1curl(1) Curl Manual curl(1)
2
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool to transfer data from or to a server, using one of the
13 supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP,
14 IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS,
15 SMTP, SMTPS, TELNET and TFTP). The command is designed to work without
16 user interaction.
17 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume, Metalink, and more. As you will see below, the number of
21 features will make your head spin!
22 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You'll find a detailed descrip‐
28 tion in RFC 3986.
29 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces as in:
32 http://site.{one,two,three}.com
34 or you can get sequences of alphanumeric series by using [] as in:
36 ftp://ftp.example.com/file[1-100].txt
38 ftp://ftp.example.com/file[001-100].txt (with leading zeros)
40 ftp://ftp.example.com/file[a-z].txt
42 Nested sequences are not supported, but you can use several ones next
44 to each other:
45 http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html
47 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55 http://example.com/file[1-100:10].txt
57 http://example.com/file[a-z:2].txt
59 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67 http://[fe80::3%25eth0]/
69 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is instead very liberal with what it accepts.
79 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invokes.
85
87 curl normally displays a progress meter during operations, indicating
88 the amount of transferred data, transfer speeds and estimated time
89 left, etc. The progress meter displays number of bytes and the speeds
90 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
91 For example 1k is 1024 bytes. 1M is 1048576 bytes.
92 curl displays this data to the terminal by default, so if you invoke
94 curl to do an operation and it is about to write data to the terminal,
95 it disables the progress meter as otherwise it would mess up the output
96 mixing progress meter and response data.
97 If you want a progress meter for HTTP POST or PUT requests, you need to
99 redirect the response output to a file, using shell redirect (>), -o,
100 --output or similar.
101 It is not the same case for FTP upload as that operation does not spit
103 out any response data to the terminal.
104 If you prefer a progress "bar" instead of the regular meter, -#,
106 --progress-bar is your friend. You can also disable the progress meter
107 completely with the -s, --silent option.
108
110 Options start with one or two dashes. Many of the options require an
111 additional value next to them.
112 The short "single-dash" form of the options, -d for example, may be
114 used with or without a space between it and its value, although a space
115 is a recommended separator. The long "double-dash" form, -d, --data for
116 example, requires a space between it and its value.
117 Short version options that don't need any additional values can be used
119 immediately next to each other, like for example you can specify all
120 the options -O, -L and -v at once as -OLv.
121 In general, all boolean options are enabled with --option and yet again
123 disabled with --no-option. That is, you use the exact same option name
124 but prefix it with "no-". However, in this list we mostly only list and
125 show the --option version of them. (This concept with --no options was
126 added in 7.19.0. Previously most options were toggled on/off on
127 repeated use of the same command line option.)
128 --abstract-unix-socket <path>
130 (HTTP) Connect through an abstract Unix domain socket, instead
131 of using the network. Note: netstat shows the path of an
132 abstract socket prefixed with '@', however the <path> argument
133 should not have this leading character.
134 Added in 7.53.0.
136 --anyauth
138 (HTTP) Tells curl to figure out authentication method by itself,
139 and use the most secure one the remote site claims to support.
140 This is done by first doing a request and checking the response-
141 headers, thus possibly inducing an extra network round-trip.
142 This is used instead of setting a specific authentication
143 method, which you can do with --basic, --digest, --ntlm, and
144 --negotiate.
145 Using --anyauth is not recommended if you do uploads from stdin,
147 since it may require data to be sent twice and then the client
148 must be able to rewind. If the need should arise when uploading
149 from stdin, the upload operation will fail.
150 Used together with -u, --user.
152 See also --proxy-anyauth and --basic and --digest.
154 -a, --append
156 (FTP SFTP) When used in an upload, this makes curl append to the
157 target file instead of overwriting it. If the remote file
158 doesn't exist, it will be created. Note that this flag is
159 ignored by some SFTP servers (including OpenSSH).
160 --basic
162 (HTTP) Tells curl to use HTTP Basic authentication with the
163 remote host. This is the default and this option is usually
164 pointless, unless you use it to override a previously set option
165 that sets a different authentication method (such as --ntlm,
166 --digest, or --negotiate).
167 Used together with -u, --user.
169 See also --proxy-basic.
171 --cacert <file>
173 (TLS) Tells curl to use the specified certificate file to verify
174 the peer. The file may contain multiple CA certificates. The
175 certificate(s) must be in PEM format. Normally curl is built to
176 use a default file for this, so this option is typically used to
177 alter that default file.
178 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
180 if it is set, and uses the given path as a path to a CA cert
181 bundle. This option overrides that variable.
182 The windows version of curl will automatically look for a CA
184 certs file named ´curl-ca-bundle.crt´, either in the same direc‐
185 tory as curl.exe, or in the Current Working Directory, or in any
186 folder along your PATH.
187 If curl is built against the NSS SSL library, the NSS PEM
189 PKCS#11 module (libnsspem.so) needs to be available for this
190 option to work properly.
191 (iOS and macOS only) If curl is built against Secure Transport,
193 then this option is supported for backward compatibility with
194 other SSL engines, but it should not be set. If the option is
195 not set, then curl will use the certificates in the system and
196 user Keychain to verify the peer, which is the preferred method
197 of verifying the peer's certificate chain.
198 (Schannel only) This option is supported for Schannel in Windows
200 7 or later with libcurl 7.60 or later. This option is supported
201 for backward compatibility with other SSL engines; instead it is
202 recommended to use Windows' store of root certificates (the
203 default for Schannel).
204 If this option is used several times, the last one will be used.
206 --capath <dir>
208 (TLS) Tells curl to use the specified certificate directory to
209 verify the peer. Multiple paths can be provided by separating
210 them with ":" (e.g. "path1:path2:path3"). The certificates must
211 be in PEM format, and if curl is built against OpenSSL, the
212 directory must have been processed using the c_rehash utility
213 supplied with OpenSSL. Using --capath can allow OpenSSL-powered
214 curl to make SSL-connections much more efficiently than using
215 --cacert if the --cacert file contains many CA certificates.
216 If this option is set, the default capath value will be ignored,
218 and if it is used several times, the last one will be used.
219 --cert-status
221 (TLS) Tells curl to verify the status of the server certificate
222 by using the Certificate Status Request (aka. OCSP stapling) TLS
223 extension.
224 If this option is enabled and the server sends an invalid (e.g.
226 expired) response, if the response suggests that the server cer‐
227 tificate has been revoked, or no response at all is received,
228 the verification fails.
229 This is currently only implemented in the OpenSSL, GnuTLS and
231 NSS backends.
232 Added in 7.41.0.
234 --cert-type <type>
236 (TLS) Tells curl what type the provided client certificate is
237 using. PEM, DER, ENG and P12 are recognized types. If not spec‐
238 ified, PEM is assumed.
239 If this option is used several times, the last one will be used.
241 See also -E, --cert and --key and --key-type.
243 -E, --cert <certificate[:password]>
245 (TLS) Tells curl to use the specified client certificate file
246 when getting a file with HTTPS, FTPS or another SSL-based proto‐
247 col. The certificate must be in PKCS#12 format if using Secure
248 Transport, or PEM format if using any other engine. If the
249 optional password isn't specified, it will be queried for on the
250 terminal. Note that this option assumes a "certificate" file
251 that is the private key and the client certificate concatenated!
252 See -E, --cert and --key to specify them independently.
253 If curl is built against the NSS SSL library then this option
255 can tell curl the nickname of the certificate to use within the
256 NSS database defined by the environment variable SSL_DIR (or by
257 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
258 nsspem.so) is available then PEM files may be loaded. If you
259 want to use a file from the current directory, please precede it
260 with "./" prefix, in order to avoid confusion with a nickname.
261 If the nickname contains ":", it needs to be preceded by "\" so
262 that it is not recognized as password delimiter. If the nick‐
263 name contains "\", it needs to be escaped as "\\" so that it is
264 not recognized as an escape character.
265 If curl is built against OpenSSL library, and the engine pkcs11
267 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
268 ify a certificate located in a PKCS#11 device. A string begin‐
269 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
270 PKCS#11 URI is provided, then the --engine option will be set as
271 "pkcs11" if none was provided and the --cert-type option will be
272 set as "ENG" if none was provided.
273 (iOS and macOS only) If curl is built against Secure Transport,
275 then the certificate string can either be the name of a certifi‐
276 cate/private key in the system or user keychain, or the path to
277 a PKCS#12-encoded certificate and private key. If you want to
278 use a file from the current directory, please precede it with
279 "./" prefix, in order to avoid confusion with a nickname.
280 (Schannel only) Client certificates must be specified by a path
282 expression to a certificate store. (Loading PFX is not sup‐
283 ported; you can import it to a store first). You can use "<store
284 location>\<store name>\<thumbprint>" to refer to a certificate
285 in the system certificates store, for example, "Curren‐
286 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
287 is usually a SHA-1 hex string which you can see in certificate
288 details. Following store locations are supported: CurrentUser,
289 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
290 LocalMachineGroupPolicy, LocalMachineEnterprise.
291 If this option is used several times, the last one will be used.
293 See also --cert-type and --key and --key-type.
295 --ciphers <list of ciphers>
297 (TLS) Specifies which ciphers to use in the connection. The list
298 of ciphers must specify valid ciphers. Read up on SSL cipher
299 list details on this URL:
300 https://curl.haxx.se/docs/ssl-ciphers.html
302 If this option is used several times, the last one will be used.
304 --compressed-ssh
306 (SCP SFTP) Enables built-in SSH compression. This is a request,
307 not an order; the server may or may not do it.
308 Added in 7.56.0.
310 --compressed
312 (HTTP) Request a compressed response using one of the algorithms
313 curl supports, and save the uncompressed document. If this
314 option is used and the server sends an unsupported encoding,
315 curl will report an error.
316 -K, --config <file>
318 Specify a text file to read curl arguments from. The command
320 line arguments found in the text file will be used as if they
321 were provided on the command line.
322 Options and their parameters must be specified on the same line
324 in the file, separated by whitespace, colon, or the equals sign.
325 Long option names can optionally be given in the config file
326 without the initial double dashes and if so, the colon or equals
327 characters can be used as separators. If the option is specified
328 with one or two dashes, there can be no colon or equals charac‐
329 ter between the option and its parameter.
330 If the parameter is to contain whitespace, the parameter must be
332 enclosed within quotes. Within double quotes, the following
333 escape sequences are available: \\, \", \t, \n, \r and \v. A
334 backslash preceding any other letter is ignored. If the first
335 column of a config line is a '#' character, the rest of the line
336 will be treated as a comment. Only write one option per physical
337 line in the config file.
338 Specify the filename to -K, --config as '-' to make curl read
340 the file from stdin.
341 Note that to be able to specify a URL in the config file, you
343 need to specify it using the --url option, and not by simply
344 writing the URL on its own line. So, it could look similar to
345 this:
346 url = "https://curl.haxx.se/docs/"
348 When curl is invoked, it (unless -q, --disable is used) checks
350 for a default config file and uses it if found. The default con‐
351 fig file is checked for in the following places in this order:
352 1) curl tries to find the "home dir": It first checks for the
354 CURL_HOME and then the HOME environment variables. Failing that,
355 it uses getpwuid() on Unix-like systems (which returns the home
356 dir given the current user in your system). On Windows, it then
357 checks for the APPDATA variable, or as a last resort the '%USER‐
358 PROFILE%\Application Data'.
359 2) On windows, if there is no _curlrc file in the home dir, it
361 checks for one in the same dir the curl executable is placed. On
362 Unix-like systems, it will simply try to load .curlrc from the
363 determined home dir.
364 # --- Example file ---
366 # this is a comment
367 url = "example.com"
368 output = "curlhere.html"
369 user-agent = "superagent/1.0"
370 # and fetch another URL too
372 url = "example.com/docs/manpage.html"
373 -O
374 referer = "http://nowhereatall.example.com/"
375 # --- End of example file ---
376 This option can be used multiple times to load multiple config
378 files.
379 --connect-timeout <seconds>
381 Maximum time in seconds that you allow curl's connection to
382 take. This only limits the connection phase, so if curl con‐
383 nects within the given period it will continue - if not it will
384 exit. Since version 7.32.0, this option accepts decimal values.
385 If this option is used several times, the last one will be used.
387 See also -m, --max-time.
389 --connect-to <HOST1:PORT1:HOST2:PORT2>
391 For a request to the given HOST1:PORT1 pair, connect to
393 HOST2:PORT2 instead. This option is suitable to direct requests
394 at a specific server, e.g. at a specific cluster node in a clus‐
395 ter of servers. This option is only used to establish the net‐
396 work connection. It does NOT affect the hostname/port that is
397 used for TLS/SSL (e.g. SNI, certificate verification) or for the
398 application protocols. "HOST1" and "PORT1" may be the empty
399 string, meaning "any host/port". "HOST2" and "PORT2" may also be
400 the empty string, meaning "use the request's original
401 host/port".
402 A "host" specified to this option is compared as a string, so it
404 needs to match the name used in request URL. It can be either
405 numerical such as "127.0.0.1" or the full host name such as
406 "example.org".
407 This option can be used many times to add many connect rules.
409 See also --resolve and -H, --header. Added in 7.49.0.
411 -C, --continue-at <offset>
413 Continue/Resume a previous file transfer at the given offset.
414 The given offset is the exact number of bytes that will be
415 skipped, counting from the beginning of the source file before
416 it is transferred to the destination. If used with uploads, the
417 FTP server command SIZE will not be used by curl.
418 Use "-C -" to tell curl to automatically find out where/how to
420 resume the transfer. It then uses the given output/input files
421 to figure that out.
422 If this option is used several times, the last one will be used.
424 See also -r, --range.
426 -c, --cookie-jar <filename>
428 (HTTP) Specify to which file you want curl to write all cookies
429 after a completed operation. Curl writes all cookies from its
430 in-memory cookie storage to the given file at the end of opera‐
431 tions. If no cookies are known, no data will be written. The
432 file will be written using the Netscape cookie file format. If
433 you set the file name to a single dash, "-", the cookies will be
434 written to stdout.
435 This command line option will activate the cookie engine that
437 makes curl record and use cookies. Another way to activate it is
438 to use the -b, --cookie option.
439 If the cookie jar can't be created or written to, the whole curl
441 operation won't fail or even report an error clearly. Using -v,
442 --verbose will get a warning displayed, but that is the only
443 visible feedback you get about this possibly lethal situation.
444 If this option is used several times, the last specified file
446 name will be used.
447 -b, --cookie <data>
449 (HTTP) Pass the data to the HTTP server in the Cookie header. It
450 is supposedly the data previously received from the server in a
451 "Set-Cookie:" line. The data should be in the format
452 "NAME1=VALUE1; NAME2=VALUE2".
453 If no '=' symbol is used in the argument, it is instead treated
455 as a filename to read previously stored cookie from. This option
456 also activates the cookie engine which will make curl record
457 incoming cookies, which may be handy if you're using this in
458 combination with the -L, --location option or do multiple URL
459 transfers on the same invoke. If the file name is exactly a
460 minus ("-"), curl will instead the contents from stdin.
461 The file format of the file to read cookies from should be plain
463 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
464 file format.
465 The file specified with -b, --cookie is only used as input. No
467 cookies will be written to the file. To store cookies, use the
468 -c, --cookie-jar option.
469 Exercise caution if you are using this option and multiple
471 transfers may occur. If you use the NAME1=VALUE1; format, or in
472 a file use the Set-Cookie format and don't specify a domain,
473 then the cookie is sent for any domain (even after redirects are
474 followed) and cannot be modified by a server-set cookie. If the
475 cookie engine is enabled and a server sets a cookie of the same
476 name then both will be sent on a future transfer to that server,
477 likely not what you intended. To address these issues set a
478 domain in Set-Cookie (doing that will include sub domains) or
479 use the Netscape format.
480 If this option is used several times, the last one will be used.
482 Users very often want to both read cookies from a file and write
484 updated cookies back to a file, so using both -b, --cookie and
485 -c, --cookie-jar in the same command line is common.
486 --create-dirs
488 When used in conjunction with the -o, --output option, curl will
489 create the necessary local directory hierarchy as needed. This
490 option creates the dirs mentioned with the -o, --output option,
491 nothing else. If the --output file name uses no dir or if the
492 dirs it mentions already exist, no dir will be created.
493 To create remote directories when using FTP or SFTP, try --ftp-
495 create-dirs.
496 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
498 (OS/390).
499 (SMTP added in 7.40.0)
501 --crlfile <file>
503 (TLS) Provide a file using PEM format with a Certificate Revoca‐
504 tion List that may specify peer certificates that are to be con‐
505 sidered revoked.
506 If this option is used several times, the last one will be used.
508 Added in 7.19.7.
510 --data-ascii <data>
512 (HTTP) This is just an alias for -d, --data.
513 --data-binary <data>
515 (HTTP) This posts data exactly as specified with no extra pro‐
516 cessing whatsoever.
517 If you start the data with the letter @, the rest should be a
519 filename. Data is posted in a similar manner as -d, --data
520 does, except that newlines and carriage returns are preserved
521 and conversions are never done.
522 Like -d, --data the default content-type sent to the server is
524 application/x-www-form-urlencoded. If you want the data to be
525 treated as arbitrary binary data by the server then set the con‐
526 tent-type to octet-stream: -H "Content-Type: application/octet-
527 stream".
528 If this option is used several times, the ones following the
530 first will append data as described in -d, --data.
531 --data-raw <data>
533 (HTTP) This posts data similarly to -d, --data but without the
534 special interpretation of the @ character.
535 See also -d, --data. Added in 7.43.0.
537 --data-urlencode <data>
539 (HTTP) This posts data, similar to the other -d, --data options
540 with the exception that this performs URL-encoding.
541 To be CGI-compliant, the <data> part should begin with a name
543 followed by a separator and a content specification. The <data>
544 part can be passed to curl using one of the following syntaxes:
545 content
547 This will make curl URL-encode the content and pass that
548 on. Just be careful so that the content doesn't contain
549 any = or @ symbols, as that will then make the syntax
550 match one of the other cases below!
551 =content
553 This will make curl URL-encode the content and pass that
554 on. The preceding = symbol is not included in the data.
555 name=content
557 This will make curl URL-encode the content part and pass
558 that on. Note that the name part is expected to be URL-
559 encoded already.
560 @filename
562 This will make curl load data from the given file
563 (including any newlines), URL-encode that data and pass
564 it on in the POST.
565 name@filename
567 This will make curl load data from the given file
568 (including any newlines), URL-encode that data and pass
569 it on in the POST. The name part gets an equal sign
570 appended, resulting in name=urlencoded-file-content. Note
571 that the name is expected to be URL-encoded already.
572 See also -d, --data and --data-raw. Added in 7.18.0.
574 -d, --data <data>
576 (HTTP) Sends the specified data in a POST request to the HTTP
577 server, in the same way that a browser does when a user has
578 filled in an HTML form and presses the submit button. This will
579 cause curl to pass the data to the server using the content-type
580 application/x-www-form-urlencoded. Compare to -F, --form.
581 --data-raw is almost the same but does not have a special inter‐
583 pretation of the @ character. To post data purely binary, you
584 should instead use the --data-binary option. To URL-encode the
585 value of a form field you may use --data-urlencode.
586 If any of these options is used more than once on the same com‐
588 mand line, the data pieces specified will be merged together
589 with a separating &-symbol. Thus, using '-d name=daniel -d
590 skill=lousy' would generate a post chunk that looks like
591 'name=daniel&skill=lousy'.
592 If you start the data with the letter @, the rest should be a
594 file name to read the data from, or - if you want curl to read
595 the data from stdin. Multiple files can also be specified. Post‐
596 ing data from a file named from a file like that, carriage
597 returns and newlines will be stripped out. If you don't want the
598 @ character to have a special interpretation use --data-raw
599 instead.
600 See also --data-binary and --data-urlencode and --data-raw. This
602 option overrides -F, --form and -I, --head and -T, --upload-
603 file.
604 --delegation <LEVEL>
606 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
607 to delegate when it comes to user credentials.
608 none Don't allow any delegation.
610 policy Delegates if and only if the OK-AS-DELEGATE flag is set
612 in the Kerberos service ticket, which is a matter of
613 realm policy.
614 always Unconditionally allow the server to delegate.
616 --digest
618 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
619 cation scheme that prevents the password from being sent over
620 the wire in clear text. Use this in combination with the normal
621 -u, --user option to set user name and password.
622 If this option is used several times, only the first one is
624 used.
625 See also -u, --user and --proxy-digest and --anyauth. This
627 option overrides --basic and --ntlm and --negotiate.
628 --disable-eprt
630 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
631 when doing active FTP transfers. Curl will normally always first
632 attempt to use EPRT, then LPRT before using PORT, but with this
633 option, it will use PORT right away. EPRT and LPRT are exten‐
634 sions to the original FTP protocol, and may not work on all
635 servers, but they enable more functionality in a better way than
636 the traditional PORT command.
637 --eprt can be used to explicitly enable EPRT again and --no-eprt
639 is an alias for --disable-eprt.
640 If the server is accessed using IPv6, this option will have no
642 effect as EPRT is necessary then.
643 Disabling EPRT only changes the active behavior. If you want to
645 switch to passive mode you need to not use -P, --ftp-port or
646 force it with --ftp-pasv.
647 --disable-epsv
649 (FTP) (FTP) Tell curl to disable the use of the EPSV command
650 when doing passive FTP transfers. Curl will normally always
651 first attempt to use EPSV before PASV, but with this option, it
652 will not try using EPSV.
653 --epsv can be used to explicitly enable EPSV again and --no-epsv
655 is an alias for --disable-epsv.
656 If the server is an IPv6 host, this option will have no effect
658 as EPSV is necessary then.
659 Disabling EPSV only changes the passive behavior. If you want to
661 switch to active mode you need to use -P, --ftp-port.
662 -q, --disable
664 If used as the first parameter on the command line, the curlrc
665 config file will not be read and used. See the -K, --config for
666 details on the default config file search path.
667 --disallow-username-in-url
669 (HTTP) This tells curl to exit if passed a url containing a
670 username.
671 See also --proto. Added in 7.61.0.
673 --dns-interface <interface>
675 (DNS) Tell curl to send outgoing DNS requests through <inter‐
676 face>. This option is a counterpart to --interface (which does
677 not affect DNS). The supplied string must be an interface name
678 (not an address).
679 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
681 requires that the underlying libcurl was built to support c-
682 ares. Added in 7.33.0.
683 --dns-ipv4-addr <address>
685 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS
686 requests, so that the DNS requests originate from this address.
687 The argument should be a single IPv4 address.
688 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
690 requires that the underlying libcurl was built to support c-
691 ares. Added in 7.33.0.
692 --dns-ipv6-addr <address>
694 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS
695 requests, so that the DNS requests originate from this address.
696 The argument should be a single IPv6 address.
697 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
699 requires that the underlying libcurl was built to support c-
700 ares. Added in 7.33.0.
701 --dns-servers <addresses>
703 Set the list of DNS servers to be used instead of the system
704 default. The list of IP addresses should be separated with com‐
705 mas. Port numbers may also optionally be given as :<port-number>
706 after each IP address.
707 --dns-servers requires that the underlying libcurl was built to
709 support c-ares. Added in 7.33.0.
710 --doh-url <URL>
712 (all) Specifies which DNS-over-HTTPS (DOH) server to use to
713 resolve hostnames, instead of using the default name resolver
714 mechanism. The URL must be HTTPS.
715 If this option is used several times, the last one will be used.
717 -D, --dump-header <filename>
719 (HTTP FTP) Write the received protocol headers to the specified
720 file.
721 This option is handy to use when you want to store the headers
723 that an HTTP site sends to you. Cookies from the headers could
724 then be read in a second curl invocation by using the -b,
725 --cookie option! The -c, --cookie-jar option is a better way to
726 store cookies.
727 When used in FTP, the FTP server response lines are considered
729 being "headers" and thus are saved there.
730 If this option is used several times, the last one will be used.
732 See also -o, --output.
734 --egd-file <file>
736 (TLS) Specify the path name to the Entropy Gathering Daemon
737 socket. The socket is used to seed the random engine for SSL
738 connections.
739 See also --random-file.
741 --engine <name>
743 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
744 tions. Use --engine list to print a list of build-time supported
745 engines. Note that not all (or none) of the engines may be
746 available at run-time.
747 --expect100-timeout <seconds>
749 (HTTP) Maximum time in seconds that you allow curl to wait for a
750 100-continue response when curl emits an Expects: 100-continue
751 header in its request. By default curl will wait one second.
752 This option accepts decimal values! When curl stops waiting, it
753 will continue as if the response has been received.
754 See also --connect-timeout. Added in 7.47.0.
756 --fail-early
758 Fail and exit on the first detected transfer error.
759 When curl is used to do multiple transfers on the command line,
761 it will attempt to operate on each given URL, one by one. By
762 default, it will ignore errors if there are more URLs given and
763 the last URL's success will determine the error code curl
764 returns. So early failures will be "hidden" by subsequent suc‐
765 cessful transfers.
766 Using this option, curl will instead return an error on the
768 first transfer that fails, independent of the amount of URLs
769 that are given on the command line. This way, no transfer fail‐
770 ures go undetected by scripts and similar.
771 This option is global and does not need to be specified for each
773 use of -:, --next.
774 This option does not imply -f, --fail, which causes transfers to
776 fail due to the server's HTTP status code. You can combine the
777 two options, however note -f, --fail is not global and is there‐
778 fore contained by -:, --next.
779 Added in 7.52.0.
781 -f, --fail
783 (HTTP) Fail silently (no output at all) on server errors. This
784 is mostly done to better enable scripts etc to better deal with
785 failed attempts. In normal cases when an HTTP server fails to
786 deliver a document, it returns an HTML document stating so
787 (which often also describes why and more). This flag will pre‐
788 vent curl from outputting that and return error 22.
789 This method is not fail-safe and there are occasions where non-
791 successful response codes will slip through, especially when
792 authentication is involved (response codes 401 and 407).
793 --false-start
795 (TLS) Tells curl to use false start during the TLS handshake.
796 False start is a mode where a TLS client will start sending
797 application data before verifying the server's Finished message,
798 thus saving a round trip when performing a full handshake.
799 This is currently only implemented in the NSS and Secure Trans‐
801 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
802 Added in 7.42.0.
804 --form-string <name=string>
806 (HTTP SMTP IMAP) Similar to -F, --form except that the value
807 string for the named parameter is used literally. Leading '@'
808 and '<' characters, and the ';type=' string in the value have no
809 special meaning. Use this in preference to -F, --form if there's
810 any possibility that the string value may accidentally trigger
811 the '@' or '<' features of -F, --form.
812 See also -F, --form.
814 -F, --form <name=content>
816 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
817 late a filled-in form in which a user has pressed the submit
818 button. This causes curl to POST data using the Content-Type
819 multipart/form-data according to RFC 2388.
820 For SMTP and IMAP protocols, this is the mean to compose a mul‐
822 tipart mail message to transmit.
823 This enables uploading of binary files etc. To force the 'con‐
825 tent' part to be a file, prefix the file name with an @ sign. To
826 just get the content part from a file, prefix the file name with
827 the symbol <. The difference between @ and < is then that @
828 makes a file get attached in the post as a file upload, while
829 the < makes a text field and just get the contents for that text
830 field from a file.
831 Tell curl to read content from stdin instead of a file by using
833 - as filename. This goes for both @ and < constructs. When stdin
834 is used, the contents is buffered in memory first by curl to
835 determine its size and allow a possible resend. Defining a
836 part's data from a named non-regular file (such as a named pipe
837 or similar) is unfortunately not subject to buffering and will
838 be effectively read at transmission time; since the full size is
839 unknown before the transfer starts, such data is sent as chunks
840 by HTTP and rejected by IMAP.
841 Example: send an image to an HTTP server, where 'profile' is the
843 name of the form-field to which the file portrait.jpg will be
844 the input:
845 curl -F profile=@portrait.jpg https://example.com/upload.cgi
847 Example: send a your name and shoe size in two text fields to
849 the server:
850 curl -F name=John -F shoesize=11 https://example.com/
852 Example: send a your essay in a text field to the server. Send
854 it as a plain text field, but get the contents for it from a
855 local file:
856 curl -F "story=<hugefile.txt" https://example.com/
858 You can also tell curl what Content-Type to use by using
860 'type=', in a manner similar to:
861 curl -F "web=@index.html;type=text/html" example.com
863 or
865 curl -F "name=daniel;type=text/foo" example.com
867 You can also explicitly change the name field of a file upload
869 part by setting filename=, like this:
870 curl -F "file=@localfile;filename=nameinpost" example.com
872 If filename/path contains ',' or ';', it must be quoted by dou‐
874 ble-quotes like:
875 curl -F "file=@\"localfile\";filename=\"nameinpost\"" exam‐
877 ple.com
878 or
880 curl -F 'file=@"localfile";filename="nameinpost"' example.com
882 Note that if a filename/path is quoted by double-quotes, any
884 double-quote or backslash within the filename must be escaped by
885 backslash.
886 Quoting must also be applied to non-file data if it contains
888 semicolons, leading/trailing spaces or leading double quotes:
889 curl -F 'colors="red; green; blue";type=text/x-myapp' exam‐
891 ple.com
892 You can add custom headers to the field by setting headers=,
894 like
895 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
897 or
899 curl -F "submit=OK;headers=@headerfile" example.com
901 The headers= keyword may appear more that once and above notes
903 about quoting apply. When headers are read from a file, Empty
904 lines and lines starting with '#' are comments and ignored; each
905 header can be folded by splitting between two words and starting
906 the continuation line with a space; embedded carriage-returns
907 and trailing spaces are stripped. Here is an example of a
908 header file contents:
909 # This file contain two headers.
911 X-header-1: this is a header
912 # The following header is folded.
914 X-header-2: this is
915 another header
916 To support sending multipart mail messages, the syntax is
919 extended as follows:
920 - name can be omitted: the equal sign is the first character of
921 the argument,
922 - if data starts with '(', this signals to start a new multi‐
923 part: it can be followed by a content type specification.
924 - a multipart can be terminated with a '=)' argument.
925 Example: the following command sends an SMTP mime e-mail con‐
927 sisting in an inline part in two alternative formats: plain text
928 and HTML. It attaches a text file:
929 curl -F '=(;type=multipart/alternative' \
931 -F '=plain text message' \
932 -F '= <body>HTML message</body>;type=text/html' \
933 -F '=)' -F '=@textfile.txt' ... smtp://example.com
934 Data can be encoded for transfer using encoder=. Available
936 encodings are binary and 8bit that do nothing else than adding
937 the corresponding Content-Transfer-Encoding header, 7bit that
938 only rejects 8-bit characters with a transfer error, quoted-
939 printable and base64 that encodes data according to the corre‐
940 sponding schemes, limiting lines length to 76 characters.
941 Example: send multipart mail with a quoted-printable text mes‐
943 sage and a base64 attached file:
944 curl -F '=text message;encoder=quoted-printable' \
946 -F '=@localfile;encoder=base64' ... smtp://example.com
947 See further examples and details in the MANUAL.
949 This option can be used multiple times.
951 This option overrides -d, --data and -I, --head and -T,
953 --upload-file.
954 --ftp-account <data>
956 (FTP) When an FTP server asks for "account data" after user name
957 and password has been provided, this data is sent off using the
958 ACCT command.
959 If this option is used several times, the last one will be used.
961 Added in 7.13.0.
963 --ftp-alternative-to-user <command>
965 (FTP) If authenticating with the USER and PASS commands fails,
966 send this command. When connecting to Tumbleweed's Secure
967 Transport server over FTPS using a client certificate, using
968 "SITE AUTH" will tell the server to retrieve the username from
969 the certificate.
970 Added in 7.15.5.
972 --ftp-create-dirs
974 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
975 doesn't currently exist on the server, the standard behavior of
976 curl is to fail. Using this option, curl will instead attempt to
977 create missing directories.
978 See also --create-dirs.
980 --ftp-method <method>
982 (FTP) Control what method curl should use to reach a file on an
983 FTP(S) server. The method argument should be one of the follow‐
984 ing alternatives:
985 multicwd
987 curl does a single CWD operation for each path part in
988 the given URL. For deep hierarchies this means very many
989 commands. This is how RFC 1738 says it should be done.
990 This is the default but the slowest behavior.
991 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
993 etc and give a full path to the server for all these com‐
994 mands. This is the fastest behavior.
995 singlecwd
997 curl does one CWD with the full target directory and then
998 operates on the file "normally" (like in the multicwd
999 case). This is somewhat more standards compliant than
1000 'nocwd' but without the full penalty of 'multicwd'.
1001 Added in 7.15.1.
1003 --ftp-pasv
1005 (FTP) Use passive mode for the data connection. Passive is the
1006 internal default behavior, but using this option can be used to
1007 override a previous -P, --ftp-port option.
1008 If this option is used several times, only the first one is
1010 used. Undoing an enforced passive really isn't doable but you
1011 must then instead enforce the correct -P, --ftp-port again.
1012 Passive mode means that curl will try the EPSV command first and
1014 then PASV, unless --disable-epsv is used.
1015 See also --disable-epsv. Added in 7.11.0.
1017 -P, --ftp-port <address>
1019 (FTP) Reverses the default initiator/listener roles when con‐
1020 necting with FTP. This option makes curl use active mode. curl
1021 then tells the server to connect back to the client's specified
1022 address and port, while passive mode asks the server to setup an
1023 IP address and port for it to connect to. <address> should be
1024 one of:
1025 interface
1027 e.g. "eth0" to specify which interface's IP address you
1028 want to use (Unix only)
1029 IP address
1031 e.g. "192.168.10.1" to specify the exact IP address
1032 host name
1034 e.g. "my.host.domain" to specify the machine
1035 - make curl pick the same IP address that is already used
1037 for the control connection
1038 If this option is used several times, the last one will be used. Dis‐
1040 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1041 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1042 PORT++.
1043 Since 7.19.5, you can append ":[start]-[end]" to the right of the
1045 address, to tell curl what TCP port range to use. That means you spec‐
1046 ify a port range, from a lower to a higher number. A single number
1047 works as well, but do note that it increases the risk of failure since
1048 the port may not be available.
1049 See also --ftp-pasv and --disable-eprt.
1051 --ftp-pret
1053 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1054 Certain FTP servers, mainly drftpd, require this non-standard
1055 command for directory listings as well as up and downloads in
1056 PASV mode.
1057 Added in 7.20.0.
1059 --ftp-skip-pasv-ip
1061 (FTP) Tell curl to not use the IP address the server suggests in
1062 its response to curl's PASV command when curl connects the data
1063 connection. Instead curl will re-use the same IP address it
1064 already uses for the control connection.
1065 This option has no effect if PORT, EPRT or EPSV is used instead
1067 of PASV.
1068 See also --ftp-pasv. Added in 7.14.2.
1070 --ftp-ssl-ccc-mode <active/passive>
1072 (FTP) Sets the CCC mode. The passive mode will not initiate the
1073 shutdown, but instead wait for the server to do it, and will not
1074 reply to the shutdown from the server. The active mode initiates
1075 the shutdown and waits for a reply from the server.
1076 See also --ftp-ssl-ccc. Added in 7.16.2.
1078 --ftp-ssl-ccc
1080 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1081 layer after authenticating. The rest of the control channel com‐
1082 munication will be unencrypted. This allows NAT routers to fol‐
1083 low the FTP transaction. The default mode is passive.
1084 See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
1086 --ftp-ssl-control
1088 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1089 Allows secure authentication, but non-encrypted data transfers
1090 for efficiency. Fails the transfer if the server doesn't sup‐
1091 port SSL/TLS.
1092 Added in 7.16.0.
1094 -G, --get
1096 When used, this option will make all data specified with -d,
1097 --data, --data-binary or --data-urlencode to be used in an HTTP
1098 GET request instead of the POST request that otherwise would be
1099 used. The data will be appended to the URL with a '?' separator.
1100 If used in combination with -I, --head, the POST data will
1102 instead be appended to the URL with a HEAD request.
1103 If this option is used several times, only the first one is
1105 used. This is because undoing a GET doesn't make sense, but you
1106 should then instead enforce the alternative method you prefer.
1107 -g, --globoff
1109 This option switches off the "URL globbing parser". When you set
1110 this option, you can specify URLs that contain the letters {}[]
1111 without having them being interpreted by curl itself. Note that
1112 these letters are not normal legal URL contents but they should
1113 be encoded according to the URI standard.
1114 --happy-eyeballs-timeout-ms <milliseconds>
1116 Happy eyeballs is an algorithm that attempts to connect to both
1117 IPv4 and IPv6 addresses for dual-stack hosts, preferring IPv6
1118 first for the number of milliseconds. If the IPv6 address cannot
1119 be connected to within that time then a connection attempt is
1120 made to the IPv4 address in parallel. The first connection to be
1121 established is the one that is used.
1122 The range of suggested useful values is limited. Happy Eyeballs
1124 RFC 6555 says "It is RECOMMENDED that connection attempts be
1125 paced 150-250 ms apart to balance human factors against network
1126 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1127 currently default to 300 ms.
1128 If this option is used several times, the last one will be used.
1130 Added in 7.59.0.
1132 --haproxy-protocol
1134 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1135 of the connection. This is used by some load balancers and
1136 reverse proxies to indicate the client's true IP address and
1137 port.
1138 This option is primarily useful when sending test requests to a
1140 service that expects this header.
1141 Added in 7.60.0.
1143 -I, --head
1145 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1146 command HEAD which this uses to get nothing but the header of a
1147 document. When used on an FTP or FILE file, curl displays the
1148 file size and last modification time only.
1149 -H, --header <header/@file>
1151 (HTTP) Extra header to include in the request when sending HTTP
1152 to a server. You may specify any number of extra headers. Note
1153 that if you should add a custom header that has the same name as
1154 one of the internal ones curl would use, your externally set
1155 header will be used instead of the internal one. This allows you
1156 to make even trickier stuff than curl would normally do. You
1157 should not replace internally set headers without knowing per‐
1158 fectly well what you're doing. Remove an internal header by giv‐
1159 ing a replacement without content on the right side of the
1160 colon, as in: -H "Host:". If you send the custom header with no-
1161 value then its header must be terminated with a semicolon, such
1162 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1163 curl will make sure that each header you add/replace is sent
1165 with the proper end-of-line marker, you should thus not add that
1166 as a part of the header content: do not add newlines or carriage
1167 returns, they will only mess things up for you.
1168 Starting in 7.55.0, this option can take an argument in @file‐
1170 name style, which then adds a header for each line in the input
1171 file. Using @- will make curl read the header file from stdin.
1172 See also the -A, --user-agent and -e, --referer options.
1174 Starting in 7.37.0, you need --proxy-header to send custom head‐
1176 ers intended for a proxy.
1177 Example:
1179 curl -H "X-First-Name: Joe" http://example.com/
1181 WARNING: headers set with this option will be set in all
1183 requests - even after redirects are followed, like when told
1184 with -L, --location. This can lead to the header being sent to
1185 other hosts than the original host, so sensitive headers should
1186 be used with caution combined with following redirects.
1187 This option can be used multiple times to add/replace/remove
1189 multiple headers.
1190 -h, --help
1192 Usage help. This lists all current command line options with a
1193 short description.
1194 --hostpubmd5 <md5>
1196 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1197 string should be the 128 bit MD5 checksum of the remote host's
1198 public key, curl will refuse the connection with the host unless
1199 the md5sums match.
1200 Added in 7.17.1.
1202 --http0.9
1204 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1205 HTTP/0.9 is a completely headerless response and therefore you
1207 can also connect with this to non-HTTP servers and still get a
1208 response since curl will simply transparently downgrade - if
1209 allowed.
1210 A future curl version will deny continuing if the response isn't
1212 at least HTTP/1.0 unless this option is used.
1213 -0, --http1.0
1215 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1216 internally preferred HTTP version.
1217 This option overrides --http1.1 and --http2.
1219 --http1.1
1221 (HTTP) Tells curl to use HTTP version 1.1.
1222 This option overrides -0, --http1.0 and --http2. Added in
1224 7.33.0.
1225 --http2-prior-knowledge
1227 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1228 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1229 that the server supports HTTP/2 straight away. HTTPS requests
1230 will still do HTTP/2 the standard way with negotiated protocol
1231 version in the TLS handshake.
1232 --http2-prior-knowledge requires that the underlying libcurl was
1234 built to support HTTP/2. This option overrides --http1.1 and -0,
1235 --http1.0 and --http2. Added in 7.49.0.
1236 --http2
1238 (HTTP) Tells curl to use HTTP version 2.
1239 See also --no-alpn. --http2 requires that the underlying libcurl
1241 was built to support HTTP/2. This option overrides --http1.1 and
1242 -0, --http1.0 and --http2-prior-knowledge. Added in 7.33.0.
1243 --ignore-content-length
1245 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1246 particularly useful for servers running Apache 1.x, which will
1247 report incorrect Content-Length for files larger than 2 giga‐
1248 bytes.
1249 For FTP (since 7.46.0), skip the RETR command to figure out the
1251 size before downloading a file.
1252 -i, --include
1254 Include the HTTP response headers in the output. The HTTP
1255 response headers can include things like server name, cookies,
1256 date of the document, HTTP version and more...
1257 To view the request headers, consider the -v, --verbose option.
1259 See also -v, --verbose.
1261 -k, --insecure
1263 (TLS) By default, every SSL connection curl makes is verified to
1264 be secure. This option allows curl to proceed and operate even
1265 for server connections otherwise considered insecure.
1266 The server connection is verified by making sure the server's
1268 certificate contains the right name and verifies successfully
1269 using the cert store.
1270 See this online resource for further details:
1272 https://curl.haxx.se/docs/sslcerts.html
1273 See also --proxy-insecure and --cacert.
1275 --interface <name>
1277 Perform an operation using a specified interface. You can enter
1279 interface name, IP address or host name. An example could look
1280 like:
1281 curl --interface eth0:1 https://www.example.com/
1283 If this option is used several times, the last one will be used.
1285 On Linux it can be used to specify a VRF, but the binary needs
1287 to either have CAP_NET_RAW or to be run as root. More informa‐
1288 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1289 tion/networking/vrf.txt
1290 See also --dns-interface.
1292 -4, --ipv4
1294 This option tells curl to resolve names to IPv4 addresses only,
1295 and not for example try IPv6.
1296 See also --http1.1 and --http2. This option overrides -6,
1298 --ipv6.
1299 -6, --ipv6
1301 This option tells curl to resolve names to IPv6 addresses only,
1302 and not for example try IPv4.
1303 See also --http1.1 and --http2. This option overrides -4,
1305 --ipv4.
1306 -j, --junk-session-cookies
1308 (HTTP) When curl is told to read cookies from a given file, this
1309 option will make it discard all "session cookies". This will
1310 basically have the same effect as if a new session is started.
1311 Typical browsers always discard session cookies when they're
1312 closed down.
1313 See also -b, --cookie and -c, --cookie-jar.
1315 --keepalive-time <seconds>
1317 This option sets the time a connection needs to remain idle
1318 before sending keepalive probes and the time between individual
1319 keepalive probes. It is currently effective on operating systems
1320 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1321 (meaning Linux, recent AIX, HP-UX and more). This option has no
1322 effect if --no-keepalive is used.
1323 If this option is used several times, the last one will be used.
1325 If unspecified, the option defaults to 60 seconds.
1326 Added in 7.18.0.
1328 --key-type <type>
1330 (TLS) Private key file type. Specify which type your --key pro‐
1331 vided private key is. DER, PEM, and ENG are supported. If not
1332 specified, PEM is assumed.
1333 If this option is used several times, the last one will be used.
1335 --key <key>
1337 (TLS SSH) Private key file name. Allows you to provide your pri‐
1338 vate key in this separate file. For SSH, if not specified, curl
1339 tries the following candidates in order:
1340 If curl is built against OpenSSL library, and the engine pkcs11
1342 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1343 ify a private key located in a PKCS#11 device. A string begin‐
1344 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1345 PKCS#11 URI is provided, then the --engine option will be set as
1346 "pkcs11" if none was provided and the --key-type option will be
1347 set as "ENG" if none was provided.
1348 If this option is used several times, the last one will be used.
1350 --krb <level>
1352 (FTP) Enable Kerberos authentication and use. The level must be
1353 entered and should be one of 'clear', 'safe', 'confidential', or
1354 'private'. Should you use a level that is not one of these,
1355 'private' will instead be used.
1356 If this option is used several times, the last one will be used.
1358 --krb requires that the underlying libcurl was built to support
1360 Kerberos.
1361 --libcurl <file>
1363 Append this option to any ordinary curl command line, and you
1364 will get a libcurl-using C source code written to the file that
1365 does the equivalent of what your command-line operation does!
1366 If this option is used several times, the last given file name
1368 will be used.
1369 Added in 7.16.1.
1371 --limit-rate <speed>
1373 Specify the maximum transfer rate you want curl to use - for
1374 both downloads and uploads. This feature is useful if you have a
1375 limited pipe and you'd like your transfer not to use your entire
1376 bandwidth. To make it slower than it otherwise would be.
1377 The given speed is measured in bytes/second, unless a suffix is
1379 appended. Appending 'k' or 'K' will count the number as kilo‐
1380 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
1381 gigabytes. Examples: 200K, 3m and 1G.
1382 If you also use the -Y, --speed-limit option, that option will
1384 take precedence and might cripple the rate-limiting slightly, to
1385 help keeping the speed-limit logic working.
1386 If this option is used several times, the last one will be used.
1388 -l, --list-only
1390 (FTP POP3) (FTP) When listing an FTP directory, this switch
1391 forces a name-only view. This is especially useful if the user
1392 wants to machine-parse the contents of an FTP directory since
1393 the normal directory view doesn't use a standard look or format.
1394 When used like this, the option causes a NLST command to be sent
1395 to the server instead of LIST.
1396 Note: Some FTP servers list only files in their response to
1398 NLST; they do not include sub-directories and symbolic links.
1399 (POP3) When retrieving a specific email from POP3, this switch
1401 forces a LIST command to be performed instead of RETR. This is
1402 particularly useful if the user wants to see if a specific mes‐
1403 sage id exists on the server and what size it is.
1404 Note: When combined with -X, --request, this option can be used
1406 to send an UIDL command instead, so the user may use the email's
1407 unique identifier rather than it's message id to make the
1408 request.
1409 Added in 7.21.5.
1411 --local-port <num/range>
1413 Set a preferred single number or range (FROM-TO) of local port
1414 numbers to use for the connection(s). Note that port numbers by
1415 nature are a scarce resource that will be busy at times so set‐
1416 ting this range to something too narrow might cause unnecessary
1417 connection setup failures.
1418 Added in 7.15.2.
1420 --location-trusted
1422 (HTTP) Like -L, --location, but will allow sending the name +
1423 password to all hosts that the site may redirect to. This may or
1424 may not introduce a security breach if the site redirects you to
1425 a site to which you'll send your authentication info (which is
1426 plaintext in the case of HTTP Basic authentication).
1427 See also -u, --user.
1429 -L, --location
1431 (HTTP) If the server reports that the requested page has moved
1432 to a different location (indicated with a Location: header and a
1433 3XX response code), this option will make curl redo the request
1434 on the new place. If used together with -i, --include or -I,
1435 --head, headers from all requested pages will be shown. When
1436 authentication is used, curl only sends its credentials to the
1437 initial host. If a redirect takes curl to a different host, it
1438 won't be able to intercept the user+password. See also --loca‐
1439 tion-trusted on how to change this. You can limit the amount of
1440 redirects to follow by using the --max-redirs option.
1441 When curl follows a redirect and the request is not a plain GET
1443 (for example POST or PUT), it will do the following request with
1444 a GET if the HTTP response was 301, 302, or 303. If the response
1445 code was any other 3xx code, curl will re-send the following
1446 request using the same unmodified method.
1447 You can tell curl to not change the non-GET request method to
1449 GET after a 30x response by using the dedicated options for
1450 that: --post301, --post302 and --post303.
1451 --login-options <options>
1453 (IMAP POP3 SMTP) Specify the login options to use during server
1454 authentication.
1455 You can use the login options to specify protocol specific
1457 options that may be used during authentication. At present only
1458 IMAP, POP3 and SMTP support login options. For more information
1459 about the login options please see RFC 2384, RFC 5092 and IETF
1460 draft draft-earhart-url-smtp-00.txt
1461 If this option is used several times, the last one will be used.
1463 Added in 7.34.0.
1465 --mail-auth <address>
1467 (SMTP) Specify a single address. This will be used to specify
1468 the authentication address (identity) of a submitted message
1469 that is being relayed to another server.
1470 See also --mail-rcpt and --mail-from. Added in 7.25.0.
1472 --mail-from <address>
1474 (SMTP) Specify a single address that the given mail should get
1475 sent from.
1476 See also --mail-rcpt and --mail-auth. Added in 7.20.0.
1478 --mail-rcpt <address>
1480 (SMTP) Specify a single address, user name or mailing list name.
1481 Repeat this option several times to send to multiple recipients.
1482 When performing a mail transfer, the recipient should specify a
1484 valid email address to send the mail to.
1485 When performing an address verification (VRFY command), the
1487 recipient should be specified as the user name or user name and
1488 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
1489 When performing a mailing list expand (EXPN command), the recip‐
1491 ient should be specified using the mailing list name, such as
1492 "Friends" or "London-Office". (Added in 7.34.0)
1493 Added in 7.20.0.
1495 -M, --manual
1497 Manual. Display the huge help text.
1498 --max-filesize <bytes>
1500 Specify the maximum size (in bytes) of a file to download. If
1501 the file requested is larger than this value, the transfer will
1502 not start and curl will return with exit code 63.
1503 A size modifier may be used. For example, Appending 'k' or 'K'
1505 will count the number as kilobytes, 'm' or 'M' makes it
1506 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
1507 3m and 1G. (Added in 7.58.0)
1508 NOTE: The file size is not always known prior to download, and
1510 for such files this option has no effect even if the file trans‐
1511 fer ends up being larger than this given limit. This concerns
1512 both FTP and HTTP transfers.
1513 See also --limit-rate.
1515 --max-redirs <num>
1517 (HTTP) Set maximum number of redirection-followings allowed.
1518 When -L, --location is used, is used to prevent curl from fol‐
1519 lowing redirections "in absurdum". By default, the limit is set
1520 to 50 redirections. Set this option to -1 to make it unlimited.
1521 If this option is used several times, the last one will be used.
1523 -m, --max-time <seconds>
1525 Maximum time in seconds that you allow the whole operation to
1526 take. This is useful for preventing your batch jobs from hang‐
1527 ing for hours due to slow networks or links going down. Since
1528 7.32.0, this option accepts decimal values, but the actual time‐
1529 out will decrease in accuracy as the specified timeout increases
1530 in decimal precision.
1531 If this option is used several times, the last one will be used.
1533 See also --connect-timeout.
1535 --metalink
1537 This option can tell curl to parse and process a given URI as
1538 Metalink file (both version 3 and 4 (RFC 5854) are supported)
1539 and make use of the mirrors listed within for failover if there
1540 are errors (such as the file or server not being available). It
1541 will also verify the hash of the file after the download com‐
1542 pletes. The Metalink file itself is downloaded and processed in
1543 memory and not stored in the local file system.
1544 Example to use a remote Metalink file:
1546 curl --metalink http://www.example.com/example.metalink
1548 To use a Metalink file in the local file system, use FILE proto‐
1550 col (file://):
1551 curl --metalink file://example.metalink
1553 Please note that if FILE protocol is disabled, there is no way
1555 to use a local Metalink file at the time of this writing. Also
1556 note that if --metalink and -i, --include are used together,
1557 --include will be ignored. This is because including headers in
1558 the response will break Metalink parser and if the headers are
1559 included in the file described in Metalink file, hash check will
1560 fail.
1561 --metalink requires that the underlying libcurl was built to
1563 support metalink. Added in 7.27.0.
1564 --negotiate
1566 (HTTP) Enables Negotiate (SPNEGO) authentication.
1567 This option requires a library built with GSS-API or SSPI sup‐
1569 port. Use -V, --version to see if your curl supports GSS-
1570 API/SSPI or SPNEGO.
1571 When using this option, you must also provide a fake -u, --user
1573 option to activate the authentication code properly. Sending a
1574 '-u :' is enough as the user name and password from the -u,
1575 --user option aren't actually used.
1576 If this option is used several times, only the first one is
1578 used.
1579 See also --basic and --ntlm and --anyauth and --proxy-negotiate.
1581 --netrc-file <filename>
1583 This option is similar to -n, --netrc, except that you provide
1584 the path (absolute or relative) to the netrc file that curl
1585 should use. You can only specify one netrc file per invocation.
1586 If several --netrc-file options are provided, the last one will
1587 be used.
1588 It will abide by --netrc-optional if specified.
1590 This option overrides -n, --netrc. Added in 7.21.5.
1592 --netrc-optional
1594 Very similar to -n, --netrc, but this option makes the .netrc
1595 usage optional and not mandatory as the -n, --netrc option does.
1596 See also --netrc-file. This option overrides -n, --netrc.
1598 -n, --netrc
1600 Makes curl scan the .netrc (_netrc on Windows) file in the
1601 user's home directory for login name and password. This is typi‐
1602 cally used for FTP on Unix. If used with HTTP, curl will enable
1603 user authentication. See netrc(5) ftp(1) for details on the file
1604 format. Curl will not complain if that file doesn't have the
1605 right permissions (it should not be either world- or group-read‐
1606 able). The environment variable "HOME" is used to find the home
1607 directory.
1608 A quick and very simple example of how to setup a .netrc to
1610 allow curl to FTP to the machine host.domain.com with user name
1611 'myself' and password 'secret' should look similar to:
1612 machine host.domain.com login myself password secret
1614 -:, --next
1616 Tells curl to use a separate operation for the following URL and
1617 associated options. This allows you to send several URL
1618 requests, each with their own specific options, for example,
1619 such as different user names or custom requests for each.
1620 -:, --next will reset all local options and only global ones
1622 will have their values survive over to the operation following
1623 the -:, --next instruction. Global options include -v, --ver‐
1624 bose, --trace, --trace-ascii and --fail-early.
1625 For example, you can do both a GET and a POST in a single com‐
1627 mand line:
1628 curl www1.example.com --next -d postthis www2.example.com
1630 Added in 7.36.0.
1632 --no-alpn
1634 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by
1635 default if libcurl was built with an SSL library that supports
1636 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
1637 ate HTTP/2 support with the server during https sessions.
1638 See also --no-npn and --http2. --no-alpn requires that the
1640 underlying libcurl was built to support TLS. Added in 7.36.0.
1641 -N, --no-buffer
1643 Disables the buffering of the output stream. In normal work sit‐
1644 uations, curl will use a standard buffered output stream that
1645 will have the effect that it will output the data in chunks, not
1646 necessarily exactly when the data arrives. Using this option
1647 will disable that buffering.
1648 Note that this is the negated option name documented. You can
1650 thus use --buffer to enforce the buffering.
1651 --no-keepalive
1653 Disables the use of keepalive messages on the TCP connection.
1654 curl otherwise enables them by default.
1655 Note that this is the negated option name documented. You can
1657 thus use --keepalive to enforce keepalive.
1658 --no-npn
1660 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
1661 if libcurl was built with an SSL library that supports NPN. NPN
1662 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
1663 support with the server during https sessions.
1664 See also --no-alpn and --http2. --no-npn requires that the
1666 underlying libcurl was built to support TLS. Added in 7.36.0.
1667 --no-sessionid
1669 (TLS) Disable curl's use of SSL session-ID caching. By default
1670 all transfers are done using the cache. Note that while nothing
1671 should ever get hurt by attempting to reuse SSL session-IDs,
1672 there seem to be broken SSL implementations in the wild that may
1673 require you to disable this in order for you to succeed.
1674 Note that this is the negated option name documented. You can
1676 thus use --sessionid to enforce session-ID caching.
1677 Added in 7.16.0.
1679 --noproxy <no-proxy-list>
1681 Comma-separated list of hosts which do not use a proxy, if one
1682 is specified. The only wildcard is a single * character, which
1683 matches all hosts, and effectively disables the proxy. Each name
1684 in this list is matched as either a domain which contains the
1685 hostname, or the hostname itself. For example, local.com would
1686 match local.com, local.com:80, and www.local.com, but not
1687 www.notlocal.com.
1688 Since 7.53.0, This option overrides the environment variables
1690 that disable the proxy. If there's an environment variable dis‐
1691 abling a proxy, you can set noproxy list to "" to override it.
1692 Added in 7.19.4.
1694 --ntlm-wb
1696 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
1697 the authentication to the separate binary ntlmauth application
1698 that is executed when needed.
1699 See also --ntlm and --proxy-ntlm.
1701 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
1703 method was designed by Microsoft and is used by IIS web servers.
1704 It is a proprietary protocol, reverse-engineered by clever peo‐
1705 ple and implemented in curl based on their efforts. This kind of
1706 behavior should not be endorsed, you should encourage everyone
1707 who uses NTLM to switch to a public and documented authentica‐
1708 tion method instead, such as Digest.
1709 If you want to enable NTLM for your proxy authentication, then
1711 use --proxy-ntlm.
1712 If this option is used several times, only the first one is
1714 used.
1715 See also --proxy-ntlm. --ntlm requires that the underlying
1717 libcurl was built to support TLS. This option overrides --basic
1718 and --negotiate and --digest and --anyauth.
1719 --oauth2-bearer <token>
1721 (IMAP POP3 SMTP) Specify the Bearer Token for OAUTH 2.0 server
1722 authentication. The Bearer Token is used in conjunction with the
1723 user name which can be specified as part of the --url or -u,
1724 --user options.
1725 The Bearer Token and user name are formatted according to RFC
1727 6750.
1728 If this option is used several times, the last one will be used.
1730 -o, --output <file>
1732 Write output to <file> instead of stdout. If you are using {} or
1733 [] to fetch multiple documents, you can use '#' followed by a
1734 number in the <file> specifier. That variable will be replaced
1735 with the current string for the URL being fetched. Like in:
1736 curl http://{one,two}.example.com -o "file_#1.txt"
1738 or use several variables like:
1740 curl http://{site,host}.host[1-5].com -o "#1_#2"
1742 You may use this option as many times as the number of URLs you
1744 have. For example, if you specify two URLs on the same command
1745 line, you can use it like this:
1746 curl -o aa example.com -o bb example.net
1748 and the order of the -o options and the URLs doesn't matter,
1750 just that the first -o is for the first URL and so on, so the
1751 above command line can also be written as
1752 curl example.com example.net -o aa -o bb
1754 See also the --create-dirs option to create the local directo‐
1756 ries dynamically. Specifying the output as '-' (a single dash)
1757 will force the output to be done to stdout.
1758 See also -O, --remote-name and --remote-name-all and -J,
1760 --remote-header-name.
1761 --pass <phrase>
1763 (SSH TLS) Passphrase for the private key
1764 If this option is used several times, the last one will be used.
1766 --path-as-is
1768 Tell curl to not handle sequences of /../ or /./ in the given
1769 URL path. Normally curl will squash or merge them according to
1770 standards but with this option set you tell it not to do that.
1771 Added in 7.42.0.
1773 --pinnedpubkey <hashes>
1775 (TLS) Tells curl to use the specified public key file (or
1776 hashes) to verify the peer. This can be a path to a file which
1777 contains a single public key in PEM or DER format, or any number
1778 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
1779 rated by ´;´
1780 When negotiating a TLS or SSL connection, the server sends a
1782 certificate indicating its identity. A public key is extracted
1783 from this certificate and if it does not exactly match the pub‐
1784 lic key provided to this option, curl will abort the connection
1785 before sending or receiving any data.
1786 PEM/DER support:
1788 7.39.0: OpenSSL, GnuTLS and GSKit
1789 7.43.0: NSS and wolfSSL/CyaSSL
1790 7.47.0: mbedtls
1791 7.49.0: PolarSSL sha256 support:
1792 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL.
1793 7.47.0: mbedtls
1794 7.49.0: PolarSSL Other SSL backends not supported.
1795 If this option is used several times, the last one will be used.
1797 --post301
1799 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
1800 requests into GET requests when following a 301 redirection. The
1801 non-RFC behaviour is ubiquitous in web browsers, so curl does
1802 the conversion by default to maintain consistency. However, a
1803 server may require a POST to remain a POST after such a redi‐
1804 rection. This option is meaningful only when using -L, --loca‐
1805 tion.
1806 See also --post302 and --post303 and -L, --location. Added in
1808 7.17.1.
1809 --post302
1811 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
1812 requests into GET requests when following a 302 redirection. The
1813 non-RFC behaviour is ubiquitous in web browsers, so curl does
1814 the conversion by default to maintain consistency. However, a
1815 server may require a POST to remain a POST after such a redi‐
1816 rection. This option is meaningful only when using -L, --loca‐
1817 tion.
1818 See also --post301 and --post303 and -L, --location. Added in
1820 7.19.1.
1821 --post303
1823 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
1824 requests into GET requests when following 303 redirections. A
1825 server may require a POST to remain a POST after a 303 redirect‐
1826 ion. This option is meaningful only when using -L, --location.
1827 See also --post302 and --post301 and -L, --location. Added in
1829 7.26.0.
1830 --preproxy [protocol://]host[:port]
1832 Use the specified SOCKS proxy before connecting to an HTTP or
1833 HTTPS -x, --proxy. In such a case curl first connects to the
1834 SOCKS proxy and then connects (through SOCKS) to the HTTP or
1835 HTTPS proxy. Hence pre proxy.
1836 The pre proxy string should be specified with a protocol:// pre‐
1838 fix to specify alternative proxy protocols. Use socks4://,
1839 socks4a://, socks5:// or socks5h:// to request the specific
1840 SOCKS version to be used. No protocol specified will make curl
1841 default to SOCKS4.
1842 If the port number is not specified in the proxy string, it is
1844 assumed to be 1080.
1845 User and password that might be provided in the proxy string are
1847 URL decoded by curl. This allows you to pass in special charac‐
1848 ters such as @ by using %40 or pass in a colon with %3a.
1849 If this option is used several times, the last one will be used.
1851 Added in 7.52.0.
1853 -#, --progress-bar
1855 Make curl display transfer progress as a simple progress bar
1856 instead of the standard, more informational, meter.
1857 This progress bar draws a single line of '#' characters across
1859 the screen and shows a percentage if the transfer size is known.
1860 For transfers without a known size, there will be space ship
1861 (-=o=-) that moves back and forth but only while data is being
1862 transferred, with a set of flying hash sign symbols on top.
1863 --proto-default <protocol>
1865 Tells curl to use protocol for any URL missing a scheme name.
1866 Example:
1868 curl --proto-default https ftp.mozilla.org
1870 An unknown or unsupported protocol causes error CURLE_UNSUP‐
1872 PORTED_PROTOCOL (1).
1873 This option does not change the default proxy protocol (http).
1875 Without this option curl would make a guess based on the host,
1877 see --url for details.
1878 Added in 7.45.0.
1880 --proto-redir <protocols>
1882 Tells curl to limit what protocols it may use on redirect. Pro‐
1883 tocols denied by --proto are not overridden by this option. See
1884 --proto for how protocols are represented.
1885 Example, allow only HTTP and HTTPS on redirect:
1887 curl --proto-redir -all,http,https http://example.com
1889 By default curl will allow all protocols on redirect except sev‐
1891 eral disabled for security reasons: Since 7.19.4 FILE and SCP
1892 are disabled, and since 7.40.0 SMB and SMBS are also disabled.
1893 Specifying all or +all enables all protocols on redirect,
1894 including those disabled for security.
1895 Added in 7.20.2.
1897 --proto <protocols>
1899 Tells curl to limit what protocols it may use in the transfer.
1900 Protocols are evaluated left to right, are comma separated, and
1901 are each a protocol name or
1902 + Permit this protocol in addition to protocols already permit‐
1904 ted (this is the default if no modifier is used).
1905 - Deny this protocol, removing it from the list of protocols
1907 already permitted.
1908 = Permit only this protocol (ignoring the list already permit‐
1910 ted), though subject to later modification by subsequent
1911 entries in the comma separated list.
1912 For example:
1914 --proto -ftps uses the default protocols, but disables ftps
1916 --proto -all,https,+http
1918 only enables http and https
1919 --proto =http,https
1921 also only enables http and https
1922 Unknown protocols produce a warning. This allows scripts to safely rely
1924 on being able to disable potentially dangerous protocols, without rely‐
1925 ing upon support for that protocol being built into curl to avoid an
1926 error.
1927 This option can be used multiple times, in which case the effect is the
1929 same as concatenating the protocols into one instance of the option.
1930 See also --proto-redir and --proto-default. Added in 7.20.2.
1932 --proxy-anyauth
1934 Tells curl to pick a suitable authentication method when commu‐
1935 nicating with the given HTTP proxy. This might cause an extra
1936 request/response round-trip.
1937 See also -x, --proxy and --proxy-basic and --proxy-digest. Added
1939 in 7.13.2.
1940 --proxy-basic
1942 Tells curl to use HTTP Basic authentication when communicating
1943 with the given proxy. Use --basic for enabling HTTP Basic with a
1944 remote host. Basic is the default authentication method curl
1945 uses with proxies.
1946 See also -x, --proxy and --proxy-anyauth and --proxy-digest.
1948 --proxy-cacert <file>
1950 Same as --cacert but used in HTTPS proxy context.
1951 See also --proxy-capath and --cacert and --capath and -x,
1953 --proxy. Added in 7.52.0.
1954 --proxy-capath <dir>
1956 Same as --capath but used in HTTPS proxy context.
1957 See also --proxy-cacert and -x, --proxy and --capath. Added in
1959 7.52.0.
1960 --proxy-cert-type <type>
1962 Same as --cert-type but used in HTTPS proxy context.
1963 Added in 7.52.0.
1965 --proxy-cert <cert[:passwd]>
1967 Same as -E, --cert but used in HTTPS proxy context.
1968 Added in 7.52.0.
1970 --proxy-ciphers <list>
1972 Same as --ciphers but used in HTTPS proxy context.
1973 Added in 7.52.0.
1975 --proxy-crlfile <file>
1977 Same as --crlfile but used in HTTPS proxy context.
1978 Added in 7.52.0.
1980 --proxy-digest
1982 Tells curl to use HTTP Digest authentication when communicating
1983 with the given proxy. Use --digest for enabling HTTP Digest with
1984 a remote host.
1985 See also -x, --proxy and --proxy-anyauth and --proxy-basic.
1987 --proxy-header <header/@file>
1989 (HTTP) Extra header to include in the request when sending HTTP
1990 to a proxy. You may specify any number of extra headers. This is
1991 the equivalent option to -H, --header but is for proxy communi‐
1992 cation only like in CONNECT requests when you want a separate
1993 header sent to the proxy to what is sent to the actual remote
1994 host.
1995 curl will make sure that each header you add/replace is sent
1997 with the proper end-of-line marker, you should thus not add that
1998 as a part of the header content: do not add newlines or carriage
1999 returns, they will only mess things up for you.
2000 Headers specified with this option will not be included in
2002 requests that curl knows will not be sent to a proxy.
2003 Starting in 7.55.0, this option can take an argument in @file‐
2005 name style, which then adds a header for each line in the input
2006 file. Using @- will make curl read the header file from stdin.
2007 This option can be used multiple times to add/replace/remove
2009 multiple headers.
2010 Added in 7.37.0.
2012 --proxy-insecure
2014 Same as -k, --insecure but used in HTTPS proxy context.
2015 Added in 7.52.0.
2017 --proxy-key-type <type>
2019 Same as --key-type but used in HTTPS proxy context.
2020 Added in 7.52.0.
2022 --proxy-key <key>
2024 Same as --key but used in HTTPS proxy context.
2025 --proxy-negotiate
2027 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2028 communicating with the given proxy. Use --negotiate for enabling
2029 HTTP Negotiate (SPNEGO) with a remote host.
2030 See also --proxy-anyauth and --proxy-basic. Added in 7.17.1.
2032 --proxy-ntlm
2034 Tells curl to use HTTP NTLM authentication when communicating
2035 with the given proxy. Use --ntlm for enabling NTLM with a remote
2036 host.
2037 See also --proxy-negotiate and --proxy-anyauth.
2039 --proxy-pass <phrase>
2041 Same as --pass but used in HTTPS proxy context.
2042 Added in 7.52.0.
2044 --proxy-pinnedpubkey <hashes>
2046 (TLS) Tells curl to use the specified public key file (or
2047 hashes) to verify the proxy. This can be a path to a file which
2048 contains a single public key in PEM or DER format, or any number
2049 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2050 rated by ´;´
2051 When negotiating a TLS or SSL connection, the server sends a
2053 certificate indicating its identity. A public key is extracted
2054 from this certificate and if it does not exactly match the pub‐
2055 lic key provided to this option, curl will abort the connection
2056 before sending or receiving any data.
2057 If this option is used several times, the last one will be used.
2059 --proxy-service-name <name>
2061 This option allows you to change the service name for proxy
2062 negotiation.
2063 Added in 7.43.0.
2065 --proxy-ssl-allow-beast
2067 Same as --ssl-allow-beast but used in HTTPS proxy context.
2068 Added in 7.52.0.
2070 --proxy-tls13-ciphers <ciphersuite list>
2072 (TLS) Specifies which cipher suites to use in the connection to
2073 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
2074 suites must specify valid ciphers. Read up on TLS 1.3 cipher
2075 suite details on this URL:
2076 https://curl.haxx.se/docs/ssl-ciphers.html
2078 If this option is used several times, the last one will be used.
2080 --proxy-tlsauthtype <type>
2082 Same as --tlsauthtype but used in HTTPS proxy context.
2083 Added in 7.52.0.
2085 --proxy-tlspassword <string>
2087 Same as --tlspassword but used in HTTPS proxy context.
2088 Added in 7.52.0.
2090 --proxy-tlsuser <name>
2092 Same as --tlsuser but used in HTTPS proxy context.
2093 Added in 7.52.0.
2095 --proxy-tlsv1
2097 Same as -1, --tlsv1 but used in HTTPS proxy context.
2098 Added in 7.52.0.
2100 -U, --proxy-user <user:password>
2102 Specify the user name and password to use for proxy authentica‐
2103 tion.
2104 If you use a Windows SSPI-enabled curl binary and do either
2106 Negotiate or NTLM authentication then you can tell curl to
2107 select the user name and password from your environment by spec‐
2108 ifying a single colon with this option: "-U :".
2109 If this option is used several times, the last one will be used.
2111 -x, --proxy [protocol://]host[:port]
2113 Use the specified proxy.
2114 The proxy string can be specified with a protocol:// prefix. No
2116 protocol specified or http:// will be treated as HTTP proxy. Use
2117 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
2118 cific SOCKS version to be used. (The protocol support was added
2119 in curl 7.21.7)
2120 HTTPS proxy support via https:// protocol prefix was added in
2122 7.52.0 for OpenSSL, GnuTLS and NSS.
2123 Unrecognized and unsupported proxy protocols cause an error
2125 since 7.52.0. Prior versions may ignore the protocol and use
2126 http:// instead.
2127 If the port number is not specified in the proxy string, it is
2129 assumed to be 1080.
2130 This option overrides existing environment variables that set
2132 the proxy to use. If there's an environment variable setting a
2133 proxy, you can set proxy to "" to override it.
2134 All operations that are performed over an HTTP proxy will trans‐
2136 parently be converted to HTTP. It means that certain protocol
2137 specific operations might not be available. This is not the case
2138 if you can tunnel through the proxy, as one with the -p, --prox‐
2139 ytunnel option.
2140 User and password that might be provided in the proxy string are
2142 URL decoded by curl. This allows you to pass in special charac‐
2143 ters such as @ by using %40 or pass in a colon with %3a.
2144 The proxy host can be specified the exact same way as the proxy
2146 environment variables, including the protocol prefix (http://)
2147 and the embedded user + password.
2148 If this option is used several times, the last one will be used.
2150 --proxy1.0 <host[:port]>
2152 Use the specified HTTP 1.0 proxy. If the port number is not
2153 specified, it is assumed at port 1080.
2154 The only difference between this and the HTTP proxy option -x,
2156 --proxy, is that attempts to use CONNECT through the proxy will
2157 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
2158 -p, --proxytunnel
2160 When an HTTP proxy is used -x, --proxy, this option will cause
2161 non-HTTP protocols to attempt to tunnel through the proxy
2162 instead of merely using it to do HTTP-like operations. The tun‐
2163 nel approach is made with the HTTP proxy CONNECT request and
2164 requires that the proxy allows direct connect to the remote port
2165 number curl wants to tunnel through to.
2166 To suppress proxy CONNECT response headers when curl is set to
2168 output headers use --suppress-connect-headers.
2169 See also -x, --proxy.
2171 --pubkey <key>
2173 (SFTP SCP) Public key file name. Allows you to provide your pub‐
2174 lic key in this separate file.
2175 If this option is used several times, the last one will be used.
2177 (As of 7.39.0, curl attempts to automatically extract the public
2179 key from the private key file, so passing this option is gener‐
2180 ally not required. Note that this public key extraction requires
2181 libcurl to be linked against a copy of libssh2 1.2.8 or higher
2182 that is itself linked against OpenSSL.)
2183 -Q, --quote
2185 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
2186 server. Quote commands are sent BEFORE the transfer takes place
2187 (just after the initial PWD command in an FTP transfer, to be
2188 exact). To make commands take place after a successful transfer,
2189 prefix them with a dash '-'. To make commands be sent after
2190 curl has changed the working directory, just before the transfer
2191 command(s), prefix the command with a '+' (this is only sup‐
2192 ported for FTP). You may specify any number of commands.
2193 If the server returns failure for one of the commands, the
2195 entire operation will be aborted. You must send syntactically
2196 correct FTP commands as RFC 959 defines to FTP servers, or one
2197 of the commands listed below to SFTP servers.
2198 This option can be used multiple times. When speaking to an FTP
2200 server, prefix the command with an asterisk (*) to make curl
2201 continue even if the command fails as by default curl will stop
2202 at first failure.
2203 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
2205 quote commands itself before sending them to the server. File
2206 names may be quoted shell-style to embed spaces or special char‐
2207 acters. Following is the list of all supported SFTP quote com‐
2208 mands:
2209 chgrp group file
2211 The chgrp command sets the group ID of the file named by
2212 the file operand to the group ID specified by the group
2213 operand. The group operand is a decimal integer group ID.
2214 chmod mode file
2216 The chmod command modifies the file mode bits of the
2217 specified file. The mode operand is an octal integer mode
2218 number.
2219 chown user file
2221 The chown command sets the owner of the file named by the
2222 file operand to the user ID specified by the user oper‐
2223 and. The user operand is a decimal integer user ID.
2224 ln source_file target_file
2226 The ln and symlink commands create a symbolic link at the
2227 target_file location pointing to the source_file loca‐
2228 tion.
2229 mkdir directory_name
2231 The mkdir command creates the directory named by the
2232 directory_name operand.
2233 pwd The pwd command returns the absolute pathname of the cur‐
2235 rent working directory.
2236 rename source target
2238 The rename command renames the file or directory named by
2239 the source operand to the destination path named by the
2240 target operand.
2241 rm file
2243 The rm command removes the file specified by the file op‐
2244 erand.
2245 rmdir directory
2247 The rmdir command removes the directory entry specified
2248 by the directory operand, provided it is empty.
2249 symlink source_file target_file
2251 See ln.
2252 --random-file <file>
2254 Specify the path name to file containing what will be considered
2255 as random data. The data may be used to seed the random engine
2256 for SSL connections. See also the --egd-file option.
2257 -r, --range <range>
2259 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
2260 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
2261 Ranges can be specified in a number of ways.
2262 0-499 specifies the first 500 bytes
2264 500-999 specifies the second 500 bytes
2266 -500 specifies the last 500 bytes
2268 9500- specifies the bytes from offset 9500 and forward
2270 0-0,-1 specifies the first and last byte only(*)(HTTP)
2272 100-199,500-599
2274 specifies two separate 100-byte ranges(*) (HTTP)
2275 (*) = NOTE that this will cause the server to reply with a mul‐
2277 tipart response!
2278 Only digit characters (0-9) are valid in the 'start' and 'stop'
2280 fields of the 'start-stop' range syntax. If a non-digit charac‐
2281 ter is given in the range, the server's response will be unspec‐
2282 ified, depending on the server's configuration.
2283 You should also be aware that many HTTP/1.1 servers do not have
2285 this feature enabled, so that when you attempt to get a range,
2286 you'll instead get the whole document.
2287 FTP and SFTP range downloads only support the simple 'start-
2289 stop' syntax (optionally with one of the numbers omitted). FTP
2290 use depends on the extended FTP command SIZE.
2291 If this option is used several times, the last one will be used.
2293 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
2295 tent or transfer encodings and instead makes them passed on
2296 unaltered, raw.
2297 Added in 7.16.2.
2299 -e, --referer <URL>
2301 (HTTP) Sends the "Referrer Page" information to the HTTP server.
2302 This can also be set with the -H, --header flag of course. When
2303 used with -L, --location you can append ";auto" to the -e,
2304 --referer URL to make curl automatically set the previous URL
2305 when it follows a Location: header. The ";auto" string can be
2306 used alone, even if you don't set an initial -e, --referer.
2307 If this option is used several times, the last one will be used.
2309 See also -A, --user-agent and -H, --header.
2311 -J, --remote-header-name
2313 (HTTP) This option tells the -O, --remote-name option to use the
2314 server-specified Content-Disposition filename instead of
2315 extracting a filename from the URL.
2316 If the server specifies a file name and a file with that name
2318 already exists in the current working directory it will not be
2319 overwritten and an error will occur. If the server doesn't spec‐
2320 ify a file name then this option has no effect.
2321 There's no attempt to decode %-sequences (yet) in the provided
2323 file name, so this option may provide you with rather unexpected
2324 file names.
2325 WARNING: Exercise judicious use of this option, especially on
2327 Windows. A rogue server could send you the name of a DLL or
2328 other file that could possibly be loaded automatically by Win‐
2329 dows or some third party software.
2330 --remote-name-all
2332 This option changes the default action for all given URLs to be
2333 dealt with as if -O, --remote-name were used for each one. So if
2334 you want to disable that for a specific URL after --remote-name-
2335 all has been used, you must use "-o -" or --no-remote-name.
2336 Added in 7.19.0.
2338 -O, --remote-name
2340 Write output to a local file named like the remote file we get.
2341 (Only the file part of the remote file is used, the path is cut
2342 off.)
2343 The file will be saved in the current working directory. If you
2345 want the file saved in a different directory, make sure you
2346 change the current working directory before invoking curl with
2347 this option.
2348 The remote file name to use for saving is extracted from the
2350 given URL, nothing else, and if it already exists it will be
2351 overwritten. If you want the server to be able to choose the
2352 file name refer to -J, --remote-header-name which can be used in
2353 addition to this option. If the server chooses a file name and
2354 that name already exists it will not be overwritten.
2355 There is no URL decoding done on the file name. If it has %20 or
2357 other URL encoded parts of the name, they will end up as-is as
2358 file name.
2359 You may use this option as many times as the number of URLs you
2361 have.
2362 -R, --remote-time
2364 When used, this will make curl attempt to figure out the time‐
2365 stamp of the remote file, and if that is available make the
2366 local file get that same timestamp.
2367 --request-target
2369 (HTTP) Tells curl to use an alternative "target" (path) instead
2370 of using the path as provided in the URL. Particularly useful
2371 when wanting to issue HTTP requests without leading slash or
2372 other data that doesn't follow the regular URL pattern, like
2373 "OPTIONS *".
2374 Added in 7.55.0.
2376 -X, --request <command>
2378 (HTTP) Specifies a custom request method to use when communicat‐
2379 ing with the HTTP server. The specified request method will be
2380 used instead of the method otherwise used (which defaults to
2381 GET). Read the HTTP 1.1 specification for details and explana‐
2382 tions. Common additional HTTP requests include PUT and DELETE,
2383 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
2384 and more.
2385 Normally you don't need this option. All sorts of GET, HEAD,
2387 POST and PUT requests are rather invoked by using dedicated com‐
2388 mand line options.
2389 This option only changes the actual word used in the HTTP
2391 request, it does not alter the way curl behaves. So for example
2392 if you want to make a proper HEAD request, using -X HEAD will
2393 not suffice. You need to use the -I, --head option.
2394 The method string you set with -X, --request will be used for
2396 all requests, which if you for example use -L, --location may
2397 cause unintended side-effects when curl doesn't change request
2398 method according to the HTTP 30x response codes - and similar.
2399 (FTP) Specifies a custom FTP command to use instead of LIST when
2401 doing file lists with FTP.
2402 (POP3) Specifies a custom POP3 command to use instead of LIST or
2404 RETR. (Added in 7.26.0)
2405 (IMAP) Specifies a custom IMAP command to use instead of LIST.
2407 (Added in 7.30.0)
2408 (SMTP) Specifies a custom SMTP command to use instead of HELP or
2410 VRFY. (Added in 7.34.0)
2411 If this option is used several times, the last one will be used.
2413 --resolve <host:port:address[,address]...>
2415 Provide a custom address for a specific host and port pair.
2416 Using this, you can make the curl requests(s) use a specified
2417 address and prevent the otherwise normally resolved address to
2418 be used. Consider it a sort of /etc/hosts alternative provided
2419 on the command line. The port number should be the number used
2420 for the specific protocol the host will be used for. It means
2421 you need several entries if you want to provide address for the
2422 same host but different ports.
2423 By specifying '*' as host you can tell curl to resolve any host
2425 and specific port pair to the specified address. Wildcard is
2426 resolved last so any --resolve with a specific host and port
2427 will be used first.
2428 The provided address set by this option will be used even if -4,
2430 --ipv4 or -6, --ipv6 is set to make curl use another IP version.
2431 Support for providing the IP address within [brackets] was added
2433 in 7.57.0.
2434 Support for providing multiple IP addresses per entry was added
2436 in 7.59.0.
2437 Support for resolving with wildcard was added in 7.64.0.
2439 This option can be used many times to add many host names to
2441 resolve.
2442 Added in 7.21.3.
2444 --retry-connrefused
2446 In addition to the other conditions, consider ECONNREFUSED as a
2447 transient error too for --retry. This option is used together
2448 with --retry.
2449 Added in 7.52.0.
2451 --retry-delay <seconds>
2453 Make curl sleep this amount of time before each retry when a
2454 transfer has failed with a transient error (it changes the
2455 default backoff time algorithm between retries). This option is
2456 only interesting if --retry is also used. Setting this delay to
2457 zero will make curl use the default backoff time.
2458 If this option is used several times, the last one will be used.
2460 Added in 7.12.3.
2462 --retry-max-time <seconds>
2464 The retry timer is reset before the first transfer attempt.
2465 Retries will be done as usual (see --retry) as long as the timer
2466 hasn't reached this given limit. Notice that if the timer hasn't
2467 reached the limit, the request will be made and while perform‐
2468 ing, it may take longer than this given time period. To limit a
2469 single request´s maximum time, use -m, --max-time. Set this
2470 option to zero to not timeout retries.
2471 If this option is used several times, the last one will be used.
2473 Added in 7.12.3.
2475 --retry <num>
2477 If a transient error is returned when curl tries to perform a
2478 transfer, it will retry this number of times before giving up.
2479 Setting the number to 0 makes curl do no retries (which is the
2480 default). Transient error means either: a timeout, an FTP 4xx
2481 response code or an HTTP 408 or 5xx response code.
2482 When curl is about to retry a transfer, it will first wait one
2484 second and then for all forthcoming retries it will double the
2485 waiting time until it reaches 10 minutes which then will be the
2486 delay between the rest of the retries. By using --retry-delay
2487 you disable this exponential backoff algorithm. See also
2488 --retry-max-time to limit the total time allowed for retries.
2489 If this option is used several times, the last one will be used.
2491 Added in 7.12.3.
2493 --sasl-ir
2495 Enable initial response in SASL authentication.
2496 Added in 7.31.0.
2498 --service-name <name>
2500 This option allows you to change the service name for SPNEGO.
2501 Examples: --negotiate --service-name sockd would use
2503 sockd/server-name.
2504 Added in 7.43.0.
2506 -S, --show-error
2508 When used with -s, --silent, it makes curl show an error message
2509 if it fails.
2510 -s, --silent
2512 Silent or quiet mode. Don't show progress meter or error mes‐
2513 sages. Makes Curl mute. It will still output the data you ask
2514 for, potentially even to the terminal/stdout unless you redirect
2515 it.
2516 Use -S, --show-error in addition to this option to disable
2518 progress meter but still show error messages.
2519 See also -v, --verbose and --stderr.
2521 --socks4 <host[:port]>
2523 Use the specified SOCKS4 proxy. If the port number is not speci‐
2524 fied, it is assumed at port 1080.
2525 This option overrides any previous use of -x, --proxy, as they
2527 are mutually exclusive.
2528 Since 7.21.7, this option is superfluous since you can specify a
2530 socks4 proxy with -x, --proxy using a socks4:// protocol prefix.
2531 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2533 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2534 such a case curl first connects to the SOCKS proxy and then con‐
2535 nects (through SOCKS) to the HTTP or HTTPS proxy.
2536 If this option is used several times, the last one will be used.
2538 Added in 7.15.2.
2540 --socks4a <host[:port]>
2542 Use the specified SOCKS4a proxy. If the port number is not spec‐
2543 ified, it is assumed at port 1080.
2544 This option overrides any previous use of -x, --proxy, as they
2546 are mutually exclusive.
2547 Since 7.21.7, this option is superfluous since you can specify a
2549 socks4a proxy with -x, --proxy using a socks4a:// protocol pre‐
2550 fix.
2551 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2553 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2554 such a case curl first connects to the SOCKS proxy and then con‐
2555 nects (through SOCKS) to the HTTP or HTTPS proxy.
2556 If this option is used several times, the last one will be used.
2558 Added in 7.18.0.
2560 --socks5-basic
2562 Tells curl to use username/password authentication when connect‐
2563 ing to a SOCKS5 proxy. The username/password authentication is
2564 enabled by default. Use --socks5-gssapi to force GSS-API
2565 authentication to SOCKS5 proxies.
2566 Added in 7.55.0.
2568 --socks5-gssapi-nec
2570 As part of the GSS-API negotiation a protection mode is negoti‐
2571 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
2572 but the NEC reference implementation does not. The option
2573 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
2574 tection mode negotiation.
2575 Added in 7.19.4.
2577 --socks5-gssapi-service <name>
2579 The default service name for a socks server is rcmd/server-fqdn.
2580 This option allows you to change it.
2581 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
2583 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
2584 service sockd/real-name would use sockd/real-name for cases
2585 where the proxy-name does not match the principal name.
2586 Added in 7.19.4.
2588 --socks5-gssapi
2590 Tells curl to use GSS-API authentication when connecting to a
2591 SOCKS5 proxy. The GSS-API authentication is enabled by default
2592 (if curl is compiled with GSS-API support). Use --socks5-basic
2593 to force username/password authentication to SOCKS5 proxies.
2594 Added in 7.55.0.
2596 --socks5-hostname <host[:port]>
2598 Use the specified SOCKS5 proxy (and let the proxy resolve the
2599 host name). If the port number is not specified, it is assumed
2600 at port 1080.
2601 This option overrides any previous use of -x, --proxy, as they
2603 are mutually exclusive.
2604 Since 7.21.7, this option is superfluous since you can specify a
2606 socks5 hostname proxy with -x, --proxy using a socks5h:// proto‐
2607 col prefix.
2608 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2610 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2611 such a case curl first connects to the SOCKS proxy and then con‐
2612 nects (through SOCKS) to the HTTP or HTTPS proxy.
2613 If this option is used several times, the last one will be used.
2615 Added in 7.18.0.
2617 --socks5 <host[:port]>
2619 Use the specified SOCKS5 proxy - but resolve the host name
2620 locally. If the port number is not specified, it is assumed at
2621 port 1080.
2622 This option overrides any previous use of -x, --proxy, as they
2624 are mutually exclusive.
2625 Since 7.21.7, this option is superfluous since you can specify a
2627 socks5 proxy with -x, --proxy using a socks5:// protocol prefix.
2628 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2630 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2631 such a case curl first connects to the SOCKS proxy and then con‐
2632 nects (through SOCKS) to the HTTP or HTTPS proxy.
2633 If this option is used several times, the last one will be used.
2635 This option (as well as --socks4) does not work with IPV6, FTPS
2637 or LDAP.
2638 Added in 7.18.0.
2640 -Y, --speed-limit <speed>
2642 If a download is slower than this given speed (in bytes per sec‐
2643 ond) for speed-time seconds it gets aborted. speed-time is set
2644 with -y, --speed-time and is 30 if not set.
2645 If this option is used several times, the last one will be used.
2647 -y, --speed-time <seconds>
2649 If a download is slower than speed-limit bytes per second during
2650 a speed-time period, the download gets aborted. If speed-time is
2651 used, the default speed-limit will be 1 unless set with -Y,
2652 --speed-limit.
2653 This option controls transfers and thus will not affect slow
2655 connects etc. If this is a concern for you, try the --connect-
2656 timeout option.
2657 If this option is used several times, the last one will be used.
2659 --ssl-allow-beast
2661 This option tells curl to not work around a security flaw in the
2662 SSL3 and TLS1.0 protocols known as BEAST. If this option isn't
2663 used, the SSL layer may use workarounds known to cause interop‐
2664 erability problems with some older SSL implementations. WARNING:
2665 this option loosens the SSL security, and by using this flag you
2666 ask for exactly that.
2667 Added in 7.25.0.
2669 --ssl-no-revoke
2671 (Schannel) This option tells curl to disable certificate revoca‐
2672 tion checks. WARNING: this option loosens the SSL security, and
2673 by using this flag you ask for exactly that.
2674 Added in 7.44.0.
2676 --ssl-reqd
2678 (FTP IMAP POP3 SMTP) Require SSL/TLS for the connection. Termi‐
2679 nates the connection if the server doesn't support SSL/TLS.
2680 This option was formerly known as --ftp-ssl-reqd.
2682 Added in 7.20.0.
2684 --ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection.
2686 Reverts to a non-secure connection if the server doesn't support
2687 SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for differ‐
2688 ent levels of encryption required.
2689 This option was formerly known as --ftp-ssl (Added in 7.11.0).
2691 That option name can still be used but will be removed in a
2692 future version.
2693 Added in 7.20.0.
2695 -2, --sslv2
2697 (SSL) Forces curl to use SSL version 2 when negotiating with a
2698 remote SSL server. Sometimes curl is built without SSLv2 sup‐
2699 port. SSLv2 is widely considered insecure (see RFC 6176).
2700 See also --http1.1 and --http2. -2, --sslv2 requires that the
2702 underlying libcurl was built to support TLS. This option over‐
2703 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2704 -3, --sslv3
2706 (SSL) Forces curl to use SSL version 3 when negotiating with a
2707 remote SSL server. Sometimes curl is built without SSLv3 sup‐
2708 port. SSLv3 is widely considered insecure (see RFC 7568).
2709 See also --http1.1 and --http2. -3, --sslv3 requires that the
2711 underlying libcurl was built to support TLS. This option over‐
2712 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
2713 --stderr
2715 Redirect all writes to stderr to the specified file instead. If
2716 the file name is a plain '-', it is instead written to stdout.
2717 If this option is used several times, the last one will be used.
2719 See also -v, --verbose and -s, --silent.
2721 --styled-output
2723 Enables the automatic use of bold font styles when writing HTTP
2724 headers to the terminal. Use --no-styled-output to switch them
2725 off.
2726 Added in 7.61.0.
2728 --suppress-connect-headers
2730 When -p, --proxytunnel is used and a CONNECT request is made
2731 don't output proxy CONNECT response headers. This option is
2732 meant to be used with -D, --dump-header or -i, --include which
2733 are used to show protocol headers in the output. It has no
2734 effect on debug options such as -v, --verbose or --trace, or any
2735 statistics.
2736 See also -D, --dump-header and -i, --include and -p, --proxytun‐
2738 nel.
2739 --tcp-fastopen
2741 Enable use of TCP Fast Open (RFC7413).
2742 Added in 7.49.0.
2744 --tcp-nodelay
2746 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
2747 page for details about this option.
2748 Since 7.50.2, curl sets this option by default and you need to
2750 explicitly switch it off if you don't want it on.
2751 Added in 7.11.2.
2753 -t, --telnet-option <opt=val>
2755 Pass options to the telnet protocol. Supported options are:
2756 TTYPE=<term> Sets the terminal type.
2758 XDISPLOC=<X display> Sets the X display location.
2760 NEW_ENV=<var,val> Sets an environment variable.
2762 --tftp-blksize <value>
2764 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
2765 size that curl will try to use when transferring data to or from
2766 a TFTP server. By default 512 bytes will be used.
2767 If this option is used several times, the last one will be used.
2769 Added in 7.20.0.
2771 --tftp-no-options
2773 (TFTP) Tells curl not to send TFTP options requests.
2774 This option improves interop with some legacy servers that do
2776 not acknowledge or properly implement TFTP options. When this
2777 option is used --tftp-blksize is ignored.
2778 Added in 7.48.0.
2780 -z, --time-cond <time>
2782 (HTTP FTP) Request a file that has been modified later than the
2783 given time and date, or one that has been modified before that
2784 time. The <date expression> can be all sorts of date strings or
2785 if it doesn't match any internal ones, it is taken as a filename
2786 and tries to get the modification date (mtime) from <file>
2787 instead. See the curl_getdate(3) man pages for date expression
2788 details.
2789 Start the date expression with a dash (-) to make it request for
2791 a document that is older than the given date/time, default is a
2792 document that is newer than the specified date/time.
2793 If this option is used several times, the last one will be used.
2795 --tls-max <VERSION>
2797 (SSL) VERSION defines maximum supported TLS version. The minimum
2798 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
2799 tlsv1.3.
2800 default
2803 Use up to recommended TLS version.
2804 1.0 Use up to TLSv1.0.
2806 1.1 Use up to TLSv1.1.
2808 1.2 Use up to TLSv1.2.
2810 1.3 Use up to TLSv1.3.
2812 See also --tlsv1.0 and --tlsv1.1 and --tlsv1.2 and --tlsv1.3. --tls-max
2814 requires that the underlying libcurl was built to support TLS. Added in
2815 7.54.0.
2816 --tls13-ciphers <list of TLS 1.3 ciphersuites>
2818 (TLS) Specifies which cipher suites to use in the connection if
2819 it negotiates TLS 1.3. The list of ciphers suites must specify
2820 valid ciphers. Read up on TLS 1.3 cipher suite details on this
2821 URL:
2822 https://curl.haxx.se/docs/ssl-ciphers.html
2824 If this option is used several times, the last one will be used.
2826 --tlsauthtype <type>
2828 Set TLS authentication type. Currently, the only supported
2829 option is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
2830 --tlspassword are specified but --tlsauthtype is not, then this
2831 option defaults to "SRP". This option works only if the under‐
2832 lying libcurl is built with TLS-SRP support, which requires
2833 OpenSSL or GnuTLS with TLS-SRP support.
2834 Added in 7.21.4.
2836 --tlspassword
2838 Set password for use with the TLS authentication method speci‐
2839 fied with --tlsauthtype. Requires that --tlsuser also be set.
2840 Added in 7.21.4.
2842 --tlsuser <name>
2844 Set username for use with the TLS authentication method speci‐
2845 fied with --tlsauthtype. Requires that --tlspassword also is
2846 set.
2847 Added in 7.21.4.
2849 --tlsv1.0
2851 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
2852 ing to a remote TLS server.
2853 Added in 7.34.0.
2855 --tlsv1.1
2857 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
2858 ing to a remote TLS server.
2859 Added in 7.34.0.
2861 --tlsv1.2
2863 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
2864 ing to a remote TLS server.
2865 Added in 7.34.0.
2867 --tlsv1.3
2869 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
2870 ing to a remote TLS server.
2871 Note that TLS 1.3 is only supported by a subset of TLS backends.
2873 At the time of this writing, they are BoringSSL, NSS, and Secure
2874 Transport (on iOS 11 or later, and macOS 10.13 or later).
2875 Added in 7.52.0.
2877 -1, --tlsv1
2879 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
2880 ing with a remote TLS server. That means TLS version 1.0 or
2881 higher
2882 See also --http1.1 and --http2. -1, --tlsv1 requires that the
2884 underlying libcurl was built to support TLS. This option over‐
2885 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
2886 --tr-encoding
2888 (HTTP) Request a compressed Transfer-Encoding response using one
2889 of the algorithms curl supports, and uncompress the data while
2890 receiving it.
2891 Added in 7.21.6.
2893 --trace-ascii <file>
2895 Enables a full trace dump of all incoming and outgoing data,
2896 including descriptive information, to the given output file. Use
2897 "-" as filename to have the output sent to stdout.
2898 This is very similar to --trace, but leaves out the hex part and
2900 only shows the ASCII part of the dump. It makes smaller output
2901 that might be easier to read for untrained humans.
2902 If this option is used several times, the last one will be used.
2904 This option overrides --trace and -v, --verbose.
2906 --trace-time
2908 Prepends a time stamp to each trace or verbose line that curl
2909 displays.
2910 Added in 7.14.0.
2912 --trace <file>
2914 Enables a full trace dump of all incoming and outgoing data,
2915 including descriptive information, to the given output file. Use
2916 "-" as filename to have the output sent to stdout. Use "%" as
2917 filename to have the output sent to stderr.
2918 If this option is used several times, the last one will be used.
2920 This option overrides -v, --verbose and --trace-ascii.
2922 --unix-socket <path>
2924 (HTTP) Connect through this Unix domain socket, instead of using
2925 the network.
2926 Added in 7.40.0.
2928 -T, --upload-file <file>
2930 This transfers the specified local file to the remote URL. If
2931 there is no file part in the specified URL, curl will append the
2932 local file name. NOTE that you must use a trailing / on the last
2933 directory to really prove to Curl that there is no file name or
2934 curl will think that your last directory name is the remote file
2935 name to use. That will most likely cause the upload operation to
2936 fail. If this is used on an HTTP(S) server, the PUT command will
2937 be used.
2938 Use the file name "-" (a single dash) to use stdin instead of a
2940 given file. Alternately, the file name "." (a single period)
2941 may be specified instead of "-" to use stdin in non-blocking
2942 mode to allow reading server output while stdin is being
2943 uploaded.
2944 You can specify one -T, --upload-file for each URL on the com‐
2946 mand line. Each -T, --upload-file + URL pair specifies what to
2947 upload and to where. curl also supports "globbing" of the -T,
2948 --upload-file argument, meaning that you can upload multiple
2949 files to a single URL by using the same URL globbing style sup‐
2950 ported in the URL, like this:
2951 curl --upload-file "{file1,file2}" http://www.example.com
2953 or even
2955 curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
2957 When uploading to an SMTP server: the uploaded data is assumed
2959 to be RFC 5322 formatted. It has to feature the necessary set of
2960 headers and mail body formatted correctly by the user as curl
2961 will not transcode nor encode it further in any way.
2962 --url <url>
2964 Specify a URL to fetch. This option is mostly handy when you
2965 want to specify URL(s) in a config file.
2966 If the given URL is missing a scheme name (such as "http://" or
2968 "ftp://" etc) then curl will make a guess based on the host. If
2969 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
2970 POP3 or SMTP then that protocol will be used, otherwise HTTP
2971 will be used. Since 7.45.0 guessing can be disabled by setting a
2972 default protocol, see --proto-default for details.
2973 This option may be used any number of times. To control where
2975 this URL is written, use the -o, --output or the -O, --remote-
2976 name options.
2977 -B, --use-ascii
2979 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be
2980 enforced by using a URL that ends with ";type=A". This option
2981 causes data sent to stdout to be in text mode for win32 systems.
2982 -A, --user-agent <name>
2984 (HTTP) Specify the User-Agent string to send to the HTTP server.
2985 To encode blanks in the string, surround the string with single
2986 quote marks. This header can also be set with the -H, --header
2987 or the --proxy-header options.
2988 If this option is used several times, the last one will be used.
2990 -u, --user <user:password>
2992 Specify the user name and password to use for server authentica‐
2993 tion. Overrides -n, --netrc and --netrc-optional.
2994 If you simply specify the user name, curl will prompt for a
2996 password.
2997 The user name and passwords are split up on the first colon,
2999 which makes it impossible to use a colon in the user name with
3000 this option. The password can, still.
3001 When using Kerberos V5 with a Windows based server you should
3003 include the Windows domain name in the user name, in order for
3004 the server to successfully obtain a Kerberos Ticket. If you
3005 don't then the initial authentication handshake may fail.
3006 When using NTLM, the user name can be specified simply as the
3008 user name, without the domain, if there is a single domain and
3009 forest in your setup for example.
3010 To specify the domain name use either Down-Level Logon Name or
3012 UPN (User Principal Name) formats. For example, EXAMPLE\user and
3013 user@example.com respectively.
3014 If you use a Windows SSPI-enabled curl binary and perform Ker‐
3016 beros V5, Negotiate, NTLM or Digest authentication then you can
3017 tell curl to select the user name and password from your envi‐
3018 ronment by specifying a single colon with this option: "-u :".
3019 If this option is used several times, the last one will be used.
3021 -v, --verbose
3023 Makes curl verbose during the operation. Useful for debugging
3024 and seeing what's going on "under the hood". A line starting
3025 with '>' means "header data" sent by curl, '<' means "header
3026 data" received by curl that is hidden in normal cases, and a
3027 line starting with '*' means additional info provided by curl.
3028 If you only want HTTP headers in the output, -i, --include might
3030 be the option you're looking for.
3031 If you think this option still doesn't give you enough details,
3033 consider using --trace or --trace-ascii instead.
3034 Use -s, --silent to make curl really quiet.
3036 See also -i, --include. This option overrides --trace and
3038 --trace-ascii.
3039 -V, --version
3041 Displays information about curl and the libcurl version it uses.
3042 The first line includes the full version of curl, libcurl and
3044 other 3rd party libraries linked with the executable.
3045 The second line (starts with "Protocols:") shows all protocols
3047 that libcurl reports to support.
3048 The third line (starts with "Features:") shows specific features
3050 libcurl reports to offer. Available features include:
3051 IPv6 You can use IPv6 with this.
3053 krb4 Krb4 for FTP is supported.
3055 SSL SSL versions of various protocols are supported, such as
3057 HTTPS, FTPS, POP3S and so on.
3058 libz Automatic decompression of compressed files over HTTP is
3060 supported.
3061 NTLM NTLM authentication is supported.
3063 Debug This curl uses a libcurl built with Debug. This enables
3065 more error-tracking and memory debugging etc. For curl-
3066 developers only!
3067 AsynchDNS
3069 This curl uses asynchronous name resolves. Asynchronous
3070 name resolves can be done using either the c-ares or the
3071 threaded resolver backends.
3072 SPNEGO SPNEGO authentication is supported.
3074 Largefile
3076 This curl supports transfers of large files, files larger
3077 than 2GB.
3078 IDN This curl supports IDN - international domain names.
3080 GSS-API
3082 GSS-API is supported.
3083 SSPI SSPI is supported.
3085 TLS-SRP
3087 SRP (Secure Remote Password) authentication is supported
3088 for TLS.
3089 HTTP2 HTTP/2 support has been built-in.
3091 UnixSockets
3093 Unix sockets support is provided.
3094 HTTPS-proxy
3096 This curl is built to support HTTPS proxy.
3097 Metalink
3099 This curl supports Metalink (both version 3 and 4 (RFC
3100 5854)), which describes mirrors and hashes. curl will
3101 use mirrors for failover if there are errors (such as the
3102 file or server not being available).
3103 PSL PSL is short for Public Suffix List and means that this
3105 curl has been built with knowledge about "public suf‐
3106 fixes".
3107 MultiSSL
3109 This curl supports multiple TLS backends.
3110 -w, --write-out <format>
3112 Make curl display information on stdout after a completed trans‐
3113 fer. The format is a string that may contain plain text mixed
3114 with any number of variables. The format can be specified as a
3115 literal "string", or you can have curl read the format from a
3116 file with "@filename" and to tell curl to read the format from
3117 stdin you write "@-".
3118 The variables present in the output format will be substituted
3120 by the value or text that curl thinks fit, as described below.
3121 All variables are specified as %{variable_name} and to output a
3122 normal % you just write them as %%. You can output a newline by
3123 using \n, a carriage return with \r and a tab space with \t.
3124 The output will be written to standard output, but this can be
3126 switched to standard error by using %{stderr}.
3127 NOTE: The %-symbol is a special symbol in the win32-environment,
3129 where all occurrences of % must be doubled when using this
3130 option.
3131 The variables available are:
3133 content_type The Content-Type of the requested document, if
3135 there was any.
3136 filename_effective
3138 The ultimate filename that curl writes out to.
3139 This is only meaningful if curl is told to write
3140 to a file with the -O, --remote-name or -o,
3141 --output option. It's most useful in combination
3142 with the -J, --remote-header-name option. (Added
3143 in 7.26.0)
3144 ftp_entry_path The initial path curl ended up in when logging on
3146 to the remote FTP server. (Added in 7.15.4)
3147 http_code The numerical response code that was found in the
3149 last retrieved HTTP(S) or FTP(s) transfer. In
3150 7.18.2 the alias response_code was added to show
3151 the same info.
3152 http_connect The numerical code that was found in the last
3154 response (from a proxy) to a curl CONNECT
3155 request. (Added in 7.12.4)
3156 http_version The http version that was effectively used.
3158 (Added in 7.50.0)
3159 local_ip The IP address of the local end of the most
3161 recently done connection - can be either IPv4 or
3162 IPv6 (Added in 7.29.0)
3163 local_port The local port number of the most recently done
3165 connection (Added in 7.29.0)
3166 num_connects Number of new connects made in the recent trans‐
3168 fer. (Added in 7.12.3)
3169 num_redirects Number of redirects that were followed in the
3171 request. (Added in 7.12.3)
3172 proxy_ssl_verify_result
3174 The result of the HTTPS proxy's SSL peer certifi‐
3175 cate verification that was requested. 0 means the
3176 verification was successful. (Added in 7.52.0)
3177 redirect_url When an HTTP request was made without -L, --loca‐
3179 tion to follow redirects (or when --max-redir is
3180 met), this variable will show the actual URL a
3181 redirect would have gone to. (Added in 7.18.2)
3182 remote_ip The remote IP address of the most recently done
3184 connection - can be either IPv4 or IPv6 (Added in
3185 7.29.0)
3186 remote_port The remote port number of the most recently done
3188 connection (Added in 7.29.0)
3189 scheme The URL scheme (sometimes called protocol) that
3191 was effectively used (Added in 7.52.0)
3192 size_download The total amount of bytes that were downloaded.
3194 size_header The total amount of bytes of the downloaded head‐
3196 ers.
3197 size_request The total amount of bytes that were sent in the
3199 HTTP request.
3200 size_upload The total amount of bytes that were uploaded.
3202 speed_download The average download speed that curl measured for
3204 the complete download. Bytes per second.
3205 speed_upload The average upload speed that curl measured for
3207 the complete upload. Bytes per second.
3208 ssl_verify_result
3210 The result of the SSL peer certificate verifica‐
3211 tion that was requested. 0 means the verification
3212 was successful. (Added in 7.19.0)
3213 stderr From this point on, the -w, --write-out output
3215 will be written to standard error. (Added in
3216 7.63.0)
3217 stdout From this point on, the -w, --write-out output
3219 will be written to standard output. This is the
3220 default, but can be used to switch back after
3221 switching to stderr. (Added in 7.63.0)
3222 time_appconnect
3224 The time, in seconds, it took from the start
3225 until the SSL/SSH/etc connect/handshake to the
3226 remote host was completed. (Added in 7.19.0)
3227 time_connect The time, in seconds, it took from the start
3229 until the TCP connect to the remote host (or
3230 proxy) was completed.
3231 time_namelookup
3233 The time, in seconds, it took from the start
3234 until the name resolving was completed.
3235 time_pretransfer
3237 The time, in seconds, it took from the start
3238 until the file transfer was just about to begin.
3239 This includes all pre-transfer commands and nego‐
3240 tiations that are specific to the particular pro‐
3241 tocol(s) involved.
3242 time_redirect The time, in seconds, it took for all redirection
3244 steps including name lookup, connect, pretransfer
3245 and transfer before the final transaction was
3246 started. time_redirect shows the complete execu‐
3247 tion time for multiple redirections. (Added in
3248 7.12.3)
3249 time_starttransfer
3251 The time, in seconds, it took from the start
3252 until the first byte was just about to be trans‐
3253 ferred. This includes time_pretransfer and also
3254 the time the server needed to calculate the
3255 result.
3256 time_total The total time, in seconds, that the full opera‐
3258 tion lasted.
3259 url_effective The URL that was fetched last. This is most mean‐
3261 ingful if you've told curl to follow location:
3262 headers.
3263 If this option is used several times, the last one will be used.
3265 --xattr
3267 When saving output to a file, this option tells curl to store
3268 certain file metadata in extended file attributes. Currently,
3269 the URL is stored in the xdg.origin.url attribute and, for HTTP,
3270 the content type is stored in the mime_type attribute. If the
3271 file system does not support extended attributes, a warning is
3272 issued.
3273
3275 ~/.curlrc
3276 Default config file, see -K, --config for details.
3277
3279 The environment variables can be specified in lower case or upper case.
3280 The lower case version has precedence. http_proxy is an exception as it
3281 is only available in lower case.
3282 Using an environment variable to set the proxy has the same effect as
3284 using the -x, --proxy option.
3285 http_proxy [protocol://]<host>[:port]
3288 Sets the proxy server to use for HTTP.
3289 HTTPS_PROXY [protocol://]<host>[:port]
3291 Sets the proxy server to use for HTTPS.
3292 [url-protocol]_PROXY [protocol://]<host>[:port]
3294 Sets the proxy server to use for [url-protocol], where the pro‐
3295 tocol is a protocol that curl supports and as specified in a
3296 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
3297 ALL_PROXY [protocol://]<host>[:port]
3299 Sets the proxy server to use if no protocol-specific proxy is
3300 set.
3301 NO_PROXY <comma-separated list of hosts/domains>
3303 list of host names that shouldn't go through any proxy. If set
3304 to an asterisk '*' only, it matches all hosts. Each name in this
3305 list is matched as either a domain name which contains the host‐
3306 name, or the hostname itself.
3307 This environment variable disables use of the proxy even when
3309 specified with the -x, --proxy option. That is
3310 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3311 http://direct.example.com accesses the target URL directly, and
3312 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3313 http://somewhere.example.com accesses the target URL through the
3314 proxy.
3315 The list of host names can also be include numerical IP
3317 addresses, and IPv6 versions should then be given without
3318 enclosing brackets.
3319
3322 Since curl version 7.21.7, the proxy string may be specified with a
3323 protocol:// prefix to specify alternative proxy protocols.
3324 If no protocol is specified in the proxy string or if the string
3326 doesn't match a supported one, the proxy will be treated as an HTTP
3327 proxy.
3328 The supported proxy protocol prefixes are as follows:
3330 http://
3332 Makes it use it as an HTTP proxy. The default if no scheme pre‐
3333 fix is used.
3334 https://
3336 Makes it treated as an HTTPS proxy.
3337 socks4://
3339 Makes it the equivalent of --socks4
3340 socks4a://
3342 Makes it the equivalent of --socks4a
3343 socks5://
3345 Makes it the equivalent of --socks5
3346 socks5h://
3348 Makes it the equivalent of --socks5-hostname
3349
3351 There are a bunch of different error codes and their corresponding
3352 error messages that may appear during bad conditions. At the time of
3353 this writing, the exit codes are:
3354 1 Unsupported protocol. This build of curl has no support for this
3356 protocol.
3357 2 Failed to initialize.
3359 3 URL malformed. The syntax was not correct.
3361 4 A feature or option that was needed to perform the desired
3363 request was not enabled or was explicitly disabled at build-
3364 time. To make curl able to do this, you probably need another
3365 build of libcurl!
3366 5 Couldn't resolve proxy. The given proxy host could not be
3368 resolved.
3369 6 Couldn't resolve host. The given remote host was not resolved.
3371 7 Failed to connect to host.
3373 8 Weird server reply. The server sent data curl couldn't parse.
3375 9 FTP access denied. The server denied login or denied access to
3377 the particular resource or directory you wanted to reach. Most
3378 often you tried to change to a directory that doesn't exist on
3379 the server.
3380 10 FTP accept failed. While waiting for the server to connect back
3382 when an active FTP session is used, an error code was sent over
3383 the control connection or similar.
3384 11 FTP weird PASS reply. Curl couldn't parse the reply sent to the
3386 PASS request.
3387 12 During an active FTP session while waiting for the server to
3389 connect back to curl, the timeout expired.
3390 13 FTP weird PASV reply, Curl couldn't parse the reply sent to the
3392 PASV request.
3393 14 FTP weird 227 format. Curl couldn't parse the 227-line the
3395 server sent.
3396 15 FTP can't get host. Couldn't resolve the host IP we got in the
3398 227-line.
3399 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
3401 This is somewhat generic and can be one out of several problems,
3402 see the error message for details.
3403 17 FTP couldn't set binary. Couldn't change transfer method to
3405 binary.
3406 18 Partial file. Only a part of the file was transferred.
3408 19 FTP couldn't download/access the given file, the RETR (or simi‐
3410 lar) command failed.
3411 21 FTP quote error. A quote command returned error from the server.
3413 22 HTTP page not retrieved. The requested url was not found or
3415 returned another error with the HTTP error code being 400 or
3416 above. This return code only appears if -f, --fail is used.
3417 23 Write error. Curl couldn't write data to a local filesystem or
3419 similar.
3420 25 FTP couldn't STOR file. The server denied the STOR operation,
3422 used for FTP uploading.
3423 26 Read error. Various reading problems.
3425 27 Out of memory. A memory allocation request failed.
3427 28 Operation timeout. The specified time-out period was reached
3429 according to the conditions.
3430 30 FTP PORT failed. The PORT command failed. Not all FTP servers
3432 support the PORT command, try doing a transfer using PASV
3433 instead!
3434 31 FTP couldn't use REST. The REST command failed. This command is
3436 used for resumed FTP transfers.
3437 33 HTTP range error. The range "command" didn't work.
3439 34 HTTP post error. Internal post-request generation error.
3441 35 SSL connect error. The SSL handshaking failed.
3443 36 Bad download resume. Couldn't continue an earlier aborted down‐
3445 load.
3446 37 FILE couldn't read file. Failed to open the file. Permissions?
3448 38 LDAP cannot bind. LDAP bind operation failed.
3450 39 LDAP search failed.
3452 41 Function not found. A required LDAP function was not found.
3454 42 Aborted by callback. An application told curl to abort the oper‐
3456 ation.
3457 43 Internal error. A function was called with a bad parameter.
3459 45 Interface error. A specified outgoing interface could not be
3461 used.
3462 47 Too many redirects. When following redirects, curl hit the maxi‐
3464 mum amount.
3465 48 Unknown option specified to libcurl. This indicates that you
3467 passed a weird option to curl that was passed on to libcurl and
3468 rejected. Read up in the manual!
3469 49 Malformed telnet option.
3471 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
3473 52 The server didn't reply anything, which here is considered an
3475 error.
3476 53 SSL crypto engine not found.
3478 54 Cannot set SSL crypto engine as default.
3480 55 Failed sending network data.
3482 56 Failure in receiving network data.
3484 58 Problem with the local certificate.
3486 59 Couldn't use specified SSL cipher.
3488 60 Peer certificate cannot be authenticated with known CA certifi‐
3490 cates.
3491 61 Unrecognized transfer encoding.
3493 62 Invalid LDAP URL.
3495 63 Maximum file size exceeded.
3497 64 Requested FTP SSL level failed.
3499 65 Sending the data requires a rewind that failed.
3501 66 Failed to initialise SSL Engine.
3503 67 The user name, password, or similar was not accepted and curl
3505 failed to log in.
3506 68 File not found on TFTP server.
3508 69 Permission problem on TFTP server.
3510 70 Out of disk space on TFTP server.
3512 71 Illegal TFTP operation.
3514 72 Unknown TFTP transfer ID.
3516 73 File already exists (TFTP).
3518 74 No such user (TFTP).
3520 75 Character conversion failed.
3522 76 Character conversion functions required.
3524 77 Problem with reading the SSL CA cert (path? access rights?).
3526 78 The resource referenced in the URL does not exist.
3528 79 An unspecified error occurred during the SSH session.
3530 80 Failed to shut down the SSL connection.
3532 82 Could not load CRL file, missing or wrong format (added in
3534 7.19.0).
3535 83 Issuer check failed (added in 7.19.0).
3537 84 The FTP PRET command failed
3539 85 RTSP: mismatch of CSeq numbers
3541 86 RTSP: mismatch of Session Identifiers
3543 87 unable to parse FTP file list
3545 88 FTP chunk callback reported error
3547 89 No connection available, the session will be queued
3549 90 SSL public key does not matched pinned public key
3551 91 Invalid SSL certificate status.
3553 92 Stream error in HTTP/2 framing layer.
3555 XX More error codes will appear here in future releases. The exist‐
3557 ing ones are meant to never change.
3558
3560 Daniel Stenberg is the main author, but the whole list of contributors
3561 is found in the separate THANKS file.
3562
3564 https://curl.haxx.se
3565
3567 ftp(1), wget(1)
3568Curl 7.64.0 November 16, 2016 curl(1)