-capath <dir> CA directory to verify peer against for proxy
--proxy-crlfile <file> Set a CRL list for proxy
--proxy-insecure Do HTTPS proxy connections without verifying the proxy
--proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
--proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
--proxy-service-name <name> SPNEGO proxy service name
--service-name <name> SPNEGO service name
--socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
--ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
EOF
fi
exit 0
;;
all)
if [[ -n "$VERBOSE" ]]; then
curl --manual
else
cat <<EOF
Usage: curl [options...] <url>
--abstract-unix-socket <path> Connect via abstract Unix domain socket
--alt-svc <file name> Enable alt-svc with this cache file
--anyauth Pick any authentication method
-a, --append Append to target file when uploading
--basic Use HTTP Basic Authentication
--cacert <file> CA certificate to verify peer against
--capath <dir> CA directory to verify peer against
-E, --cert <certificate[:password]> Client certificate file and password
--cert-status Verify the status of the server certificate
--cert-type <type> Certificate file type (DER/PEM/ENG)
--ciphers <list of ciphers> SSL ciphers to use
--compressed Request compressed response
--compressed-ssh Enable SSH compression
-K, --config <file> Read config from a file
--connect-timeout <seconds> Maximum time allowed for connection
--connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
-C, --continue-at <offset> Resumed transfer offset
-b, --cookie <data|filename> Send cookies from string/file
-c, --cookie-jar <filename> Write cookies to <filename> after operation
--create-dirs Create necessary local directory hierarchy
--crlf Convert LF to CRLF in upload
--crlfile <file> Get a CRL list in PEM format from the given file
-d, --data <data> HTTP POST data
--data-ascii <data> HTTP POST ASCII data
--data-binary <data> HTTP POST binary data
--data-raw <data> HTTP POST data, '@' allowed
--data-urlencode <data> HTTP POST data url encoded
--delegation <LEVEL> GSS-API delegation permission
--digest Use HTTP Digest Authentication
-q, --disable Disable .curlrc
--disable-eprt Inhibit using EPRT or LPRT
--disable-epsv Inhibit using EPSV
--disallow-username-in-url Disallow username in url
--dns-interface <interface> Interface to use for DNS requests
--dns-ipv4-addr <address> IPv4 address to use for DNS requests
--dns-ipv6-addr <address> IPv6 address to use for DNS requests
--dns-servers <addresses> DNS server addrs to use
--doh-url <URL> Resolve host names over DOH
-D, --dump-header <filename> Write the received headers to <filename>
--egd-file <file> EGD socket path for random data
--engine <name> Crypto engine to use
--etag-save <file> Get an ETag from response header and save it to a FILE
--etag-compare <file> Get an ETag from a file and send a conditional request
--expect100-timeout <seconds> How long to wait for 100-continue
-f, --fail Fail silently (no output at all) on HTTP errors
--fail-early Fail on first transfer error, do not continue
--false-start Enable TLS False Start
-F, --form <name=content> Specify multipart MIME data
--form-string <name=string> Specify multipart MIME data
--ftp-account <data> Account data string
--ftp-alternative-to-user <command> String to replace USER [name]
--ftp-create-dirs Create the remote dirs if not present
--ftp-method <method> Control CWD usage
--ftp-pasv Use PASV/EPSV instead of PORT
-P, --ftp-port <address> Use PORT instead of PASV
--ftp-pret Send PRET before PASV
--ftp-skip-pasv-ip Skip the IP address for PASV
--ftp-ssl-ccc Send CCC after authenticating
--ftp-ssl-ccc-mode <active/passive> Set CCC mode
--ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer
-G, --get Put the post data in the URL and use GET
-g, --globoff Disable URL sequences and ranges using {} and []
--happy-eyeballs-timeout-ms <milliseconds> How long to wait in milliseconds for IPv6 before trying IPv4
--haproxy-protocol Send HAProxy PROXY protocol v1 header
-I, --head Show document info only
-H, --header <header/@file> Pass custom header(s) to server
-h, --help This help text
--hostpubmd5 <md5> Acceptable MD5 hash of the host public key
--http0.9 Allow HTTP 0.9 responses
-0, --http1.0 Use HTTP 1.0
--http1.1 Use HTTP 1.1
--http2 Use HTTP 2
--http2-prior-knowledge Use HTTP 2 without HTTP/1.1 Upgrade
--http3 Use HTTP v3
--ignore-content-length Ignore the size of the remote resource
-i, --include Include protocol response headers in the output
-k, --insecure Allow insecure server connections when using SSL
--interface <name> Use network INTERFACE (or address)
-4, --ipv4 Resolve names to IPv4 addresses
-6, --ipv6 Resolve names to IPv6 addresses
-j, --junk-session-cookies Ignore session cookies read from file
--keepalive-time <seconds> Interval time for keepalive probes
--key <key> Private key file name
--key-type <type> Private key file type (DER/PEM/ENG)
--krb <level> Enable Kerberos with security <level>
--libcurl <file> Dump libcurl equivalent code of this command line
--limit-rate <speed> Limit transfer speed to RATE
-l, --list-only List only mode
--local-port <num/range> Force use of RANGE for local port numbers
-L, --location Follow redirects
--location-trusted Like --location, and send auth to other hosts
--login-options <options> Server login options
--mail-auth <address> Originator address of the original email
--mail-from <address> Mail from this address
--mail-rcpt <address> Mail to this address
--mail-rcpt-allowfails Allow RCPT TO command to fail for some recipients
-M, --manual Display the full manual
--max-filesize <bytes> Maximum file size to download
--max-redirs <num> Maximum number of redirects allowed
-m, --max-time <seconds> Maximum time allowed for the transfer
--metalink Process given URLs as metalink XML file
--negotiate Use HTTP Negotiate (SPNEGO) authentication
-n, --netrc Must read .netrc for user name and password
--netrc-file <filename> Specify FILE for netrc
--netrc-optional Use either .netrc or URL
-:, --next Make next URL use its separate set of options
--no-alpn Disable the ALPN TLS extension
-N, --no-buffer Disable buffering of the output stream
--no-keepalive Disable TCP keepalive on the connection
--no-npn Disable the NPN TLS extension
--no-progress-meter Do not show the progress meter
--no-sessionid Disable SSL session-ID reusing
--noproxy <no-proxy-list> List of hosts which do not use proxy
--ntlm Use HTTP NTLM authentication
--ntlm-wb Use HTTP NTLM authentication with winbind
--oauth2-bearer <token> OAuth 2 Bearer Token
-o, --output <file> Write to file instead of stdout
-Z, --parallel Perform transfers in parallel
--parallel-immediate Do not wait for multiplexing (with --parallel)
--parallel-max Maximum concurrency for parallel transfers
--pass <phrase> Pass phrase for the private key
--path-as-is Do not squash .. sequences in URL path
--pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
--post301 Do not switch to GET after following a 301
--post302 Do not switch to GET after following a 302
--post303 Do not switch to GET after following a 303
--preproxy [protocol://]host[:port] Use this proxy first
-#, --progress-bar Display transfer progress as a bar
--proto <protocols> Enable/disable PROTOCOLS
--proto-default <protocol> Use PROTOCOL for any URL missing a scheme
--proto-redir <protocols> Enable/disable PROTOCOLS on redirect
-x, --proxy [protocol://]host[:port] Use this proxy
--proxy-anyauth Pick any proxy authentication method
--proxy-basic Use Basic authentication on the proxy
--proxy-cacert <file> CA certificate to verify peer against for proxy
--proxy-capath <dir> CA directory to verify peer against for proxy
--proxy-cert <cert[:passwd]> Set client certificate for proxy
--proxy-cert-type <type> Client certificate type for HTTPS proxy
--proxy-ciphers <list> SSL ciphers to use for proxy
--proxy-crlfile <file> Set a CRL list for proxy
--proxy-digest Use Digest authentication on the proxy
--proxy-header <header/@file> Pass custom header(s) to proxy
--proxy-insecure Do HTTPS proxy connections without verifying the proxy
--proxy-key <key> Private key for HTTPS proxy
--proxy-key-type <type> Private key file type for proxy
--proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
--proxy-ntlm Use NTLM authentication on the proxy
--proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
--proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
--proxy-service-name <name> SPNEGO proxy service name
--proxy-ssl-allow-beast Allow security flaw for interop for HTTPS proxy
--proxy-tls13-ciphers <list> TLS 1.3 ciphersuites for proxy (OpenSSL)
--proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
--proxy-tlspassword <string> TLS password for HTTPS proxy
--proxy-tlsuser <name> TLS username for HTTPS proxy
--proxy-tlsv1 Use TLSv1 for HTTPS proxy
-U, --proxy-user <user:password> Proxy user and password
--proxy1.0 <host[:port]> Use HTTP/1.0 proxy on given port
-p, --proxytunnel Operate through an HTTP proxy tunnel (using CONNECT)
--pubkey <key> SSH Public key file name
-Q, --quote Send command(s) to server before transfer
--random-file <file> File for reading random data from
-r, --range <range> Retrieve only the bytes within RANGE
--raw Do HTTP "raw"; no transfer decoding
-e, --referer <URL> Referrer URL
-J, --remote-header-name Use the header-provided filename
-O, --remote-name Write output to a file named as the remote file
--remote-name-all Use the remote file name for all URLs
-R, --remote-time Set the remote file's time on the local output
-X, --request <command> Specify request command to use
--request-target Specify the target for this request
--resolve <host:port:address[,address]...> Resolve the host+port to this address
--retry <num> Retry request if transient problems occur
--retry-connrefused Retry on connection refused (use with --retry)
--retry-delay <seconds> Wait time between retries
--retry-max-time <seconds> Retry only within this period
--sasl-authzid <identity> Use this identity to act as during SASL PLAIN authentication
--sasl-ir Enable initial response in SASL authentication
--service-name <name> SPNEGO service name
-S, --show-error Show error even when -s is used
-s, --silent Silent mode
--socks4 <host[:port]> SOCKS4 proxy on given host + port
--socks4a <host[:port]> SOCKS4a proxy on given host + port
--socks5 <host[:port]> SOCKS5 proxy on given host + port
--socks5-basic Enable username/password auth for SOCKS5 proxies
--socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
--socks5-gssapi-nec Compatibility with NEC SOCKS5 server
--socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
--socks5-hostname <host[:port]> SOCKS5 proxy, pass host name to proxy
-Y, --speed-limit <speed> Stop transfers slower than this
-y, --speed-time <seconds> Trigger 'speed-limit' abort after this time
--ssl Try SSL/TLS
--ssl-allow-beast Allow security flaw to improve interop
--ssl-no-revoke Disable cert revocation checks (Schannel)
--ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
--ssl-reqd Require SSL/TLS
-2, --sslv2 Use SSLv2
-3, --sslv3 Use SSLv3
--stderr Where to redirect stderr
--styled-output Enable styled output for HTTP headers
--suppress-connect-headers Suppress proxy CONNECT response headers
--tcp-fastopen Use TCP Fast Open
--tcp-nodelay Use the TCP_NODELAY option
-t, --telnet-option <opt=val> Set telnet option
--tftp-blksize <value> Set TFTP BLKSIZE option
--tftp-no-options Do not send any TFTP options
-z, --time-cond <time> Transfer based on a time condition
--tls-max <VERSION> Set maximum allowed TLS version
--tls13-ciphers <list> TLS 1.3 ciphersuites (OpenSSL)
--tlsauthtype <type> TLS authentication type
--tlspassword TLS password
--tlsuser <name> TLS user name
-1, --tlsv1 Use TLSv1.0 or greater
--tlsv1.0 Use TLSv1.0 or greater
--tlsv1.1 Use TLSv1.1 or greater
--tlsv1.2 Use TLSv1.2 or greater
--tlsv1.3 Use TLSv1.3 or greater
--tr-encoding Request compressed transfer encoding
--trace <file> Write a debug trace to FILE
--trace-ascii <file> Like --trace, but without hex output
--trace-time Add time stamps to trace/verbose output
--unix-socket <path> Connect through this Unix domain socket
-T, --upload-file <file> Transfer local FILE to destination
--url <url> URL to work with
-B, --use-ascii Use ASCII/text transfer
-u, --user <user:password> Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out <format> Use output FORMAT after completion
--xattr Store metadata in extended file attributes
EOF
fi
exit 0
;;
debug)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
These options are used for debugging a transfer:
-D, --dump-header <filename>
(HTTP FTP) Write the received protocol headers to the specified
file.
This option is handy to use when you want to store the headers
that an HTTP site sends to you. Cookies from the headers could
then be read in a second curl invocation by using the -b,
--cookie option! The -c, --cookie-jar option is a better way to
store cookies.
If no headers are received, the use of this option will create
an empty file.
When used in FTP, the FTP server response lines are considered
being "headers" and thus are saved there.
If this option is used several times, the last one will be used.
See also -o, --output.
-I, --head
(HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
command HEAD which this uses to get nothing but the header of a
document. When used on an FTP or FILE file, curl displays the
file size and last modification time only.
-i, --include
Include the HTTP response headers in the output. The HTTP re-
sponse headers can include things like server name, cookies,
date of the document, HTTP version and more...
To view the request headers, consider the -v, --verbose option.
See also -v, --verbose.
--stderr
Redirect all writes to stderr to the specified file instead. If
the file name is a plain '-', it is instead written to stdout.
If this option is used several times, the last one will be used.
See also -v, --verbose and -s, --silent.
--trace-ascii <file>
Enables a full trace dump of all incoming and outgoing data, in-
cluding descriptive information, to the given output file. Use
"-" as filename to have the output sent to stdout.
This is very similar to --trace, but leaves out the hex part and
only shows the ASCII part of the dump. It makes smaller output
that might be easier to read for untrained humans.
If this option is used several times, the last one will be used.
This option overrides --trace and -v, --verbose.
--trace-time
Prepends a time stamp to each trace or verbose line that curl
displays.
Added in 7.14.0.
--trace <file>
Enables a full trace dump of all incoming and outgoing data, in-
cluding descriptive information, to the given output file. Use
"-" as filename to have the output sent to stdout. Use "%" as
filename to have the output sent to stderr.
If this option is used several times, the last one will be used.
This option overrides -v, --verbose and --trace-ascii.
-v, --verbose
Makes curl verbose during the operation. Useful for debugging
and seeing what's going on "under the hood". A line starting
with '>' means "header data" sent by curl, '<' means "header
data" received by curl that is hidden in normal cases, and a
line starting with '*' means additional info provided by curl.
If you only want HTTP headers in the output, -i, --include might
be the option you're looking for.
If you think this option still doesn't give you enough details,
consider using --trace or --trace-ascii instead.
Use -s, --silent to make curl really quiet.
See also -i, --include. This option overrides --trace and
--trace-ascii.
-V, --version
Displays information about curl and the libcurl version it uses.
The first line includes the full version of curl, libcurl and
other 3rd party libraries linked with the executable.
The second line (starts with "Protocols:") shows all protocols
that libcurl reports to support.
The third line (starts with "Features:") shows specific features
libcurl reports to offer. Available features include:
IPv6 You can use IPv6 with this.
krb4 Krb4 for FTP is supported.
SSL SSL versions of various protocols are supported, such as
HTTPS, FTPS, POP3S and so on.
libz Automatic decompression of compressed files over HTTP is
supported.
NTLM NTLM authentication is supported.
Debug This curl uses a libcurl built with Debug. This enables
more error-tracking and memory debugging etc. For curl-
developers only!
AsynchDNS
This curl uses asynchronous name resolves. Asynchronous
name resolves can be done using either the c-ares or the
threaded resolver backends.
SPNEGO SPNEGO authentication is supported.
Largefile
This curl supports transfers of large files, files larger
than 2GB.
IDN This curl supports IDN - international domain names.
GSS-API
GSS-API is supported.
SSPI SSPI is supported.
TLS-SRP
SRP (Secure Remote Password) authentication is supported
for TLS.
HTTP2 HTTP/2 support has been built-in.
UnixSockets
Unix sockets support is provided.
HTTPS-proxy
This curl is built to support HTTPS proxy.
Metalink
This curl supports Metalink (both version 3 and 4 (RFC
5854)), which describes mirrors and hashes. curl will
use mirrors for failover if there are errors (such as the
file or server not being available).
PSL PSL is short for Public Suffix List and means that this
curl has been built with knowledge about "public suf‐
fixes".
MultiSSL
This curl supports multiple TLS backends.
-w, --write-out <format>
Make curl display information on stdout after a completed trans‐
fer. The format is a string that may contain plain text mixed
with any number of variables. The format can be specified as a
literal "string", or you can have curl read the format from a
file with "@filename" and to tell curl to read the format from
stdin you write "@-".
The variables present in the output format will be substituted
by the value or text that curl thinks fit, as described below.
All variables are specified as %{variable_name} and to output a
normal % you just write them as %%. You can output a newline by
using \n, a carriage return with \r and a tab space with \t.
The output will be written to standard output, but this can be
switched to standard error by using %{stderr}.
NOTE: The %-symbol is a special symbol in the win32-environment,
where all occurrences of % must be doubled when using this op‐
tion.
The variables available are:
content_type The Content-Type of the requested document, if
there was any.
filename_effective
The ultimate filename that curl writes out to.
This is only meaningful if curl is told to write
to a file with the -O, --remote-name or -o,
--output option. It's most useful in combination
with the -J, --remote-header-name option. (Added
in 7.26.0)
ftp_entry_path The initial path curl ended up in when logging on
to the remote FTP server. (Added in 7.15.4)
http_code The numerical response code that was found in the
last retrieved HTTP(S) or FTP(s) transfer. In
7.18.2 the alias response_code was added to show
the same info.
http_connect The numerical code that was found in the last re‐
sponse (from a proxy) to a curl CONNECT request.
(Added in 7.12.4)
http_version The http version that was effectively used.
(Added in 7.50.0)
local_ip The IP address of the local end of the most re‐
cently done connection - can be either IPv4 or
IPv6 (Added in 7.29.0)
local_port The local port number of the most recently done
connection (Added in 7.29.0)
num_connects Number of new connects made in the recent trans‐
fer. (Added in 7.12.3)
num_redirects Number of redirects that were followed in the re‐
quest. (Added in 7.12.3)
proxy_ssl_verify_result
The result of the HTTPS proxy's SSL peer certifi‐
cate verification that was requested. 0 means the
verification was successful. (Added in 7.52.0)
redirect_url When an HTTP request was made without -L, --loca‐
tion to follow redirects (or when --max-redir is
met), this variable will show the actual URL a
redirect would have gone to. (Added in 7.18.2)
remote_ip The remote IP address of the most recently done
connection - can be either IPv4 or IPv6 (Added in
7.29.0)
remote_port The remote port number of the most recently done
connection (Added in 7.29.0)
scheme The URL scheme (sometimes called protocol) that
was effectively used (Added in 7.52.0)
size_download The total amount of bytes that were downloaded.
size_header The total amount of bytes of the downloaded head‐
ers.
size_request The total amount of bytes that were sent in the
HTTP request.
size_upload The total amount of bytes that were uploaded.
speed_download The average download speed that curl measured for
the complete download. Bytes per second.
speed_upload The average upload speed that curl measured for
the complete upload. Bytes per second.
ssl_verify_result
The result of the SSL peer certificate verifica‐
tion that was requested. 0 means the verification
was successful. (Added in 7.19.0)
stderr From this point on, the -w, --write-out output
will be written to standard error. (Added in
7.63.0)
stdout From this point on, the -w, --write-out output
will be written to standard output. This is the
default, but can be used to switch back after
switching to stderr. (Added in 7.63.0)
time_appconnect
The time, in seconds, it took from the start un‐
til the SSL/SSH/etc connect/handshake to the re‐
mote host was completed. (Added in 7.19.0)
time_connect The time, in seconds, it took from the start un‐
til the TCP connect to the remote host (or proxy)
was completed.
time_namelookup
The time, in seconds, it took from the start un‐
til the name resolving was completed.
time_pretransfer
The time, in seconds, it took from the start un‐
til the file transfer was just about to begin.
This includes all pre-transfer commands and nego‐
tiations that are specific to the particular pro‐
tocol(s) involved.
time_redirect The time, in seconds, it took for all redirection
steps including name lookup, connect, pretransfer
and transfer before the final transaction was
started. time_redirect shows the complete execu‐
tion time for multiple redirections. (Added in
7.12.3)
time_starttransfer
The time, in seconds, it took from the start un‐
til the first byte was just about to be trans‐
ferred. This includes time_pretransfer and also
the time the server needed to calculate the re‐
sult.
time_total The total time, in seconds, that the full opera‐
tion lasted.
url_effective The URL that was fetched last. This is most mean‐
ingful if you've told curl to follow location:
headers.
If this option is used several times, the last one will be used.
EOF
else
cat <<EOF
Usage: curl [options...] <url>
-D, --dump-header <filename> Write the received headers to <filename>
-I, --head Show document info only
-i, --include Include protocol response headers in the output
--stderr Where to redirect stderr
--trace <file> Write a debug trace to FILE
--trace-ascii <file> Like --trace, but without hex output
--trace-time Add time stamps to trace/verbose output
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out <format> Use output FORMAT after completion
EOF
fi
exit 0
;;
ftps)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Verbose help TBD
EOF
else
cat <<EOF
Usage: curl [options...] <url>
These options are valid on ftps transfers:
-a, --append Append to target file when uploading
--cacert <file> CA certificate to verify peer against
--capath <dir> CA directory to verify peer against
-E, --cert <certificate[:password]> Client certificate file and password
--cert-status Verify the status of the server certificate
--cert-type <type> Certificate file type (DER/PEM/ENG)
--ciphers <list of ciphers> SSL ciphers to use
-K, --config <file> Read config from a file
--connect-timeout <seconds> Maximum time allowed for connection
--connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
-C, --continue-at <offset> Resumed transfer offset
--create-dirs Create necessary local directory hierarchy
--crlf Convert LF to CRLF in upload
--crlfile <file> Get a CRL list in PEM format from the given file
--delegation <LEVEL> GSS-API delegation permission
-q, --disable Disable .curlrc
--disable-eprt Inhibit using EPRT or LPRT
--disable-epsv Inhibit using EPSV
--disallow-username-in-url Disallow username in url
--dns-interface <interface> Interface to use for DNS requests
--dns-ipv4-addr <address> IPv4 address to use for DNS requests
--dns-ipv6-addr <address> IPv6 address to use for DNS requests
--dns-servers <addresses> DNS server addrs to use
--doh-url <URL> Resolve host names over DOH
-D, --dump-header <filename> Write the received headers to <filename>
--egd-file <file> EGD socket path for random data
--engine <name> Crypto engine to use
-f, --fail Fail silently (no output at all) on HTTP errors
--fail-early Fail on first transfer error, do not continue
--false-start Enable TLS False Start
--ftp-account <data> Account data string
--ftp-alternative-to-user <command> String to replace USER [name]
--ftp-create-dirs Create the remote dirs if not present
--ftp-method <method> Control CWD usage
--ftp-pasv Use PASV/EPSV instead of PORT
-P, --ftp-port <address> Use PORT instead of PASV
--ftp-pret Send PRET before PASV
--ftp-skip-pasv-ip Skip the IP address for PASV
--ftp-ssl-ccc Send CCC after authenticating
--ftp-ssl-ccc-mode <active/passive> Set CCC mode
--ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer
-g, --globoff Disable URL sequences and ranges using {} and []
--happy-eyeballs-timeout-ms <milliseconds> How long to wait in milliseconds for IPv6 before trying IPv4
--haproxy-protocol Send HAProxy PROXY protocol v1 header
-I, --head Show document info only
--ignore-content-length Ignore the size of the remote resource
-i, --include Include protocol response headers in the output
-k, --insecure Allow insecure server connections when using SSL
--interface <name> Use network INTERFACE (or address)
-4, --ipv4 Resolve names to IPv4 addresses
-6, --ipv6 Resolve names to IPv6 addresses
--keepalive-time <seconds> Interval time for keepalive probes
--key <key> Private key file name
--key-type <type> Private key file type (DER/PEM/ENG)
--krb <level> Enable Kerberos with security <level>
--libcurl <file> Dump libcurl equivalent code of this command line
--limit-rate <speed> Limit transfer speed to RATE
-l, --list-only List only mode
--local-port <num/range> Force use of RANGE for local port numbers
-M, --manual Display the full manual
--max-filesize <bytes> Maximum file size to download
-m, --max-time <seconds> Maximum time allowed for the transfer
--metalink Process given URLs as metalink XML file
--negotiate Use HTTP Negotiate (SPNEGO) authentication
-n, --netrc Must read .netrc for user name and password
--netrc-file <filename> Specify FILE for netrc
--netrc-optional Use either .netrc or URL
-:, --next Make next URL use its separate set of options
--no-alpn Disable the ALPN TLS extension
-N, --no-buffer Disable buffering of the output stream
--no-keepalive Disable TCP keepalive on the connection
--no-npn Disable the NPN TLS extension
--no-progress-meter Do not show the progress meter
--no-sessionid Disable SSL session-ID reusing
--noproxy <no-proxy-list> List of hosts which do not use proxy
-o, --output <file> Write to file instead of stdout
-Z, --parallel Perform transfers in parallel
--parallel-immediate Do not wait for multiplexing (with --parallel)
--parallel-max Maximum concurrency for parallel transfers
--pass <phrase> Pass phrase for the private key
--path-as-is Do not squash .. sequences in URL path
--pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
--preproxy [protocol://]host[:port] Use this proxy first
-#, --progress-bar Display transfer progress as a bar
--proto <protocols> Enable/disable PROTOCOLS
--proto-default <protocol> Use PROTOCOL for any URL missing a scheme
--proto-redir <protocols> Enable/disable PROTOCOLS on redirect
-x, --proxy [protocol://]host[:port] Use this proxy
--proxy-anyauth Pick any proxy authentication method
--proxy-basic Use Basic authentication on the proxy
--proxy-cacert <file> CA certificate to verify peer against for proxy
--proxy-capath <dir> CA directory to verify peer against for proxy
--proxy-cert <cert[:passwd]> Set client certificate for proxy
--proxy-cert-type <type> Client certificate type for HTTPS proxy
--proxy-ciphers <list> SSL ciphers to use for proxy
--proxy-crlfile <file> Set a CRL list for proxy
--proxy-digest Use Digest authentication on the proxy
--proxy-header <header/@file> Pass custom header(s) to proxy
--proxy-insecure Do HTTPS proxy connections without verifying the proxy
--proxy-key <key> Private key for HTTPS proxy
--proxy-key-type <type> Private key file type for proxy
--proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
--proxy-ntlm Use NTLM authentication on the proxy
--proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
--proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
--proxy-service-name <name> SPNEGO proxy service name
--proxy-ssl-allow-beast Allow security flaw for interop for HTTPS proxy
--proxy-tls13-ciphers <list> TLS 1.3 ciphersuites for proxy (OpenSSL)
--proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
--proxy-tlspassword <string> TLS password for HTTPS proxy
--proxy-tlsuser <name> TLS username for HTTPS proxy
--proxy-tlsv1 Use TLSv1 for HTTPS proxy
-U, --proxy-user <user:password> Proxy user and password
--proxy1.0 <host[:port]> Use HTTP/1.0 proxy on given port
-p, --proxytunnel Operate through an HTTP proxy tunnel (using CONNECT)
-Q, --quote Send command(s) to server before transfer
--random-file <file> File for reading random data from
-r, --range <range> Retrieve only the bytes within RANGE
-e, --referer <URL> Referrer URL
-O, --remote-name Write output to a file named as the remote file
--remote-name-all Use the remote file name for all URLs
-R, --remote-time Set the remote file's time on the local output
-X, --request <command> Specify request command to use
--resolve <host:port:address[,address]...> Resolve the host+port to this address
--retry <num> Retry request if transient problems occur
--retry-connrefused Retry on connection refused (use with --retry)
--retry-delay <seconds> Wait time between retries
--retry-max-time <seconds> Retry only within this period
--service-name <name> SPNEGO service name
-S, --show-error Show error even when -s is used
-s, --silent Silent mode
--socks4 <host[:port]> SOCKS4 proxy on given host + port
--socks4a <host[:port]> SOCKS4a proxy on given host + port
--socks5 <host[:port]> SOCKS5 proxy on given host + port
--socks5-basic Enable username/password auth for SOCKS5 proxies
--socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
--socks5-gssapi-nec Compatibility with NEC SOCKS5 server
--socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
--socks5-hostname <host[:port]> SOCKS5 proxy, pass host name to proxy
-Y, --speed-limit <speed> Stop transfers slower than this
-y, --speed-time <seconds> Trigger 'speed-limit' abort after this time
--ssl Try SSL/TLS
--ssl-allow-beast Allow security flaw to improve interop
--ssl-no-revoke Disable cert revocation checks (Schannel)
--ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
--ssl-reqd Require SSL/TLS
-2, --sslv2 Use SSLv2
-3, --sslv3 Use SSLv3
--stderr Where to redirect stderr
--suppress-connect-headers Suppress proxy CONNECT response headers
--tcp-fastopen Use TCP Fast Open
--tcp-nodelay Use the TCP_NODELAY option
-z, --time-cond <time> Transfer based on a time condition
--tls-max <VERSION> Set maximum allowed TLS version
--tls13-ciphers <list> TLS 1.3 ciphersuites (OpenSSL)
--tlsauthtype <type> TLS authentication type
--tlspassword TLS password
--tlsuser <name> TLS user name
-1, --tlsv1 Use TLSv1.0 or greater
--tlsv1.0 Use TLSv1.0 or greater
--tlsv1.1 Use TLSv1.1 or greater
--tlsv1.2 Use TLSv1.2 or greater
--tlsv1.3 Use TLSv1.3 or greater
--trace <file> Write a debug trace to FILE
--trace-ascii <file> Like --trace, but without hex output
--trace-time Add time stamps to trace/verbose output
-T, --upload-file <file> Transfer local FILE to destination
--url <url> URL to work with
-B, --use-ascii Use ASCII/text transfer
-u, --user <user:password> Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out <format> Use output FORMAT after completion
--xattr Store metadata in extended file attributes
EOF
fi
exit 0
;;
https)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Verbose help TBD
EOF
else
cat <<EOF
Usage: curl [options...] <url>
These options are valid on https transfers:
--abstract-unix-socket <path> Connect via abstract Unix domain socket
--alt-svc <file name> Enable alt-svc with this cache file
--anyauth Pick any authentication method
-a, --append Append to target file when uploading
--basic Use HTTP Basic Authentication
--cacert <file> CA certificate to verify peer against
--capath <dir> CA directory to verify peer against
-E, --cert <certificate[:password]> Client certificate file and password
--cert-status Verify the status of the server certificate
--cert-type <type> Certificate file type (DER/PEM/ENG)
--ciphers <list of ciphers> SSL ciphers to use
--compressed Request compressed response
-K, --config <file> Read config from a file
--connect-timeout <seconds> Maximum time allowed for connection
--connect-to <HOST1:PORT1:HOST2:PORT2> Connect to host
-C, --continue-at <offset> Resumed transfer offset
-b, --cookie <data|filename> Send cookies from string/file
-c, --cookie-jar <filename> Write cookies to <filename> after operation
--create-dirs Create necessary local directory hierarchy
--crlf Convert LF to CRLF in upload
--crlfile <file> Get a CRL list in PEM format from the given file
-d, --data <data> HTTP POST data
--data-ascii <data> HTTP POST ASCII data
--data-binary <data> HTTP POST binary data
--data-raw <data> HTTP POST data, '@' allowed
--data-urlencode <data> HTTP POST data url encoded
--delegation <LEVEL> GSS-API delegation permission
--digest Use HTTP Digest Authentication
-q, --disable Disable .curlrc
--disable-eprt Inhibit using EPRT or LPRT
--disable-epsv Inhibit using EPSV
--disallow-username-in-url Disallow username in url
--dns-interface <interface> Interface to use for DNS requests
--dns-ipv4-addr <address> IPv4 address to use for DNS requests
--dns-ipv6-addr <address> IPv6 address to use for DNS requests
--dns-servers <addresses> DNS server addrs to use
--doh-url <URL> Resolve host names over DOH
-D, --dump-header <filename> Write the received headers to <filename>
--egd-file <file> EGD socket path for random data
--engine <name> Crypto engine to use
--etag-save <file> Get an ETag from response header and save it to a FILE
--etag-compare <file> Get an ETag from a file and send a conditional request
--expect100-timeout <seconds> How long to wait for 100-continue
-f, --fail Fail silently (no output at all) on HTTP errors
--fail-early Fail on first transfer error, do not continue
--false-start Enable TLS False Start
-F, --form <name=content> Specify multipart MIME data
--form-string <name=string> Specify multipart MIME data
-G, --get Put the post data in the URL and use GET
-g, --globoff Disable URL sequences and ranges using {} and []
--happy-eyeballs-timeout-ms <milliseconds> How long to wait in milliseconds for IPv6 before trying IPv4
--haproxy-protocol Send HAProxy PROXY protocol v1 header
-I, --head Show document info only
-H, --header <header/@file> Pass custom header(s) to server
-h, --help This help text
--http0.9 Allow HTTP 0.9 responses
-0, --http1.0 Use HTTP 1.0
--http1.1 Use HTTP 1.1
--http2 Use HTTP 2
--http2-prior-knowledge Use HTTP 2 without HTTP/1.1 Upgrade
--http3 Use HTTP v3
--ignore-content-length Ignore the size of the remote resource
-i, --include Include protocol response headers in the output
-k, --insecure Allow insecure server connections when using SSL
--interface <name> Use network INTERFACE (or address)
-4, --ipv4 Resolve names to IPv4 addresses
-6, --ipv6 Resolve names to IPv6 addresses
-j, --junk-session-cookies Ignore session cookies read from file
--keepalive-time <seconds> Interval time for keepalive probes
--key <key> Private key file name
--key-type <type> Private key file type (DER/PEM/ENG)
--krb <level> Enable Kerberos with security <level>
--libcurl <file> Dump libcurl equivalent code of this command line
--limit-rate <speed> Limit transfer speed to RATE
--local-port <num/range> Force use of RANGE for local port numbers
-L, --location Follow redirects
--location-trusted Like --location, and send auth to other hosts
-M, --manual Display the full manual
--max-filesize <bytes> Maximum file size to download
--max-redirs <num> Maximum number of redirects allowed
-m, --max-time <seconds> Maximum time allowed for the transfer
--metalink Process given URLs as metalink XML file
--negotiate Use HTTP Negotiate (SPNEGO) authentication
-n, --netrc Must read .netrc for user name and password
--netrc-file <filename> Specify FILE for netrc
--netrc-optional Use either .netrc or URL
-:, --next Make next URL use its separate set of options
--no-alpn Disable the ALPN TLS extension
-N, --no-buffer Disable buffering of the output stream
--no-keepalive Disable TCP keepalive on the connection
--no-npn Disable the NPN TLS extension
--no-progress-meter Do not show the progress meter
--no-sessionid Disable SSL session-ID reusing
--noproxy <no-proxy-list> List of hosts which do not use proxy
--ntlm Use HTTP NTLM authentication
--ntlm-wb Use HTTP NTLM authentication with winbind
--oauth2-bearer <token> OAuth 2 Bearer Token
-o, --output <file> Write to file instead of stdout
-Z, --parallel Perform transfers in parallel
--parallel-immediate Do not wait for multiplexing (with --parallel)
--parallel-max Maximum concurrency for parallel transfers
--pass <phrase> Pass phrase for the private key
--path-as-is Do not squash .. sequences in URL path
--pinnedpubkey <hashes> FILE/HASHES Public key to verify peer against
--post301 Do not switch to GET after following a 301
--post302 Do not switch to GET after following a 302
--post303 Do not switch to GET after following a 303
--preproxy [protocol://]host[:port] Use this proxy first
-#, --progress-bar Display transfer progress as a bar
--proto <protocols> Enable/disable PROTOCOLS
--proto-default <protocol> Use PROTOCOL for any URL missing a scheme
--proto-redir <protocols> Enable/disable PROTOCOLS on redirect
-x, --proxy [protocol://]host[:port] Use this proxy
--proxy-anyauth Pick any proxy authentication method
--proxy-basic Use Basic authentication on the proxy
--proxy-cacert <file> CA certificate to verify peer against for proxy
--proxy-capath <dir> CA directory to verify peer against for proxy
--proxy-cert <cert[:passwd]> Set client certificate for proxy
--proxy-cert-type <type> Client certificate type for HTTPS proxy
--proxy-ciphers <list> SSL ciphers to use for proxy
--proxy-crlfile <file> Set a CRL list for proxy
--proxy-digest Use Digest authentication on the proxy
--proxy-header <header/@file> Pass custom header(s) to proxy
--proxy-insecure Do HTTPS proxy connections without verifying the proxy
--proxy-key <key> Private key for HTTPS proxy
--proxy-key-type <type> Private key file type for proxy
--proxy-negotiate Use HTTP Negotiate (SPNEGO) authentication on the proxy
--proxy-ntlm Use NTLM authentication on the proxy
--proxy-pass <phrase> Pass phrase for the private key for HTTPS proxy
--proxy-pinnedpubkey <hashes> FILE/HASHES public key to verify proxy with
--proxy-service-name <name> SPNEGO proxy service name
--proxy-ssl-allow-beast Allow security flaw for interop for HTTPS proxy
--proxy-tls13-ciphers <list> TLS 1.3 ciphersuites for proxy (OpenSSL)
--proxy-tlsauthtype <type> TLS authentication type for HTTPS proxy
--proxy-tlspassword <string> TLS password for HTTPS proxy
--proxy-tlsuser <name> TLS username for HTTPS proxy
--proxy-tlsv1 Use TLSv1 for HTTPS proxy
-U, --proxy-user <user:password> Proxy user and password
--proxy1.0 <host[:port]> Use HTTP/1.0 proxy on given port
-p, --proxytunnel Operate through an HTTP proxy tunnel (using CONNECT)
--random-file <file> File for reading random data from
-r, --range <range> Retrieve only the bytes within RANGE
--raw Do HTTP "raw"; no transfer decoding
-e, --referer <URL> Referrer URL
-J, --remote-header-name Use the header-provided filename
-O, --remote-name Write output to a file named as the remote file
--remote-name-all Use the remote file name for all URLs
-R, --remote-time Set the remote file's time on the local output
-X, --request <command> Specify request command to use
--request-target Specify the target for this request
--resolve <host:port:address[,address]...> Resolve the host+port to this address
--retry <num> Retry request if transient problems occur
--retry-connrefused Retry on connection refused (use with --retry)
--retry-delay <seconds> Wait time between retries
--retry-max-time <seconds> Retry only within this period
--service-name <name> SPNEGO service name
-S, --show-error Show error even when -s is used
-s, --silent Silent mode
--socks4 <host[:port]> SOCKS4 proxy on given host + port
--socks4a <host[:port]> SOCKS4a proxy on given host + port
--socks5 <host[:port]> SOCKS5 proxy on given host + port
--socks5-basic Enable username/password auth for SOCKS5 proxies
--socks5-gssapi Enable GSS-API auth for SOCKS5 proxies
--socks5-gssapi-nec Compatibility with NEC SOCKS5 server
--socks5-gssapi-service <name> SOCKS5 proxy service name for GSS-API
--socks5-hostname <host[:port]> SOCKS5 proxy, pass host name to proxy
-Y, --speed-limit <speed> Stop transfers slower than this
-y, --speed-time <seconds> Trigger 'speed-limit' abort after this time
--ssl Try SSL/TLS
--ssl-allow-beast Allow security flaw to improve interop
--ssl-no-revoke Disable cert revocation checks (Schannel)
--ssl-revoke-best-effort Ignore revocation offline or missing revocation list errors (Schannel)
--ssl-reqd Require SSL/TLS
-2, --sslv2 Use SSLv2
-3, --sslv3 Use SSLv3
--stderr Where to redirect stderr
--styled-output Enable styled output for HTTP headers
--suppress-connect-headers Suppress proxy CONNECT response headers
--tcp-fastopen Use TCP Fast Open
--tcp-nodelay Use the TCP_NODELAY option
-z, --time-cond <time> Transfer based on a time condition
--tls-max <VERSION> Set maximum allowed TLS version
--tls13-ciphers <list> TLS 1.3 ciphersuites (OpenSSL)
--tlsauthtype <type> TLS authentication type
--tlspassword TLS password
--tlsuser <name> TLS user name
-1, --tlsv1 Use TLSv1.0 or greater
--tlsv1.0 Use TLSv1.0 or greater
--tlsv1.1 Use TLSv1.1 or greater
--tlsv1.2 Use TLSv1.2 or greater
--tlsv1.3 Use TLSv1.3 or greater
--tr-encoding Request compressed transfer encoding
--trace <file> Write a debug trace to FILE
--trace-ascii <file> Like --trace, but without hex output
--trace-time Add time stamps to trace/verbose output
--unix-socket <path> Connect through this Unix domain socket
-T, --upload-file <file> Transfer local FILE to destination
--url <url> URL to work with
-u, --user <user:password> Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out <format> Use output FORMAT after completion
--xattr Store metadata in extended file attributes
EOF
fi
exit 0
;;
ftps-https)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Verbose help TBD
EOF
else
cat <<EOF
Usage: curl [options...] <url>
These options affect ftps but not https:
-B, --use-ascii Use ASCII/text transfer
--ftp-account <data> Account data string
--ftp-alternative-to-user <command> String to replace USER [name]
--ftp-create-dirs Create the remote dirs if not present
--ftp-method <method> Control CWD usage
--ftp-pasv Use PASV/EPSV instead of PORT
--ftp-pret Send PRET before PASV
--ftp-skip-pasv-ip Skip the IP address for PASV
--ftp-ssl-ccc-mode <active/passive> Set CCC mode
--ftp-ssl-ccc Send CCC after authenticating
--ftp-ssl-control Require SSL/TLS for FTP login, clear for transfer
-l, --list-only List only mode
-P, --ftp-port <address> Use PORT instead of PASV
-Q, --quote Send command(s) to server before transfer
EOF
fi
exit 0
;;
output)
if [[ -n "$VERBOSE" ]]; then
cat <<EOF
Usage: curl [options...] <url>
These options are used to modify the local output of the transfer:
--create-dirs
When used in conjunction with the -o, --output option, curl will
create the necessary local directory hierarchy as needed. This
option creates the dirs mentioned with the -o, --output option,
nothing else. If the --output file name uses no dir or if the
dirs it mentions already exist, no dir will be created.
To create remote directories when using FTP or SFTP, try --ftp-
create-dirs.
-i, --include
Include the HTTP response headers in the output. The HTTP re‐
sponse headers can include things like server name, cookies,
date of the document, HTTP version and more...
To view the request headers, consider the -v, --verbose option.
See also -v, --verbose.
-N, --no-buffer
Disables the buffering of the output stream. In normal work sit‐
uations, curl will use a standard buffered output stream that
will have the effect that it will output the data in chunks, not
necessarily exactly when the data arrives. Using this option
will disable that buffering.
Note that this is the negated option name documented. You can
thus use --buffer to enforce the buffering.
-o, --output <file>
Write output to <file> instead of stdout. If you are using {} or
[] to fetch multiple documents, you can use '#' followed by a
number in the <file> specifier. That variable will be replaced
with the current string for the URL being fetched. Like in:
curl http://{one,two}.example.com -o "file_#1.txt"
or use several variables like:
curl http://{site,host}.host[1-5].com -o "#1_#2"
You may use this option as many times as the number of URLs you
have. For example, if you specify two URLs on the same command
line, you can use it like this:
curl -o aa example.com -o bb example.net
and the order of the -o options and the URLs doesn't matter,
just that the first -o is for the first URL and so on, so the
above command line can also be written as
curl example.com example.net -o aa -o bb
See also the --create-dirs option to create the local directo‐
ries dynamically. Specifying the output as '-' (a single dash)
will force the output to be done to stdout.
See also -O, --remote-name and --remote-name-all and -J, --re‐
mote-header-name.
-J, --remote-header-name
(HTTP) This option tells the -O, --remote-name option to use the
server-specified Content-Disposition filename instead of ex‐
tracting a filename from the URL.
If the server specifies a file name and a file with that name
already exists in the current working directory it will not be
overwritten and an error will occur. If the server doesn't spec‐
ify a file name then this option has no effect.
There's no attempt to decode %-sequences (yet) in the provided
file name, so this option may provide you with rather unexpected
file names.
WARNING: Exercise judicious use of this option, especially on
Windows. A rogue server could send you the name of a DLL or
other file that could possibly be loaded automatically by Win‐
dows or some third party software.
--remote-name-all
This option changes the default action for all given URLs to be
dealt with as if -O, --remote-name were used for each one. So if
you want to disable that for a specific URL after --remote-name-
all has been used, you must use "-o -" or --no-remote-name.
Added in 7.19.0.
-O, --remote-name
Write output to a local file named like the remote file we get.
(Only the file part of the remote file is used, the path is cut
off.)
The file will be saved in the current working directory. If you
want the file saved in a different directory, make sure you
change the current working directory before invoking curl with
this option.
The remote file name to use for saving is extracted from the
given URL, nothing else, and if it already exists it will be
overwritten. If you want the server to be able to choose the
file name refer to -J, --remote-header-name which can be used in
addition to this option. If the server chooses a file name and
that name already exists it will not be overwritten.
There is no URL decoding done on the file name. If it has %20 or
other URL encoded parts of the name, they will end up as-is as
file name.
You may use this option as many times as the number of URLs you
have.
-R, --remote-time
When used, this will make curl attempt to figure out the time‐
stamp of the remote file, and if that is available make the lo‐
cal file get that same timestamp.
--stderr
Redirect all writes to stderr to the specified file instead. If
the file name is a plain '-', it is instead written to stdout.
If this option is used several times, the last one will be used.
See also -v, --verbose and -s, --silent.
--styled-output
Enables the automatic use of bold font styles when writing HTTP
headers to the terminal. Use --no-styled-output to switch them
off.
Added in 7.61.0.
--suppress-connect-headers
When -p, --proxytunnel is used and a CONNECT request is made
don't output proxy CONNECT response headers. This option is
meant to be used with -D, --dump-header or -i, --include which
are used to show protocol headers in the output. It has no ef‐
fect on debug options such as -v, --verbose or --trace, or any
statistics.
See also -D, --dump-header and -i, --include and -p, --proxytun‐
nel.
-B, --use-ascii
(FTP LDAP) Enable ASCII transfer. For FTP, this can also be en‐
forced by using a URL that ends with ";type=A". This option
causes data sent to stdout to be in text mode for win32 systems.
-v, --verbose
Makes curl verbose during the operation. Useful for debugging
and seeing what's going on "under the hood". A line starting
with '>' means "header data" sent by curl, '<' means "header
data" received by curl that is hidden in normal cases, and a
line starting with '*' means additional info provided by curl.
If you only want HTTP headers in the output, -i, --include might
be the option you're looking for.
If you think this option still doesn't give you enough details,
consider using --trace or --trace-ascii instead.
Use -s, --silent to make curl really quiet.
See also -i, --include. This option overrides --trace and
--trace-ascii.
-V, --version
Displays information about curl and the libcurl version it uses.
The first line includes the full version of curl, libcurl and
other 3rd party libraries linked with the executable.
The second line (starts with "Protocols:") shows all protocols
that libcurl reports to support.
The third line (starts with "Features:") shows specific features
libcurl reports to offer. Available features include:
IPv6 You can use IPv6 with this.
krb4 Krb4 for FTP is supported.
SSL SSL versions of various protocols are supported, such as
HTTPS, FTPS, POP3S and so on.
libz Automatic decompression of compressed files over HTTP is
supported.
NTLM NTLM authentication is supported.
Debug This curl uses a libcurl built with Debug. This enables
more error-tracking and memory debugging etc. For curl-
developers only!
AsynchDNS
This curl uses asynchronous name resolves. Asynchronous
name resolves can be done using either the c-ares or the
threaded resolver backends.
SPNEGO SPNEGO authentication is supported.
Largefile
This curl supports transfers of large files, files larger
than 2GB.
IDN This curl supports IDN - international domain names.
GSS-API
GSS-API is supported.
SSPI SSPI is supported.
TLS-SRP
SRP (Secure Remote Password) authentication is supported
for TLS.
HTTP2 HTTP/2 support has been built-in.
UnixSockets
Unix sockets support is provided.
HTTPS-proxy
This curl is built to support HTTPS proxy.
Metalink
This curl supports Metalink (both version 3 and 4 (RFC
5854)), which describes mirrors and hashes. curl will
use mirrors for failover if there are errors (such as the
file or server not being available).
PSL PSL is short for Public Suffix List and means that this
curl has been built with knowledge about "public suf‐
fixes".
MultiSSL
This curl supports multiple TLS backends.
-w, --write-out <format>
Make curl display information on stdout after a completed trans‐
fer. The format is a string that may contain plain text mixed
with any number of variables. The format can be specified as a
literal "string", or you can have curl read the format from a
file with "@filename" and to tell curl to read the format from
stdin you write "@-".
The variables present in the output format will be substituted
by the value or text that curl thinks fit, as described below.
All variables are specified as %{variable_name} and to output a
normal % you just write them as %%. You can output a newline by
using \n, a carriage return with \r and a tab space with \t.
The output will be written to standard output, but this can be
switched to standard error by using %{stderr}.
NOTE: The %-symbol is a special symbol in the win32-environment,
where all occurrences of % must be doubled when using this op‐
tion.
The variables available are:
content_type The Content-Type of the requested document, if
there was any.
filename_effective
The ultimate filename that curl writes out to.
This is only meaningful if curl is told to write
to a file with the -O, --remote-name or -o,
--output option. It's most useful in combination
with the -J, --remote-header-name option. (Added
in 7.26.0)
ftp_entry_path The initial path curl ended up in when logging on
to the remote FTP server. (Added in 7.15.4)
http_code The numerical response code that was found in the
last retrieved HTTP(S) or FTP(s) transfer. In
7.18.2 the alias response_code was added to show
the same info.
http_connect The numerical code that was found in the last re‐
sponse (from a proxy) to a curl CONNECT request.
(Added in 7.12.4)
http_version The http version that was effectively used.
(Added in 7.50.0)
local_ip The IP address of the local end of the most re‐
cently done connection - can be either IPv4 or
IPv6 (Added in 7.29.0)
local_port The local port number of the most recently done
connection (Added in 7.29.0)
num_connects Number of new connects made in the recent trans‐
fer. (Added in 7.12.3)
num_redirects Number of redirects that were followed in the re‐
quest. (Added in 7.12.3)
proxy_ssl_verify_result
The result of the HTTPS proxy's SSL peer certifi‐
cate verification that was requested. 0 means the
verification was successful. (Added in 7.52.0)
redirect_url When an HTTP request was made without -L, --loca‐
tion to follow redirects (or when --max-redir is
met), this variable will show the actual URL a
redirect would have gone to. (Added in 7.18.2)
remote_ip The remote IP address of the most recently done
connection - can be either IPv4 or IPv6 (Added in
7.29.0)
remote_port The remote port number of the most recently done
connection (Added in 7.29.0)
scheme The URL scheme (sometimes called protocol) that
was effectively used (Added in 7.52.0)
size_download The total amount of bytes that were downloaded.
size_header The total amount of bytes of the downloaded head‐
ers.
size_request The total amount of bytes that were sent in the
HTTP request.
size_upload The total amount of bytes that were uploaded.
speed_download The average download speed that curl measured for
the complete download. Bytes per second.
speed_upload The average upload speed that curl measured for
the complete upload. Bytes per second.
ssl_verify_result
The result of the SSL peer certificate verifica‐
tion that was requested. 0 means the verification
was successful. (Added in 7.19.0)
stderr From this point on, the -w, --write-out output
will be written to standard error. (Added in
7.63.0)
stdout From this point on, the -w, --write-out output
will be written to standard output. This is the
default, but can be used to switch back after
switching to stderr. (Added in 7.63.0)
time_appconnect
The time, in seconds, it took from the start un‐
til the SSL/SSH/etc connect/handshake to the re‐
mote host was completed. (Added in 7.19.0)
time_connect The time, in seconds, it took from the start un‐
til the TCP connect to the remote host (or proxy)
was completed.
time_namelookup
The time, in seconds, it took from the start un‐
til the name resolving was completed.
time_pretransfer
The time, in seconds, it took from the start un‐
til the file transfer was just about to begin.
This includes all pre-transfer commands and nego‐
tiations that are specific to the particular pro‐
tocol(s) involved.
time_redirect The time, in seconds, it took for all redirection
steps including name lookup, connect, pretransfer
and transfer before the final transaction was
started. time_redirect shows the complete execu‐
tion time for multiple redirections. (Added in
7.12.3)
time_starttransfer
The time, in seconds, it took from the start un‐
til the first byte was just about to be trans‐
ferred. This includes time_pretransfer and also
the time the server needed to calculate the re‐
sult.
time_total The total time, in seconds, that the full opera‐
tion lasted.
url_effective The URL that was fetched last. This is most mean‐
ingful if you've told curl to follow location:
headers.
If this option is used several times, the last one will be used.
--xattr
When saving output to a file, this option tells curl to store
certain file metadata in extended file attributes. Currently,
the URL is stored in the xdg.origin.url attribute and, for HTTP,
the content type is stored in the mime_type attribute. If the
file system does not support extended attributes, a warning is
issued.
EOF
else
cat <<EOF
Usage: curl [options...] <url>
These options are used to modify the local output of the transfer:
--create-dirs Create necessary local directory hierarchy
-i, --include Include protocol response headers in the output
-N, --no-buffer Disable buffering of the output stream
-o, --output <file> Write to file instead of stdout
-J, --remote-header-name Use the header-provided filename
-O, --remote-name Write output to a file named as the remote file
--remote-name-all Use the remote file name for all URLs
-R, --remote-time Set the remote file's time on the local output
--stderr Where to redirect stderr
--styled-output Enable styled output for HTTP headers
--suppress-connect-headers Suppress proxy CONNECT response headers
-B, --use-ascii Use ASCII/text transfer
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out <format> Use output FORMAT after completion
--xattr Store metadata in extended file attributes
EOF
fi
exit 0
;;
*)
cat <<EOF
No help for --help-$HELP_TYPE. See --help for a help list.
THIS IS A DEMONSTRATION PROGRAM. The only help options implemented are:
--help
--help-basic
--help-all
--help-debug
--help-ftps
--help-https
--help-clientauth
--help-output
--help-serverauth
as well as the set intersection ones (use both of these at the same time):
--help-clientauth --help-ftps
--help-ftps --no-help-https # i.e. ftp options that aren't also https options
and this demo search queries:
--help-search epsv
--help-search sni
as well as the verbose versions:
--help -v
--help-all -v
--help-debug -v
--help-output -v
-v --help-search sni
Note that some of the help options might not be entirely accurate; this is
just intended as a quick demo.
This was inspired by the talk "--help me if you can" given at curl://up 2020
https://github.com/curl/curl-up/wiki/2020#recorded-talks
EOF
exit 1
;;
esac
fi
exec curl "$@"