1curl(1)                           Curl Manual                          curl(1)
2
3
4

NAME

6       curl - transfer a URL
7

SYNOPSIS

9       curl [options / URLs]
10

DESCRIPTION

12       curl  is  a tool to transfer data from or to a server, using one of the
13       supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS,  IMAP,
14       IMAPS,  LDAP,  LDAPS,  MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP,
15       SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command  is  designed  to
16       work without user interaction.
17
18       curl offers a busload of useful tricks like proxy support, user authen‐
19       tication, FTP upload, HTTP post, SSL connections, cookies, file  trans‐
20       fer  resume,  Metalink,  and more. As you will see below, the number of
21       features will make your head spin!
22
23       curl is powered by  libcurl  for  all  transfer-related  features.  See
24       libcurl(3) for details.
25

URL

27       The  URL  syntax is protocol-dependent. You'll find a detailed descrip‐
28       tion in RFC 3986.
29
30       You can specify multiple URLs or parts of URLs  by  writing  part  sets
31       within braces and quoting the URL as in:
32
33         "http://site.{one,two,three}.com"
34
35       or you can get sequences of alphanumeric series by using [] as in:
36
37         "ftp://ftp.example.com/file[1-100].txt"
38
39         "ftp://ftp.example.com/file[001-100].txt"    (with leading zeros)
40
41         "ftp://ftp.example.com/file[a-z].txt"
42
43       Nested  sequences  are not supported, but you can use several ones next
44       to each other:
45
46         "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
47
48       You can specify any amount of URLs on the command line.  They  will  be
49       fetched  in a sequential manner in the specified order. You can specify
50       command line options and URLs mixed and in any  order  on  the  command
51       line.
52
53       You  can  specify a step counter for the ranges to get every Nth number
54       or letter:
55
56         "http://example.com/file[1-100:10].txt"
57
58         "http://example.com/file[a-z:2].txt"
59
60       When using [] or {} sequences when invoked from a command line  prompt,
61       you probably have to put the full URL within double quotes to avoid the
62       shell from interfering with it. This also  goes  for  other  characters
63       treated special, like for example '&', '?' and '*'.
64
65       Provide  the IPv6 zone index in the URL with an escaped percentage sign
66       and the interface name. Like in
67
68         "http://[fe80::3%25eth0]/"
69
70       If you specify URL without protocol:// prefix,  curl  will  attempt  to
71       guess  what  protocol  you might want. It will then default to HTTP but
72       try other protocols based on often-used host name prefixes.  For  exam‐
73       ple,  for  host names starting with "ftp." curl will assume you want to
74       speak FTP.
75
76       curl will do its best to use what you pass to it as a URL.  It  is  not
77       trying  to  validate it as a syntactically correct URL by any means but
78       is instead very liberal with what it accepts.
79
80       curl will attempt to re-use connections for multiple file transfers, so
81       that  getting many files from the same server will not do multiple con‐
82       nects / handshakes. This improves speed. Of course this is only done on
83       files  specified  on  a  single command line and cannot be used between
84       separate curl invokes.
85

OUTPUT

87       If not told otherwise, curl writes the received data to stdout. It  can
88       be  instructed  to  instead save that data into a local file, using the
89       -o, --output or -O, --remote-name options. If curl  is  given  multiple
90       URLs  to  transfer on the command line, it similarly needs multiple op‐
91       tions for where to save them.
92
93       curl does not parse or otherwise "understand" the content  it  gets  or
94       writes  as  output.  It does no encoding or decoding, unless explicitly
95       asked so with dedicated command line options.
96

PROTOCOLS

98       curl supports numerous protocols, or put in URL  terms:  schemes.  Your
99       particular build may not support them all.
100
101       DICT   Lets you lookup words using online dictionaries.
102
103       FILE   Read  or  write  local  files.  curl  does not support accessing
104              file:// URL remotely, but when running on Microsoft Windows  us‐
105              ing the native UNC approach will work.
106
107       FTP(S) curl  supports  the  File Transfer Protocol with a lot of tweaks
108              and levers. With or without using TLS.
109
110       GOPHER Retrieve files.
111
112       HTTP(S)
113              curl supports HTTP with numerous options and variations. It  can
114              speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op‐
115              tions and the correct command line options.
116
117       IMAP(S)
118              Using the mail reading protocol, curl can "download" emails  for
119              you. With or without using TLS.
120
121       LDAP(S)
122              curl can do directory lookups for you, with or without TLS.
123
124       MQTT   curl supports MQTT version 3. Downloading over MQTT equals "sub‐
125              scribe" to a topic while uploading/posting equals "publish" on a
126              topic.  MQTT  support  is experimental and TLS based MQTT is not
127              supported (yet).
128
129       POP3(S)
130              Downloading from a pop3 server means getting  a  mail.  With  or
131              without using TLS.
132
133       RTMP(S)
134              The  Realtime  Messaging  Protocol  is  primarily used to server
135              streaming media and curl can download it.
136
137       RTSP   curl supports RTSP 1.0 downloads.
138
139       SCP    curl supports SSH version 2 scp transfers.
140
141       SFTP   curl supports SFTP (draft 5) done over SSH version 2.
142
143       SMB(S) curl supports SMB version 1 for upload and download.
144
145       SMTP(S)
146              Uploading contents to an SMTP server  means  sending  an  email.
147              With or without TLS.
148
149       TELNET Telling curl to fetch a telnet URL starts an interactive session
150              where it sends what it reads  on  stdin  and  outputs  what  the
151              server sends it.
152
153       TFTP   curl can do TFTP downloads and uploads.
154

PROGRESS METER

156       curl  normally  displays a progress meter during operations, indicating
157       the amount of transferred data,  transfer  speeds  and  estimated  time
158       left,  etc.  The progress meter displays number of bytes and the speeds
159       are in bytes per second. The suffixes (k, M, G, T, P) are  1024  based.
160       For example 1k is 1024 bytes. 1M is 1048576 bytes.
161
162       curl  displays  this  data to the terminal by default, so if you invoke
163       curl to do an operation and it is about to write data to the  terminal,
164       it disables the progress meter as otherwise it would mess up the output
165       mixing progress meter and response data.
166
167       If you want a progress meter for HTTP POST or PUT requests, you need to
168       redirect  the  response output to a file, using shell redirect (>), -o,
169       --output or similar.
170
171       It is not the same case for FTP upload as that operation does not  spit
172       out any response data to the terminal.
173
174       If  you  prefer  a  progress  "bar"  instead  of the regular meter, -#,
175       --progress-bar is your friend. You can also disable the progress  meter
176       completely with the -s, --silent option.
177

OPTIONS

179       Options  start  with  one or two dashes. Many of the options require an
180       additional value next to them.
181
182       The short "single-dash" form of the options, -d  for  example,  may  be
183       used with or without a space between it and its value, although a space
184       is a recommended separator. The long "double-dash" form, -d, --data for
185       example, requires a space between it and its value.
186
187       Short version options that don't need any additional values can be used
188       immediately next to each other, like for example you  can  specify  all
189       the options -O, -L and -v at once as -OLv.
190
191       In general, all boolean options are enabled with --option and yet again
192       disabled with --no-option. That is, you use the exact same option  name
193       but prefix it with "no-". However, in this list we mostly only list and
194       show the --option version of them. (This concept with --no options  was
195       added  in  7.19.0.  Previously  most options were toggled on/off on re‐
196       peated use of the same command line option.)
197
198       --abstract-unix-socket <path>
199              (HTTP) Connect through an abstract Unix domain  socket,  instead
200              of  using  the  network.  Note: netstat shows the path of an ab‐
201              stract socket prefixed with '@',  however  the  <path>  argument
202              should not have this leading character.
203
204              Added in 7.53.0.
205
206       --alt-svc <file name>
207              (HTTPS) WARNING: this option is experimental. Do not use in pro‐
208              duction.
209
210              This option enables the alt-svc parser in curl. If the file name
211              points to an existing alt-svc cache file, that will be used. Af‐
212              ter a completed transfer, the cache will be saved  to  the  file
213              name again if it has been modified.
214
215              Specify a "" file name (zero length) to avoid loading/saving and
216              make curl just handle the cache in memory.
217
218              If this option is used several times, curl  will  load  contents
219              from all the files but the last one will be used for saving.
220
221              Added in 7.64.1.
222
223       --anyauth
224              (HTTP) Tells curl to figure out authentication method by itself,
225              and use the most secure one the remote site claims  to  support.
226              This is done by first doing a request and checking the response-
227              headers, thus possibly inducing  an  extra  network  round-trip.
228              This  is  used  instead  of  setting  a  specific authentication
229              method, which you can do with  --basic,  --digest,  --ntlm,  and
230              --negotiate.
231
232              Using --anyauth is not recommended if you do uploads from stdin,
233              since it may require data to be sent twice and then  the  client
234              must  be able to rewind. If the need should arise when uploading
235              from stdin, the upload operation will fail.
236
237              Used together with -u, --user.
238
239              See also --proxy-anyauth, --basic and --digest.
240
241       -a, --append
242              (FTP SFTP) When used in an upload, this makes curl append to the
243              target  file  instead  of  overwriting  it.  If  the remote file
244              doesn't exist, it will be created.  Note that this flag  is  ig‐
245              nored by some SFTP servers (including OpenSSH).
246
247       --aws-sigv4 <provider1[:provider2[:region[:service]]]>
248              Use AWS V4 signature authentication in the transfer.
249
250              The  provider argument is a string that is used by the algorithm
251              when creating outgoing authentication headers.
252
253              The region argument is a string that points to a geographic area
254              of  a resources collection (region-code) when the region name is
255              omitted from the endpoint.
256
257              The service argument is a string that points to a function  pro‐
258              vided by a cloud (service-code) when the service name is omitted
259              from the endpoint.
260
261              Added in 7.75.0.
262
263       --basic
264              (HTTP) Tells curl to use HTTP Basic authentication with the  re‐
265              mote host. This is the default and this option is usually point‐
266              less, unless you use it to override a previously set option that
267              sets  a  different  authentication method (such as --ntlm, --di‐
268              gest, or --negotiate).
269
270              Used together with -u, --user.
271
272              See also --proxy-basic.
273
274       --cacert <file>
275              (TLS) Tells curl to use the specified certificate file to verify
276              the  peer.  The  file  may contain multiple CA certificates. The
277              certificate(s) must be in PEM format. Normally curl is built  to
278              use a default file for this, so this option is typically used to
279              alter that default file.
280
281              curl recognizes the environment variable named  'CURL_CA_BUNDLE'
282              if  it  is  set,  and uses the given path as a path to a CA cert
283              bundle. This option overrides that variable.
284
285              The windows version of curl will automatically  look  for  a  CA
286              certs file named ´curl-ca-bundle.crt´, either in the same direc‐
287              tory as curl.exe, or in the Current Working Directory, or in any
288              folder along your PATH.
289
290              If  curl  is  built  against  the  NSS  SSL library, the NSS PEM
291              PKCS#11 module (libnsspem.so) needs to be available for this op‐
292              tion to work properly.
293
294              (iOS  and macOS only) If curl is built against Secure Transport,
295              then this option is supported for  backward  compatibility  with
296              other  SSL  engines,  but it should not be set. If the option is
297              not set, then curl will use the certificates in the  system  and
298              user  Keychain to verify the peer, which is the preferred method
299              of verifying the peer's certificate chain.
300
301              (Schannel only) This option is supported for Schannel in Windows
302              7  or later with libcurl 7.60 or later. This option is supported
303              for backward compatibility with other SSL engines; instead it is
304              recommended  to use Windows' store of root certificates (the de‐
305              fault for Schannel).
306
307              If this option is used several times, the last one will be used.
308
309       --capath <dir>
310              (TLS) Tells curl to use the specified certificate  directory  to
311              verify  the  peer.  Multiple paths can be provided by separating
312              them with ":" (e.g.  "path1:path2:path3"). The certificates must
313              be  in PEM format, and if curl is built against OpenSSL, the di‐
314              rectory must have been processed using the c_rehash utility sup‐
315              plied  with  OpenSSL.  Using  --capath can allow OpenSSL-powered
316              curl to make SSL-connections much more  efficiently  than  using
317              --cacert if the --cacert file contains many CA certificates.
318
319              If this option is set, the default capath value will be ignored,
320              and if it is used several times, the last one will be used.
321
322       --cert-status
323              (TLS) Tells curl to verify the status of the server  certificate
324              by using the Certificate Status Request (aka. OCSP stapling) TLS
325              extension.
326
327              If this option is enabled and the server sends an invalid  (e.g.
328              expired) response, if the response suggests that the server cer‐
329              tificate has been revoked, or no response at  all  is  received,
330              the verification fails.
331
332              This  is  currently  only implemented in the OpenSSL, GnuTLS and
333              NSS backends.
334
335              Added in 7.41.0.
336
337       --cert-type <type>
338              (TLS) Tells curl what type the provided  client  certificate  is
339              using. PEM, DER, ENG and P12 are recognized types.  If not spec‐
340              ified, PEM is assumed.
341
342              If this option is used several times, the last one will be used.
343
344              See also -E, --cert, --key and --key-type.
345
346       -E, --cert <certificate[:password]>
347              (TLS) Tells curl to use the specified  client  certificate  file
348              when getting a file with HTTPS, FTPS or another SSL-based proto‐
349              col. The certificate must be in PKCS#12 format if  using  Secure
350              Transport,  or PEM format if using any other engine.  If the op‐
351              tional password isn't specified, it will be queried for  on  the
352              terminal.  Note  that  this  option assumes a "certificate" file
353              that is the private key and the client certificate concatenated!
354              See -E, --cert and --key to specify them independently.
355
356              If  curl  is  built against the NSS SSL library then this option
357              can tell curl the nickname of the certificate to use within  the
358              NSS  database defined by the environment variable SSL_DIR (or by
359              default /etc/pki/nssdb). If the NSS  PEM  PKCS#11  module  (lib‐
360              nsspem.so)  is  available  then  PEM files may be loaded. If you
361              want to use a file from the current directory, please precede it
362              with  "./"  prefix, in order to avoid confusion with a nickname.
363              If the nickname contains ":", it needs to be preceded by "\"  so
364              that  it  is not recognized as password delimiter.  If the nick‐
365              name contains "\", it needs to be escaped as "\\" so that it  is
366              not recognized as an escape character.
367
368              If  curl is built against OpenSSL library, and the engine pkcs11
369              is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
370              ify  a  certificate located in a PKCS#11 device. A string begin‐
371              ning with "pkcs11:" will be interpreted as a PKCS#11 URI.  If  a
372              PKCS#11 URI is provided, then the --engine option will be set as
373              "pkcs11" if none was provided and the --cert-type option will be
374              set as "ENG" if none was provided.
375
376              (iOS  and macOS only) If curl is built against Secure Transport,
377              then the certificate string can either be the name of a certifi‐
378              cate/private  key in the system or user keychain, or the path to
379              a PKCS#12-encoded certificate and private key. If  you  want  to
380              use  a  file  from the current directory, please precede it with
381              "./" prefix, in order to avoid confusion with a nickname.
382
383              (Schannel only) Client certificates must be specified by a  path
384              expression  to  a  certificate  store.  (Loading PFX is not sup‐
385              ported; you can import it to a store first). You can use "<store
386              location>\<store  name>\<thumbprint>"  to refer to a certificate
387              in  the  system  certificates  store,  for   example,   "Curren‐
388              tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a".   Thumbprint
389              is usually a SHA-1 hex string which you can see  in  certificate
390              details.  Following  store locations are supported: CurrentUser,
391              LocalMachine, CurrentService, Services,  CurrentUserGroupPolicy,
392              LocalMachineGroupPolicy, LocalMachineEnterprise.
393
394              If this option is used several times, the last one will be used.
395
396              See also --cert-type, --key and --key-type.
397
398       --ciphers <list of ciphers>
399              (TLS) Specifies which ciphers to use in the connection. The list
400              of ciphers must specify valid ciphers. Read  up  on  SSL  cipher
401              list details on this URL:
402
403               https://curl.se/docs/ssl-ciphers.html
404
405              If this option is used several times, the last one will be used.
406
407       --compressed-ssh
408              (SCP SFTP) Enables built-in SSH compression.  This is a request,
409              not an order; the server may or may not do it.
410
411              Added in 7.56.0.
412
413       --compressed
414              (HTTP) Request a compressed response using one of the algorithms
415              curl supports, and automatically decompress the content. Headers
416              are not modified.
417
418              If this option is used and the server sends an  unsupported  en‐
419              coding, curl will report an error.
420
421       -K, --config <file>
422
423              Specify  a  text  file  to read curl arguments from. The command
424              line arguments found in the text file will be used  as  if  they
425              were provided on the command line.
426
427              Options  and their parameters must be specified on the same line
428              in the file, separated by whitespace, colon, or the equals sign.
429              Long  option  names  can  optionally be given in the config file
430              without the initial double dashes and if so, the colon or equals
431              characters can be used as separators. If the option is specified
432              with one or two dashes, there can be no colon or equals  charac‐
433              ter between the option and its parameter.
434
435              If  the  parameter  contains whitespace (or starts with : or =),
436              the parameter must be  enclosed  within  quotes.  Within  double
437              quotes,  the  following  escape sequences are available: \\, \",
438              \t, \n, \r and \v. A backslash preceding any other letter is ig‐
439              nored.  If the first column of a config line is a '#' character,
440              the rest of the line will be treated as a  comment.  Only  write
441              one option per physical line in the config file.
442
443              Specify  the  filename  to -K, --config as '-' to make curl read
444              the file from stdin.
445
446              Note that to be able to specify a URL in the  config  file,  you
447              need  to  specify  it  using the --url option, and not by simply
448              writing the URL on its own line. So, it could  look  similar  to
449              this:
450
451              url = "https://curl.se/docs/"
452
453              When  curl  is invoked, it (unless -q, --disable is used) checks
454              for a default config file and uses it if found. The default con‐
455              fig file is checked for in the following places in this order:
456
457              1) Use the CURL_HOME environment variable if set
458
459              2) Use the XDG_CONFIG_HOME environment variable if set (Added in
460              7.73.0)
461
462              3) Use the HOME environment variable if set
463
464              4) Non-windows: use getpwuid to find the home directory
465
466              5) Windows: use APPDATA if set
467
468              6) Windows: use "USERPROFILE0lication Data" if set
469
470              7) On windows, if there is no .curlrc file in the home  dir,  it
471              checks for one in the same dir the curl executable is placed. On
472              Unix-like systems, it will simply try to load .curlrc  from  the
473              determined home dir.
474
475              # --- Example file ---
476              # this is a comment
477              url = "example.com"
478              output = "curlhere.html"
479              user-agent = "superagent/1.0"
480
481              # and fetch another URL too
482              url = "example.com/docs/manpage.html"
483              -O
484              referer = "http://nowhereatall.example.com/"
485              # --- End of example file ---
486
487              This  option  can be used multiple times to load multiple config
488              files.
489
490       --connect-timeout <seconds>
491              Maximum time in seconds that  you  allow  curl's  connection  to
492              take.   This  only  limits the connection phase, so if curl con‐
493              nects within the given period it will continue - if not it  will
494              exit.  Since version 7.32.0, this option accepts decimal values.
495
496              If this option is used several times, the last one will be used.
497
498              See also -m, --max-time.
499
500       --connect-to <HOST1:PORT1:HOST2:PORT2>
501
502              For  a  request  to  the  given  HOST1:PORT1  pair,  connect  to
503              HOST2:PORT2 instead.  This option is suitable to direct requests
504              at a specific server, e.g. at a specific cluster node in a clus‐
505              ter of servers. This option is only used to establish  the  net‐
506              work  connection.  It  does NOT affect the hostname/port that is
507              used for TLS/SSL (e.g. SNI, certificate verification) or for the
508              application  protocols.  "HOST1"  and  "PORT1"  may be the empty
509              string, meaning "any host/port". "HOST2" and "PORT2" may also be
510              the   empty   string,   meaning   "use  the  request's  original
511              host/port".
512
513              A "host" specified to this option is compared as a string, so it
514              needs  to  match  the name used in request URL. It can be either
515              numerical such as "127.0.0.1" or the full host name such as "ex‐
516              ample.org".
517
518              This option can be used many times to add many connect rules.
519
520              See also --resolve and -H, --header. Added in 7.49.0.
521
522       -C, --continue-at <offset>
523              Continue/Resume  a  previous  file transfer at the given offset.
524              The given offset is the exact  number  of  bytes  that  will  be
525              skipped,  counting  from the beginning of the source file before
526              it is transferred to the destination.  If used with uploads, the
527              FTP server command SIZE will not be used by curl.
528
529              Use  "-C  -" to tell curl to automatically find out where/how to
530              resume the transfer. It then uses the given  output/input  files
531              to figure that out.
532
533              If this option is used several times, the last one will be used.
534
535              See also -r, --range.
536
537       -c, --cookie-jar <filename>
538              (HTTP)  Specify to which file you want curl to write all cookies
539              after a completed operation. Curl writes all  cookies  from  its
540              in-memory  cookie storage to the given file at the end of opera‐
541              tions. If no cookies are known, no data  will  be  written.  The
542              file  will  be written using the Netscape cookie file format. If
543              you set the file name to a single dash, "-", the cookies will be
544              written to stdout.
545
546              This  command  line  option will activate the cookie engine that
547              makes curl record and use cookies. Another way to activate it is
548              to use the -b, --cookie option.
549
550              If the cookie jar can't be created or written to, the whole curl
551              operation won't fail or even report an error clearly. Using  -v,
552              --verbose  will  get  a  warning displayed, but that is the only
553              visible feedback you get about this possibly lethal situation.
554
555              If this option is used several times, the  last  specified  file
556              name will be used.
557
558       -b, --cookie <data|filename>
559              (HTTP) Pass the data to the HTTP server in the Cookie header. It
560              is supposedly the data previously received from the server in  a
561              "Set-Cookie:"   line.    The   data  should  be  in  the  format
562              "NAME1=VALUE1; NAME2=VALUE2".
563
564              If no '=' symbol is used in the argument, it is instead  treated
565              as a filename to read previously stored cookie from. This option
566              also activates the cookie engine which will make curl record in‐
567              coming  cookies, which may be handy if you're using this in com‐
568              bination with the -L,  --location  option  or  do  multiple  URL
569              transfers  on the same invoke. If the file name is exactly a mi‐
570              nus ("-"), curl will instead read the contents from stdin.
571
572              The file format of the file to read cookies from should be plain
573              HTTP  headers  (Set-Cookie style) or the Netscape/Mozilla cookie
574              file format.
575
576              The file specified with -b, --cookie is only used as  input.  No
577              cookies  will  be written to the file. To store cookies, use the
578              -c, --cookie-jar option.
579
580              Exercise caution if you  are  using  this  option  and  multiple
581              transfers may occur.  If you use the NAME1=VALUE1; format, or in
582              a file use the Set-Cookie format and  don't  specify  a  domain,
583              then the cookie is sent for any domain (even after redirects are
584              followed) and cannot be modified by a server-set cookie. If  the
585              cookie  engine is enabled and a server sets a cookie of the same
586              name then both will be sent on a future transfer to that server,
587              likely not what you intended.  To address these issues set a do‐
588              main in Set-Cookie (doing that will include sub domains) or  use
589              the Netscape format.
590
591              This option can be used multiple times.
592
593              Users very often want to both read cookies from a file and write
594              updated cookies back to a file, so using both -b,  --cookie  and
595              -c, --cookie-jar in the same command line is common.
596
597       --create-dirs
598              When used in conjunction with the -o, --output option, curl will
599              create the necessary local directory hierarchy as  needed.  This
600              option  creates the dirs mentioned with the -o, --output option,
601              nothing else. If the --output file name uses no dir  or  if  the
602              dirs it mentions already exist, no dir will be created.
603
604              Created dirs are made with mode 0750 on unix style file systems.
605
606              To  create remote directories when using FTP or SFTP, try --ftp-
607              create-dirs.
608
609       --create-file-mode <mode>
610              (SFTP SCP FILE) When curl is used to create files remotely using
611              one  of  the supported protocols, this option allows the user to
612              set which 'mode' to set on the file at creation time, instead of
613              the default 0644.
614
615              This option takes an octal number as argument.
616
617              See also --ftp-create-dirs. Added in 7.75.0.
618
619       --crlf (FTP  SMTP)  Convert  LF  to  CRLF  in  upload.  Useful  for MVS
620              (OS/390).
621
622              (SMTP added in 7.40.0)
623
624       --crlfile <file>
625              (TLS) Provide a file using PEM format with a Certificate Revoca‐
626              tion List that may specify peer certificates that are to be con‐
627              sidered revoked.
628
629              If this option is used several times, the last one will be used.
630
631              Added in 7.19.7.
632
633       --curves <algorithm list>
634              (TLS) Tells curl to request specific curves to  use  during  SSL
635              session  establishment according to RFC 8422, 5.1.  Multiple al‐
636              gorithms can be provided  by  separating  them  with  ":"  (e.g.
637              "X25519:P-521").   The parameter is available identically in the
638              "openssl s_client/s_server" utilities.
639
640              --curves allows a OpenSSL powered curl to  make  SSL-connections
641              with  exactly  the  (EC) curve requested by the client, avoiding
642              intransparent client/server negotiations.
643
644              If this option is  set,  the  default  curves  list  built  into
645              openssl will be ignored.
646
647              Added in 7.73.0.
648
649       --data-ascii <data>
650              (HTTP) This is just an alias for -d, --data.
651
652       --data-binary <data>
653              (HTTP)  This  posts data exactly as specified with no extra pro‐
654              cessing whatsoever.
655
656              If you start the data with the letter @, the rest  should  be  a
657              filename.   Data  is  posted  in  a similar manner as -d, --data
658              does, except that newlines and carriage  returns  are  preserved
659              and conversions are never done.
660
661              Like  -d,  --data the default content-type sent to the server is
662              application/x-www-form-urlencoded. If you want the  data  to  be
663              treated as arbitrary binary data by the server then set the con‐
664              tent-type to octet-stream: -H "Content-Type:  application/octet-
665              stream".
666
667              If  this  option  is  used several times, the ones following the
668              first will append data as described in -d, --data.
669
670       --data-raw <data>
671              (HTTP) This posts data similarly to -d, --data but  without  the
672              special interpretation of the @ character.
673
674              See also -d, --data. Added in 7.43.0.
675
676       --data-urlencode <data>
677              (HTTP)  This posts data, similar to the other -d, --data options
678              with the exception that this performs URL-encoding.
679
680              To be CGI-compliant, the <data> part should begin  with  a  name
681              followed  by a separator and a content specification. The <data>
682              part can be passed to curl using one of the following syntaxes:
683
684              content
685                     This will make curl URL-encode the content and pass  that
686                     on.  Just  be careful so that the content doesn't contain
687                     any = or @ symbols, as that will  then  make  the  syntax
688                     match one of the other cases below!
689
690              =content
691                     This  will make curl URL-encode the content and pass that
692                     on. The preceding = symbol is not included in the data.
693
694              name=content
695                     This will make curl URL-encode the content part and  pass
696                     that  on.  Note that the name part is expected to be URL-
697                     encoded already.
698
699              @filename
700                     This will make curl load data from the  given  file  (in‐
701                     cluding  any  newlines), URL-encode that data and pass it
702                     on in the POST.
703
704              name@filename
705                     This will make curl load data from the  given  file  (in‐
706                     cluding  any  newlines), URL-encode that data and pass it
707                     on in the POST. The name part  gets  an  equal  sign  ap‐
708                     pended,  resulting  in name=urlencoded-file-content. Note
709                     that the name is expected to be URL-encoded already.
710
711       See also -d, --data and --data-raw. Added in 7.18.0.
712
713       -d, --data <data>
714              (HTTP MQTT) Sends the specified data in a POST  request  to  the
715              HTTP server, in the same way that a browser does when a user has
716              filled in an HTML form and presses the submit button. This  will
717              cause curl to pass the data to the server using the content-type
718              application/x-www-form-urlencoded.  Compare to -F, --form.
719
720              --data-raw is almost the same but does not have a special inter‐
721              pretation  of  the  @ character. To post data purely binary, you
722              should instead use the --data-binary option.  To URL-encode  the
723              value of a form field you may use --data-urlencode.
724
725              If  any of these options is used more than once on the same com‐
726              mand line, the data pieces specified  will  be  merged  together
727              with  a  separating  &-symbol.  Thus,  using  '-d name=daniel -d
728              skill=lousy'  would  generate  a  post  chunk  that  looks  like
729              'name=daniel&skill=lousy'.
730
731              If  you  start  the data with the letter @, the rest should be a
732              file name to read the data from, or - if you want curl  to  read
733              the  data  from  stdin.  Posting data from a file named 'foobar'
734              would thus be done with -d, --data @foobar. When -d,  --data  is
735              told  to  read  from a file like that, carriage returns and new‐
736              lines will be stripped out. If you don't want the @ character to
737              have a special interpretation use --data-raw instead.
738
739              See  also  --data-binary,  --data-urlencode and --data-raw. This
740              option overrides -F, --form and -I,  --head  and  -T,  --upload-
741              file.
742
743       --delegation <LEVEL>
744              (GSS/kerberos)  Set  LEVEL to tell the server what it is allowed
745              to delegate when it comes to user credentials.
746
747              none   Don't allow any delegation.
748
749              policy Delegates if and only if the OK-AS-DELEGATE flag  is  set
750                     in  the  Kerberos  service  ticket,  which is a matter of
751                     realm policy.
752
753              always Unconditionally allow the server to delegate.
754
755       --digest
756              (HTTP) Enables HTTP Digest authentication. This is an  authenti‐
757              cation  scheme  that  prevents the password from being sent over
758              the wire in clear text. Use this in combination with the  normal
759              -u, --user option to set user name and password.
760
761              If  this  option  is  used  several times, only the first one is
762              used.
763
764              See also -u, --user, --proxy-digest and --anyauth.  This  option
765              overrides --basic and --ntlm and --negotiate.
766
767       --disable-eprt
768              (FTP) Tell curl to disable the use of the EPRT and LPRT commands
769              when doing active FTP transfers. Curl will normally always first
770              attempt  to use EPRT, then LPRT before using PORT, but with this
771              option, it will use PORT right away. EPRT and  LPRT  are  exten‐
772              sions  to  the  original  FTP  protocol, and may not work on all
773              servers, but they enable more functionality in a better way than
774              the traditional PORT command.
775
776              --eprt can be used to explicitly enable EPRT again and --no-eprt
777              is an alias for --disable-eprt.
778
779              If the server is accessed using IPv6, this option will  have  no
780              effect as EPRT is necessary then.
781
782              Disabling  EPRT only changes the active behavior. If you want to
783              switch to passive mode you need to not  use  -P,  --ftp-port  or
784              force it with --ftp-pasv.
785
786       --disable-epsv
787              (FTP)  (FTP)  Tell  curl  to disable the use of the EPSV command
788              when doing passive FTP  transfers.  Curl  will  normally  always
789              first  attempt to use EPSV before PASV, but with this option, it
790              will not try using EPSV.
791
792              --epsv can be used to explicitly enable EPSV again and --no-epsv
793              is an alias for --disable-epsv.
794
795              If  the  server is an IPv6 host, this option will have no effect
796              as EPSV is necessary then.
797
798              Disabling EPSV only changes the passive behavior. If you want to
799              switch to active mode you need to use -P, --ftp-port.
800
801       -q, --disable
802              If  used  as the first parameter on the command line, the curlrc
803              config file will not be read and used. See the -K, --config  for
804              details on the default config file search path.
805
806       --disallow-username-in-url
807              (HTTP)  This  tells  curl  to  exit if passed a url containing a
808              username.
809
810              See also --proto. Added in 7.61.0.
811
812       --dns-interface <interface>
813              (DNS) Tell curl to send outgoing DNS  requests  through  <inter‐
814              face>.  This  option is a counterpart to --interface (which does
815              not affect DNS). The supplied string must be an  interface  name
816              (not an address).
817
818              See  also  --dns-ipv4-addr  and --dns-ipv6-addr. --dns-interface
819              requires that the underlying libcurl was  built  to  support  c-
820              ares. Added in 7.33.0.
821
822       --dns-ipv4-addr <address>
823              (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS re‐
824              quests, so that the DNS requests originate  from  this  address.
825              The argument should be a single IPv4 address.
826
827              See  also  --dns-interface  and --dns-ipv6-addr. --dns-ipv4-addr
828              requires that the underlying libcurl was  built  to  support  c-
829              ares. Added in 7.33.0.
830
831       --dns-ipv6-addr <address>
832              (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS re‐
833              quests, so that the DNS requests originate  from  this  address.
834              The argument should be a single IPv6 address.
835
836              See  also  --dns-interface  and --dns-ipv4-addr. --dns-ipv6-addr
837              requires that the underlying libcurl was  built  to  support  c-
838              ares. Added in 7.33.0.
839
840       --dns-servers <addresses>
841              Set the list of DNS servers to be used instead of the system de‐
842              fault.  The list of IP addresses should be separated  with  com‐
843              mas. Port numbers may also optionally be given as :<port-number>
844              after each IP address.
845
846              --dns-servers requires that the underlying libcurl was built  to
847              support c-ares. Added in 7.33.0.
848
849       --doh-cert-status
850              (all) Same as --cert-status but used for DOH (DNS-over-HTTPS).
851
852              Added in 7.76.0.
853
854       --doh-insecure
855              (all) Same as -k, --insecure but used for DOH (DNS-over-HTTPS).
856
857              Added in 7.76.0.
858
859       --doh-url <URL>
860              (all)  Specifies which DNS-over-HTTPS (DOH) server to use to re‐
861              solve hostnames, instead of  using  the  default  name  resolver
862              mechanism. The URL must be HTTPS.
863
864              Some  SSL  options  that you set for your transfer will apply to
865              DOH since the name lookups take place  over  SSL.  However,  the
866              certificate  verification  settings are not inherited and can be
867              controlled separately via --doh-insecure and --doh-cert-status.
868
869              If this option is used several times, the last one will be used.
870
871              Added in 7.62.0.
872
873       -D, --dump-header <filename>
874              (HTTP FTP) Write the received protocol headers to the  specified
875              file.
876
877              This  option  is handy to use when you want to store the headers
878              that an HTTP site sends to you. Cookies from the  headers  could
879              then  be  read  in  a  second  curl  invocation by using the -b,
880              --cookie option! The -c, --cookie-jar option is a better way  to
881              store cookies.
882
883              If  no  headers are received, the use of this option will create
884              an empty file.
885
886              When used in FTP, the FTP server response lines  are  considered
887              being "headers" and thus are saved there.
888
889              If this option is used several times, the last one will be used.
890
891              See also -o, --output.
892
893       --egd-file <file>
894              (TLS)  Specify  the  path  name  to the Entropy Gathering Daemon
895              socket. The socket is used to seed the  random  engine  for  SSL
896              connections.
897
898              See also --random-file.
899
900       --engine <name>
901              (TLS)  Select the OpenSSL crypto engine to use for cipher opera‐
902              tions. Use --engine list to print a list of build-time supported
903              engines.  Note  that  not  all  (or  none) of the engines may be
904              available at run-time.
905
906       --etag-compare <file>
907              (HTTP) This option makes a conditional HTTP request for the spe‐
908              cific ETag read from the given file by sending a custom If-None-
909              Match header using the extracted ETag.
910
911              For correct results, make sure that specified file contains only
912              a single line with a desired ETag. An empty file is parsed as an
913              empty ETag.
914
915              Use the option --etag-save to first save the  ETag  from  a  re‐
916              sponse, and then use this option to compare using the saved ETag
917              in a subsequent request.
918
919              COMPARISON: There are 2 types of comparison or ETags:  Weak  and
920              Strong.  This option expects, and uses a strong comparison.
921
922              Added in 7.68.0.
923
924       --etag-save <file>
925              (HTTP)  This  option  saves  an HTTP ETag to the specified file.
926              Etag is usually part of headers  returned  by  a  request.  When
927              server  sends  an  ETag, it must be enveloped by a double quote.
928              This option extracts the ETag  without  the  double  quotes  and
929              saves it into the <file>.
930
931              A  server  can  send a weak ETag which is prefixed by "W/". This
932              identifier is not considered, and  only  relevant  ETag  between
933              quotation marks is parsed.
934
935              It  an ETag wasn't sent by the server or it cannot be parsed, an
936              empty file is created.
937
938              Added in 7.68.0.
939
940       --expect100-timeout <seconds>
941              (HTTP) Maximum time in seconds that you allow curl to wait for a
942              100-continue  response  when curl emits an Expects: 100-continue
943              header in its request. By default curl  will  wait  one  second.
944              This  option accepts decimal values! When curl stops waiting, it
945              will continue as if the response has been received.
946
947              See also --connect-timeout. Added in 7.47.0.
948
949       --fail-early
950              Fail and exit on the first detected transfer error.
951
952              When curl is used to do multiple transfers on the command  line,
953              it will attempt to operate on each given URL, one by one. By de‐
954              fault, it will ignore errors if there are more  URLs  given  and
955              the  last  URL's  success will determine the error code curl re‐
956              turns. So early failures will be "hidden" by subsequent success‐
957              ful transfers.
958
959              Using  this  option,  curl  will  instead return an error on the
960              first transfer that fails, independent of  the  amount  of  URLs
961              that  are given on the command line. This way, no transfer fail‐
962              ures go undetected by scripts and similar.
963
964              This option is global and does not need to be specified for each
965              use of -:, --next.
966
967              This option does not imply -f, --fail, which causes transfers to
968              fail due to the server's HTTP status code. You can  combine  the
969              two options, however note -f, --fail is not global and is there‐
970              fore contained by -:, --next.
971
972              Added in 7.52.0.
973
974       --fail-with-body
975              (HTTP) Return an error on server errors where the HTTP  response
976              code  is  400  or  greater). In normal cases when an HTTP server
977              fails to deliver a document, it returns an HTML document stating
978              so  (which  often  also  describes why and more). This flag will
979              still allow curl to outputting and save that content but also to
980              return error 22.
981
982              This  is  an  alternative  option to -f, --fail which makes curl
983              fail for the same circumstances but without saving the content.
984
985              See also -f, --fail. Added in 7.76.0.
986
987       -f, --fail
988              (HTTP) Fail silently (no output at all) on server  errors.  This
989              is  mostly done to enable scripts etc to better deal with failed
990              attempts. In normal cases when an HTTP server fails to deliver a
991              document,  it  returns  an HTML document stating so (which often
992              also describes why and more). This flag will prevent  curl  from
993              outputting that and return error 22.
994
995              This  method is not fail-safe and there are occasions where non-
996              successful response codes will slip through, especially when au‐
997              thentication is involved (response codes 401 and 407).
998
999              See also --fail-with-body.
1000
1001       --false-start
1002              (TLS)  Tells  curl  to use false start during the TLS handshake.
1003              False start is a mode where a TLS client will start sending  ap‐
1004              plication  data  before verifying the server's Finished message,
1005              thus saving a round trip when performing a full handshake.
1006
1007              This is currently only implemented in the NSS and Secure  Trans‐
1008              port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
1009
1010              Added in 7.42.0.
1011
1012       --form-string <name=string>
1013              (HTTP  SMTP  IMAP)  Similar  to -F, --form except that the value
1014              string for the named parameter is used  literally.  Leading  '@'
1015              and '<' characters, and the ';type=' string in the value have no
1016              special meaning. Use this in preference to -F, --form if there's
1017              any  possibility  that the string value may accidentally trigger
1018              the '@' or '<' features of -F, --form.
1019
1020              See also -F, --form.
1021
1022       -F, --form <name=content>
1023              (HTTP SMTP IMAP) For HTTP protocol family, this lets  curl  emu‐
1024              late  a  filled-in  form  in which a user has pressed the submit
1025              button. This causes curl to POST  data  using  the  Content-Type
1026              multipart/form-data according to RFC 2388.
1027
1028              For  SMTP and IMAP protocols, this is the mean to compose a mul‐
1029              tipart mail message to transmit.
1030
1031              This enables uploading of binary files etc. To force  the  'con‐
1032              tent' part to be a file, prefix the file name with an @ sign. To
1033              just get the content part from a file, prefix the file name with
1034              the  symbol  <.  The  difference  between @ and < is then that @
1035              makes a file get attached in the post as a  file  upload,  while
1036              the < makes a text field and just get the contents for that text
1037              field from a file.
1038
1039              Tell curl to read content from stdin instead of a file by  using
1040              - as filename. This goes for both @ and < constructs. When stdin
1041              is used, the contents is buffered in memory first by curl to de‐
1042              termine its size and allow a possible resend.  Defining a part's
1043              data from a named non-regular file (such as a named pipe or sim‐
1044              ilar)  is unfortunately not subject to buffering and will be ef‐
1045              fectively read at transmission time; since the full size is  un‐
1046              known before the transfer starts, such data is sent as chunks by
1047              HTTP and rejected by IMAP.
1048
1049              Example: send an image to an HTTP server, where 'profile' is the
1050              name  of  the  form-field to which the file portrait.jpg will be
1051              the input:
1052
1053               curl -F profile=@portrait.jpg https://example.com/upload.cgi
1054
1055              Example: send your name and shoe size in two text fields to  the
1056              server:
1057
1058               curl -F name=John -F shoesize=11 https://example.com/
1059
1060              Example:  send your essay in a text field to the server. Send it
1061              as a plain text field, but get the contents for it from a  local
1062              file:
1063
1064               curl -F "story=<hugefile.txt" https://example.com/
1065
1066              You  can  also  tell  curl  what  Content-Type  to  use by using
1067              'type=', in a manner similar to:
1068
1069               curl -F "web=@index.html;type=text/html" example.com
1070
1071              or
1072
1073               curl -F "name=daniel;type=text/foo" example.com
1074
1075              You can also explicitly change the name field of a  file  upload
1076              part by setting filename=, like this:
1077
1078               curl -F "file=@localfile;filename=nameinpost" example.com
1079
1080              If  filename/path contains ',' or ';', it must be quoted by dou‐
1081              ble-quotes like:
1082
1083               curl  -F  "file=@\"localfile\";filename=\"nameinpost\""   exam‐
1084              ple.com
1085
1086              or
1087
1088               curl -F 'file=@"localfile";filename="nameinpost"' example.com
1089
1090              Note  that  if  a  filename/path is quoted by double-quotes, any
1091              double-quote or backslash within the filename must be escaped by
1092              backslash.
1093
1094              Quoting  must  also  be  applied to non-file data if it contains
1095              semicolons, leading/trailing spaces or leading double quotes:
1096
1097               curl -F  'colors="red;  green;  blue";type=text/x-myapp'  exam‐
1098              ple.com
1099
1100              You  can  add  custom  headers to the field by setting headers=,
1101              like
1102
1103                curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
1104
1105              or
1106
1107                curl -F "submit=OK;headers=@headerfile" example.com
1108
1109              The headers= keyword may appear more that once and  above  notes
1110              about  quoting  apply.  When headers are read from a file, Empty
1111              lines and lines starting with '#' are comments and ignored; each
1112              header can be folded by splitting between two words and starting
1113              the continuation line with a  space;  embedded  carriage-returns
1114              and  trailing  spaces  are  stripped.   Here  is an example of a
1115              header file contents:
1116
1117                # This file contain two headers.
1118                X-header-1: this is a header
1119
1120                # The following header is folded.
1121                X-header-2: this is
1122                 another header
1123
1124
1125              To support sending multipart mail messages, the  syntax  is  ex‐
1126              tended as follows:
1127              -  name can be omitted: the equal sign is the first character of
1128              the argument,
1129              - if data starts with '(', this signals to start  a  new  multi‐
1130              part: it can be followed by a content type specification.
1131              - a multipart can be terminated with a '=)' argument.
1132
1133              Example:  the  following  command sends an SMTP mime e-mail con‐
1134              sisting in an inline part in two alternative formats: plain text
1135              and HTML. It attaches a text file:
1136
1137               curl -F '=(;type=multipart/alternative' \
1138                       -F '=plain text message' \
1139                       -F '= <body>HTML message</body>;type=text/html' \
1140                    -F '=)' -F '=@textfile.txt' ...  smtp://example.com
1141
1142              Data  can  be encoded for transfer using encoder=. Available en‐
1143              codings are binary and 8bit that do nothing else than adding the
1144              corresponding  Content-Transfer-Encoding  header, 7bit that only
1145              rejects 8-bit characters with a transfer error, quoted-printable
1146              and  base64  that  encodes  data  according to the corresponding
1147              schemes, limiting lines length to 76 characters.
1148
1149              Example: send multipart mail with a quoted-printable  text  mes‐
1150              sage and a base64 attached file:
1151
1152               curl -F '=text message;encoder=quoted-printable' \
1153                    -F '=@localfile;encoder=base64' ... smtp://example.com
1154
1155              See further examples and details in the MANUAL.
1156
1157              This option can be used multiple times.
1158
1159              This  option  overrides  -d, --data and -I, --head and -T, --up‐
1160              load-file.
1161
1162       --ftp-account <data>
1163              (FTP) When an FTP server asks for "account data" after user name
1164              and  password has been provided, this data is sent off using the
1165              ACCT command.
1166
1167              If this option is used several times, the last one will be used.
1168
1169              Added in 7.13.0.
1170
1171       --ftp-alternative-to-user <command>
1172              (FTP) If authenticating with the USER and PASS  commands  fails,
1173              send  this  command.   When  connecting  to  Tumbleweed's Secure
1174              Transport server over FTPS using  a  client  certificate,  using
1175              "SITE  AUTH"  will tell the server to retrieve the username from
1176              the certificate.
1177
1178              Added in 7.15.5.
1179
1180       --ftp-create-dirs
1181              (FTP SFTP) When an FTP or SFTP URL/operation uses  a  path  that
1182              doesn't  currently exist on the server, the standard behavior of
1183              curl is to fail. Using this option, curl will instead attempt to
1184              create missing directories.
1185
1186              See also --create-dirs.
1187
1188       --ftp-method <method>
1189              (FTP)  Control what method curl should use to reach a file on an
1190              FTP(S) server. The method argument should be one of the  follow‐
1191              ing alternatives:
1192
1193              multicwd
1194                     curl  does  a  single CWD operation for each path part in
1195                     the given URL. For deep hierarchies this means very  many
1196                     commands.  This  is  how RFC 1738 says it should be done.
1197                     This is the default but the slowest behavior.
1198
1199              nocwd  curl does no CWD at all. curl will do  SIZE,  RETR,  STOR
1200                     etc and give a full path to the server for all these com‐
1201                     mands. This is the fastest behavior.
1202
1203              singlecwd
1204                     curl does one CWD with the full target directory and then
1205                     operates  on  the  file  "normally" (like in the multicwd
1206                     case). This is somewhat  more  standards  compliant  than
1207                     'nocwd' but without the full penalty of 'multicwd'.
1208
1209       Added in 7.15.1.
1210
1211       --ftp-pasv
1212              (FTP)  Use  passive mode for the data connection. Passive is the
1213              internal default behavior, but using this option can be used  to
1214              override a previous -P, --ftp-port option.
1215
1216              If  this  option  is  used  several times, only the first one is
1217              used. Undoing an enforced passive really isn't  doable  but  you
1218              must then instead enforce the correct -P, --ftp-port again.
1219
1220              Passive mode means that curl will try the EPSV command first and
1221              then PASV, unless --disable-epsv is used.
1222
1223              See also --disable-epsv. Added in 7.11.0.
1224
1225       -P, --ftp-port <address>
1226              (FTP) Reverses the default initiator/listener  roles  when  con‐
1227              necting  with  FTP. This option makes curl use active mode. curl
1228              then tells the server to connect back to the client's  specified
1229              address and port, while passive mode asks the server to setup an
1230              IP address and port for it to connect to.  <address>  should  be
1231              one of:
1232
1233              interface
1234                     e.g.  "eth0"  to specify which interface's IP address you
1235                     want to use (Unix only)
1236
1237              IP address
1238                     e.g. "192.168.10.1" to specify the exact IP address
1239
1240              host name
1241                     e.g. "my.host.domain" to specify the machine
1242
1243              -      make curl pick the same IP address that is  already  used
1244                     for the control connection
1245
1246       If  this  option is used several times, the last one will be used. Dis‐
1247       able the use of PORT with --ftp-pasv. Disable the attempt  to  use  the
1248       EPRT  command  instead  of PORT by using --disable-eprt. EPRT is really
1249       PORT++.
1250
1251       Since 7.19.5, you can append ":[start]-[end]" to the right of  the  ad‐
1252       dress,  to tell curl what TCP port range to use. That means you specify
1253       a port range, from a lower to a higher number. A single number works as
1254       well,  but do note that it increases the risk of failure since the port
1255       may not be available.
1256
1257       See also --ftp-pasv and --disable-eprt.
1258
1259       --ftp-pret
1260              (FTP) Tell curl to send a PRET command before PASV  (and  EPSV).
1261              Certain  FTP  servers,  mainly drftpd, require this non-standard
1262              command for directory listings as well as up  and  downloads  in
1263              PASV mode.
1264
1265              Added in 7.20.0.
1266
1267       --ftp-skip-pasv-ip
1268              (FTP) Tell curl to not use the IP address the server suggests in
1269              its response to curl's PASV command when curl connects the  data
1270              connection.  Instead curl will re-use the same IP address it al‐
1271              ready uses for the control connection.
1272
1273              Since curl 7.74.0 this option is enabled by default.
1274
1275              This option has no effect if PORT, EPRT or EPSV is used  instead
1276              of PASV.
1277
1278              See also --ftp-pasv. Added in 7.14.2.
1279
1280       --ftp-ssl-ccc-mode <active/passive>
1281              (FTP)  Sets the CCC mode. The passive mode will not initiate the
1282              shutdown, but instead wait for the server to do it, and will not
1283              reply to the shutdown from the server. The active mode initiates
1284              the shutdown and waits for a reply from the server.
1285
1286              See also --ftp-ssl-ccc. Added in 7.16.2.
1287
1288       --ftp-ssl-ccc
1289              (FTP) Use CCC (Clear Command Channel)  Shuts  down  the  SSL/TLS
1290              layer after authenticating. The rest of the control channel com‐
1291              munication will be unencrypted. This allows NAT routers to  fol‐
1292              low the FTP transaction. The default mode is passive.
1293
1294              See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
1295
1296       --ftp-ssl-control
1297              (FTP)  Require  SSL/TLS  for  the FTP login, clear for transfer.
1298              Allows secure authentication, but non-encrypted  data  transfers
1299              for  efficiency.   Fails the transfer if the server doesn't sup‐
1300              port SSL/TLS.
1301
1302              Added in 7.16.0.
1303
1304       -G, --get
1305              When used, this option will make all  data  specified  with  -d,
1306              --data,  --data-binary or --data-urlencode to be used in an HTTP
1307              GET request instead of the POST request that otherwise would  be
1308              used. The data will be appended to the URL with a '?' separator.
1309
1310              If  used  in combination with -I, --head, the POST data will in‐
1311              stead be appended to the URL with a HEAD request.
1312
1313              If this option is used several times,  only  the  first  one  is
1314              used.  This is because undoing a GET doesn't make sense, but you
1315              should then instead enforce the alternative method you prefer.
1316
1317       -g, --globoff
1318              This option switches off the "URL globbing parser". When you set
1319              this  option, you can specify URLs that contain the letters {}[]
1320              without having them being interpreted by curl itself. Note  that
1321              these  letters are not normal legal URL contents but they should
1322              be encoded according to the URI standard.
1323
1324       --happy-eyeballs-timeout-ms <milliseconds>
1325              Happy eyeballs is an algorithm that attempts to connect to  both
1326              IPv4  and  IPv6  addresses for dual-stack hosts, preferring IPv6
1327              first for the number of milliseconds. If the IPv6 address cannot
1328              be  connected  to  within that time then a connection attempt is
1329              made to the IPv4 address in parallel. The first connection to be
1330              established is the one that is used.
1331
1332              The  range of suggested useful values is limited. Happy Eyeballs
1333              RFC 6555 says "It is RECOMMENDED  that  connection  attempts  be
1334              paced  150-250 ms apart to balance human factors against network
1335              load." libcurl currently defaults to 200 ms. Firefox and  Chrome
1336              currently default to 300 ms.
1337
1338              If this option is used several times, the last one will be used.
1339
1340              Added in 7.59.0.
1341
1342       --haproxy-protocol
1343              (HTTP)  Send a HAProxy PROXY protocol v1 header at the beginning
1344              of the connection. This is used by some load balancers  and  re‐
1345              verse proxies to indicate the client's true IP address and port.
1346
1347              This  option is primarily useful when sending test requests to a
1348              service that expects this header.
1349
1350              Added in 7.60.0.
1351
1352       -I, --head
1353              (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1354              command  HEAD which this uses to get nothing but the header of a
1355              document. When used on an FTP or FILE file,  curl  displays  the
1356              file size and last modification time only.
1357
1358       -H, --header <header/@file>
1359              (HTTP)  Extra header to include in the request when sending HTTP
1360              to a server. You may specify any number of extra  headers.  Note
1361              that if you should add a custom header that has the same name as
1362              one of the internal ones curl would  use,  your  externally  set
1363              header will be used instead of the internal one. This allows you
1364              to make even trickier stuff than curl  would  normally  do.  You
1365              should  not  replace internally set headers without knowing per‐
1366              fectly well what you're doing. Remove an internal header by giv‐
1367              ing  a  replacement  without  content  on  the right side of the
1368              colon, as in: -H "Host:". If you send the custom header with no-
1369              value  then its header must be terminated with a semicolon, such
1370              as -H "X-Custom-Header;" to send "X-Custom-Header:".
1371
1372              curl will make sure that each header  you  add/replace  is  sent
1373              with the proper end-of-line marker, you should thus not add that
1374              as a part of the header content: do not add newlines or carriage
1375              returns, they will only mess things up for you.
1376
1377              This  option can take an argument in @filename style, which then
1378              adds a header for each line in the input  file.  Using  @-  will
1379              make curl read the header file from stdin. Added in 7.55.0.
1380
1381              You  need  --proxy-header  to send custom headers intended for a
1382              HTTP proxy. Added in 7.37.0.
1383
1384              Passing on a "Transfer-Encoding: chunked" header  when  doing  a
1385              HTTP  request  with a request body, will make curl send the data
1386              using chunked encoding.
1387
1388              Example:
1389
1390               curl -H "X-First-Name: Joe" http://example.com/
1391
1392              WARNING: headers set with this option will be  set  in  all  re‐
1393              quests  - even after redirects are followed, like when told with
1394              -L, --location. This can lead to the header being sent to  other
1395              hosts  than  the  original  host, so sensitive headers should be
1396              used with caution combined with following redirects.
1397
1398              This option can be used  multiple  times  to  add/replace/remove
1399              multiple headers.
1400
1401              See also -A, --user-agent and -e, --referer.
1402
1403       -h, --help <category>
1404              Usage  help.  This  lists all commands of the <category>.  If no
1405              arg was provided, curl will display the most  important  command
1406              line  arguments.   If the argument "all" was provided, curl will
1407              display all options available.  If the argument  "category"  was
1408              provided, curl will display all categories and their meanings.
1409
1410       --hostpubmd5 <md5>
1411              (SFTP  SCP)  Pass a string containing 32 hexadecimal digits. The
1412              string should be the 128 bit MD5 checksum of the  remote  host's
1413              public key, curl will refuse the connection with the host unless
1414              the md5sums match.
1415
1416              Added in 7.17.1.
1417
1418       --hsts <file name>
1419              (HTTPS) WARNING: this option is experimental. Do not use in pro‐
1420              duction.
1421
1422              This  option  enables  HSTS  for  the transfer. If the file name
1423              points to an existing HSTS cache file, that will be used.  After
1424              a  completed  transfer, the cache will be saved to the file name
1425              again if it has been modified.
1426
1427              Specify a "" file name (zero length) to avoid loading/saving and
1428              make curl just handle HSTS in memory.
1429
1430              If  this  option  is used several times, curl will load contents
1431              from all the files but the last one will be used for saving.
1432
1433              Added in 7.74.0.
1434
1435       --http0.9
1436              (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1437
1438              HTTP/0.9 is a completely headerless response and  therefore  you
1439              can  also  connect with this to non-HTTP servers and still get a
1440              response since curl will simply transparently downgrade - if al‐
1441              lowed.
1442
1443              Since curl 7.66.0, HTTP/0.9 is disabled by default.
1444
1445       -0, --http1.0
1446              (HTTP)  Tells  curl to use HTTP version 1.0 instead of using its
1447              internally preferred HTTP version.
1448
1449              This option overrides --http1.1 and --http2.
1450
1451       --http1.1
1452              (HTTP) Tells curl to use HTTP version 1.1.
1453
1454              This option  overrides  -0,  --http1.0  and  --http2.  Added  in
1455              7.33.0.
1456
1457       --http2-prior-knowledge
1458              (HTTP)  Tells  curl  to  issue  its  non-TLS HTTP requests using
1459              HTTP/2 without HTTP/1.1 Upgrade.  It  requires  prior  knowledge
1460              that  the  server  supports HTTP/2 straight away. HTTPS requests
1461              will still do HTTP/2 the standard way with  negotiated  protocol
1462              version in the TLS handshake.
1463
1464              --http2-prior-knowledge requires that the underlying libcurl was
1465              built to support HTTP/2. This option overrides --http1.1 and -0,
1466              --http1.0 and --http2. Added in 7.49.0.
1467
1468       --http2
1469              (HTTP) Tells curl to use HTTP version 2.
1470
1471              See also --http1.1 and --http3. --http2 requires that the under‐
1472              lying libcurl was built to support HTTP/2. This option overrides
1473              --http1.1  and  -0, --http1.0 and --http2-prior-knowledge. Added
1474              in 7.33.0.
1475
1476       --http3
1477              (HTTP) WARNING: this option is experimental. Do not use in  pro‐
1478              duction.
1479
1480              Tells  curl  to use HTTP version 3 directly to the host and port
1481              number used in the URL. A normal HTTP/3 transaction will be done
1482              to  a  host and then get redirected via Alt-SVc, but this option
1483              allows a user to circumvent that when you know that  the  target
1484              speaks HTTP/3 on the given host and port.
1485
1486              This  option  will make curl fail if a QUIC connection cannot be
1487              established, it cannot fall back to a lower HTTP version on  its
1488              own.
1489
1490              See also --http1.1 and --http2. --http3 requires that the under‐
1491              lying libcurl was built to support HTTP/3. This option overrides
1492              --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1493              edge. Added in 7.66.0.
1494
1495       --ignore-content-length
1496              (FTP HTTP) For HTTP, Ignore the Content-Length header.  This  is
1497              particularly  useful  for servers running Apache 1.x, which will
1498              report incorrect Content-Length for files larger  than  2  giga‐
1499              bytes.
1500
1501              For  FTP (since 7.46.0), skip the RETR command to figure out the
1502              size before downloading a file.
1503
1504       -i, --include
1505              Include the HTTP response headers in the output.  The  HTTP  re‐
1506              sponse  headers  can  include  things like server name, cookies,
1507              date of the document, HTTP version and more...
1508
1509              To view the request headers, consider the -v, --verbose option.
1510
1511              See also -v, --verbose.
1512
1513       -k, --insecure
1514              (TLS) By default, every SSL connection curl makes is verified to
1515              be  secure.  This option allows curl to proceed and operate even
1516              for server connections otherwise considered insecure.
1517
1518              The server connection is verified by making  sure  the  server's
1519              certificate  contains  the  right name and verifies successfully
1520              using the cert store.
1521
1522              See this online resource for further details:
1523               https://curl.se/docs/sslcerts.html
1524
1525              See also --proxy-insecure and --cacert.
1526
1527       --interface <name>
1528
1529              Perform an operation using a specified interface. You can  enter
1530              interface  name,  IP address or host name. An example could look
1531              like:
1532
1533               curl --interface eth0:1 https://www.example.com/
1534
1535              If this option is used several times, the last one will be used.
1536
1537              On Linux it can be used to specify a VRF, but the  binary  needs
1538              to  either  have CAP_NET_RAW or to be run as root. More informa‐
1539              tion  about  Linux  VRF:   https://www.kernel.org/doc/Documenta
1540              tion/networking/vrf.txt
1541
1542              See also --dns-interface.
1543
1544       -4, --ipv4
1545              This  option tells curl to resolve names to IPv4 addresses only,
1546              and not for example try IPv6.
1547
1548              See also  --http1.1  and  --http2.  This  option  overrides  -6,
1549              --ipv6.
1550
1551       -6, --ipv6
1552              This  option tells curl to resolve names to IPv6 addresses only,
1553              and not for example try IPv4.
1554
1555              See also  --http1.1  and  --http2.  This  option  overrides  -4,
1556              --ipv4.
1557
1558       -j, --junk-session-cookies
1559              (HTTP) When curl is told to read cookies from a given file, this
1560              option will make it discard all "session cookies". This will ba‐
1561              sically  have  the  same  effect as if a new session is started.
1562              Typical browsers always discard  session  cookies  when  they're
1563              closed down.
1564
1565              See also -b, --cookie and -c, --cookie-jar.
1566
1567       --keepalive-time <seconds>
1568              This  option sets the time a connection needs to remain idle be‐
1569              fore sending keepalive probes and the  time  between  individual
1570              keepalive probes. It is currently effective on operating systems
1571              offering  the  TCP_KEEPIDLE  and  TCP_KEEPINTVL  socket  options
1572              (meaning  Linux, recent AIX, HP-UX and more). This option has no
1573              effect if --no-keepalive is used.
1574
1575              If this option is used several times, the last one will be used.
1576              If unspecified, the option defaults to 60 seconds.
1577
1578              Added in 7.18.0.
1579
1580       --key-type <type>
1581              (TLS)  Private key file type. Specify which type your --key pro‐
1582              vided private key is. DER, PEM, and ENG are  supported.  If  not
1583              specified, PEM is assumed.
1584
1585              If this option is used several times, the last one will be used.
1586
1587       --key <key>
1588              (TLS SSH) Private key file name. Allows you to provide your pri‐
1589              vate key in this separate file. For SSH, if not specified,  curl
1590              tries   the  following  candidates  in  order:  '~/.ssh/id_rsa',
1591              '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1592
1593              If curl is built against OpenSSL library, and the engine  pkcs11
1594              is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1595              ify a private key located in a PKCS#11 device. A  string  begin‐
1596              ning  with  "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1597              PKCS#11 URI is provided, then the --engine option will be set as
1598              "pkcs11"  if none was provided and the --key-type option will be
1599              set as "ENG" if none was provided.
1600
1601              If this option is used several times, the last one will be used.
1602
1603       --krb <level>
1604              (FTP) Enable Kerberos authentication and use. The level must  be
1605              entered and should be one of 'clear', 'safe', 'confidential', or
1606              'private'. Should you use a level that  is  not  one  of  these,
1607              'private' will instead be used.
1608
1609              If this option is used several times, the last one will be used.
1610
1611              --krb  requires that the underlying libcurl was built to support
1612              Kerberos.
1613
1614       --libcurl <file>
1615              Append this option to any ordinary curl command  line,  and  you
1616              will  get a libcurl-using C source code written to the file that
1617              does the equivalent of what your command-line operation does!
1618
1619              If this option is used several times, the last given  file  name
1620              will be used.
1621
1622              Added in 7.16.1.
1623
1624       --limit-rate <speed>
1625              Specify  the  maximum  transfer  rate you want curl to use - for
1626              both downloads and uploads. This feature is useful if you have a
1627              limited pipe and you'd like your transfer not to use your entire
1628              bandwidth. To make it slower than it otherwise would be.
1629
1630              The given speed is measured in bytes/second, unless a suffix  is
1631              appended.   Appending  'k' or 'K' will count the number as kilo‐
1632              bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes  it
1633              gigabytes. Examples: 200K, 3m and 1G.
1634
1635              If  you  also use the -Y, --speed-limit option, that option will
1636              take precedence and might cripple the rate-limiting slightly, to
1637              help keeping the speed-limit logic working.
1638
1639              If this option is used several times, the last one will be used.
1640
1641       -l, --list-only
1642              (FTP  POP3)  (FTP)  When  listing  an FTP directory, this switch
1643              forces a name-only view. This is especially useful if  the  user
1644              wants  to  machine-parse  the contents of an FTP directory since
1645              the normal directory view doesn't use a standard look or format.
1646              When used like this, the option causes a NLST command to be sent
1647              to the server instead of LIST.
1648
1649              Note: Some FTP servers list only  files  in  their  response  to
1650              NLST; they do not include sub-directories and symbolic links.
1651
1652              (POP3)  When  retrieving a specific email from POP3, this switch
1653              forces a LIST command to be performed instead of RETR.  This  is
1654              particularly  useful if the user wants to see if a specific mes‐
1655              sage id exists on the server and what size it is.
1656
1657              Note: When combined with -X, --request, this option can be  used
1658              to send an UIDL command instead, so the user may use the email's
1659              unique identifier rather than it's message id to  make  the  re‐
1660              quest.
1661
1662              Added in 4.0.
1663
1664       --local-port <num/range>
1665              Set  a  preferred single number or range (FROM-TO) of local port
1666              numbers to use for the connection(s).  Note that port numbers by
1667              nature  are a scarce resource that will be busy at times so set‐
1668              ting this range to something too narrow might cause  unnecessary
1669              connection setup failures.
1670
1671              Added in 7.15.2.
1672
1673       --location-trusted
1674              (HTTP)  Like  -L,  --location, but will allow sending the name +
1675              password to all hosts that the site may redirect to. This may or
1676              may not introduce a security breach if the site redirects you to
1677              a site to which you'll send your authentication info  (which  is
1678              plaintext in the case of HTTP Basic authentication).
1679
1680              See also -u, --user.
1681
1682       -L, --location
1683              (HTTP)  If  the server reports that the requested page has moved
1684              to a different location (indicated with a Location: header and a
1685              3XX  response code), this option will make curl redo the request
1686              on the new place. If used together with  -i,  --include  or  -I,
1687              --head, headers from all requested pages will be shown. When au‐
1688              thentication is used, curl only sends  its  credentials  to  the
1689              initial  host.  If a redirect takes curl to a different host, it
1690              won't be able to intercept the user+password. See  also  --loca‐
1691              tion-trusted  on how to change this. You can limit the amount of
1692              redirects to follow by using the --max-redirs option.
1693
1694              When curl follows a redirect and if the request is  a  POST,  it
1695              will  do  the  following request with a GET if the HTTP response
1696              was 301, 302, or 303. If the response code  was  any  other  3xx
1697              code, curl will re-send the following request using the same un‐
1698              modified method.
1699
1700              You can tell curl to not change POST requests to GET after a 30x
1701              response  by  using  the  dedicated options for that: --post301,
1702              --post302 and --post303.
1703
1704              The method set with -X,  --request  overrides  the  method  curl
1705              would otherwise select to use.
1706
1707       --login-options <options>
1708              (IMAP  POP3 SMTP) Specify the login options to use during server
1709              authentication.
1710
1711              You can use the login options to specify protocol  specific  op‐
1712              tions  that  may  be used during authentication. At present only
1713              IMAP, POP3 and SMTP support login options. For more  information
1714              about  the  login options please see RFC 2384, RFC 5092 and IETF
1715              draft draft-earhart-url-smtp-00.txt
1716
1717              If this option is used several times, the last one will be used.
1718
1719              Added in 7.34.0.
1720
1721       --mail-auth <address>
1722              (SMTP) Specify a single address. This will be  used  to  specify
1723              the  authentication  address  (identity)  of a submitted message
1724              that is being relayed to another server.
1725
1726              See also --mail-rcpt and --mail-from. Added in 7.25.0.
1727
1728       --mail-from <address>
1729              (SMTP) Specify a single address that the given mail  should  get
1730              sent from.
1731
1732              See also --mail-rcpt and --mail-auth. Added in 7.20.0.
1733
1734       --mail-rcpt-allowfails
1735              (SMTP) When sending data to multiple recipients, by default curl
1736              will abort SMTP conversation if at least one of  the  recipients
1737              causes RCPT TO command to return an error.
1738
1739              The  default  behavior can be changed by passing --mail-rcpt-al‐
1740              lowfails command-line option which will make curl ignore  errors
1741              and proceed with the remaining valid recipients.
1742
1743              In  case when all recipients cause RCPT TO command to fail, curl
1744              will abort SMTP conversation and return the error received  from
1745              to the last RCPT TO command.  Added in 7.69.0.
1746
1747       --mail-rcpt <address>
1748              (SMTP) Specify a single address, user name or mailing list name.
1749              Repeat this option several times to send to multiple recipients.
1750
1751              When performing a mail transfer, the recipient should specify  a
1752              valid email address to send the mail to.
1753
1754              When  performing an address verification (VRFY command), the re‐
1755              cipient should be specified as the user name or  user  name  and
1756              domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
1757
1758              When performing a mailing list expand (EXPN command), the recip‐
1759              ient should be specified using the mailing list  name,  such  as
1760              "Friends" or "London-Office".  (Added in 7.34.0)
1761
1762              Added in 7.20.0.
1763
1764       -M, --manual
1765              Manual. Display the huge help text.
1766
1767       --max-filesize <bytes>
1768              Specify  the  maximum  size (in bytes) of a file to download. If
1769              the file requested is larger than this value, the transfer  will
1770              not start and curl will return with exit code 63.
1771
1772              A  size  modifier may be used. For example, Appending 'k' or 'K'
1773              will count  the  number  as  kilobytes,  'm'  or  'M'  makes  it
1774              megabytes,  while 'g' or 'G' makes it gigabytes. Examples: 200K,
1775              3m and 1G. (Added in 7.58.0)
1776
1777              NOTE: The file size is not always known prior to  download,  and
1778              for such files this option has no effect even if the file trans‐
1779              fer ends up being larger than this given  limit.  This  concerns
1780              both FTP and HTTP transfers.
1781
1782              See also --limit-rate.
1783
1784       --max-redirs <num>
1785              (HTTP)  Set  maximum  number  of redirection-followings allowed.
1786              When -L, --location is used, is used to prevent curl  from  fol‐
1787              lowing redirections too much. By default, the limit is set to 50
1788              redirections. Set this option to -1 to make it unlimited.
1789
1790              If this option is used several times, the last one will be used.
1791
1792       -m, --max-time <seconds>
1793              Maximum time in seconds that you allow the  whole  operation  to
1794              take.   This is useful for preventing your batch jobs from hang‐
1795              ing for hours due to slow networks or links going  down.   Since
1796              7.32.0, this option accepts decimal values, but the actual time‐
1797              out will decrease in accuracy as the specified timeout increases
1798              in decimal precision.
1799
1800              If this option is used several times, the last one will be used.
1801
1802              See also --connect-timeout.
1803
1804       --metalink
1805              This  option  can  tell curl to parse and process a given URI as
1806              Metalink file (both version 3 and 4 (RFC  5854)  are  supported)
1807              and  make use of the mirrors listed within for failover if there
1808              are errors (such as the file or server not being available).  It
1809              will  also  verify  the hash of the file after the download com‐
1810              pletes. The Metalink file itself is downloaded and processed  in
1811              memory and not stored in the local file system.
1812
1813              Example to use a remote Metalink file:
1814
1815               curl --metalink http://www.example.com/example.metalink
1816
1817              To use a Metalink file in the local file system, use FILE proto‐
1818              col (file://):
1819
1820               curl --metalink file:///example.metalink
1821
1822              Please note that if FILE protocol is disabled, there is  no  way
1823              to  use  a local Metalink file at the time of this writing. Also
1824              note that if --metalink and -i,  --include  are  used  together,
1825              --include  will be ignored. This is because including headers in
1826              the response will break Metalink parser and if the  headers  are
1827              included in the file described in Metalink file, hash check will
1828              fail.
1829
1830              --metalink requires that the underlying  libcurl  was  built  to
1831              support metalink. Added in 7.27.0.
1832
1833       --negotiate
1834              (HTTP) Enables Negotiate (SPNEGO) authentication.
1835
1836              This  option  requires a library built with GSS-API or SSPI sup‐
1837              port. Use -V, --version  to  see  if  your  curl  supports  GSS-
1838              API/SSPI or SPNEGO.
1839
1840              When  using this option, you must also provide a fake -u, --user
1841              option to activate the authentication code properly.  Sending  a
1842              '-u  :'  is  enough  as  the user name and password from the -u,
1843              --user option aren't actually used.
1844
1845              If this option is used several times,  only  the  first  one  is
1846              used.
1847
1848              See also --basic, --ntlm, --anyauth and --proxy-negotiate.
1849
1850       --netrc-file <filename>
1851              This  option  is similar to -n, --netrc, except that you provide
1852              the path (absolute or relative) to  the  netrc  file  that  curl
1853              should use.  You can only specify one netrc file per invocation.
1854              If several --netrc-file options are provided, the last one  will
1855              be used.
1856
1857              It will abide by --netrc-optional if specified.
1858
1859              This option overrides -n, --netrc. Added in 7.21.5.
1860
1861       --netrc-optional
1862              Very  similar  to  -n, --netrc, but this option makes the .netrc
1863              usage optional and not mandatory as the -n, --netrc option does.
1864
1865              See also --netrc-file. This option overrides -n, --netrc.
1866
1867       -n, --netrc
1868              Makes curl scan the .netrc  (_netrc  on  Windows)  file  in  the
1869              user's home directory for login name and password. This is typi‐
1870              cally used for FTP on Unix. If used with HTTP, curl will  enable
1871              user authentication. See netrc(5) ftp(1) for details on the file
1872              format. Curl will not complain if that  file  doesn't  have  the
1873              right permissions (it should not be either world- or group-read‐
1874              able). The environment variable "HOME" is used to find the  home
1875              directory.
1876
1877              A  quick and very simple example of how to setup a .netrc to al‐
1878              low curl to FTP to the machine host.domain.com  with  user  name
1879              'myself' and password 'secret' should look similar to:
1880
1881              machine host.domain.com login myself password secret
1882
1883       -:, --next
1884              Tells curl to use a separate operation for the following URL and
1885              associated options. This allows you  to  send  several  URL  re‐
1886              quests,  each with their own specific options, for example, such
1887              as different user names or custom requests for each.
1888
1889              -:, --next will reset all local options  and  only  global  ones
1890              will  have  their values survive over to the operation following
1891              the -:, --next instruction. Global options  include  -v,  --ver‐
1892              bose, --trace, --trace-ascii and --fail-early.
1893
1894              For  example,  you can do both a GET and a POST in a single com‐
1895              mand line:
1896
1897               curl www1.example.com --next -d postthis www2.example.com
1898
1899              Added in 7.36.0.
1900
1901       --no-alpn
1902              (HTTPS) Disable the ALPN TLS extension. ALPN is enabled  by  de‐
1903              fault  if  libcurl  was  built with an SSL library that supports
1904              ALPN. ALPN is used by a libcurl that supports HTTP/2 to  negoti‐
1905              ate HTTP/2 support with the server during https sessions.
1906
1907              See  also  --no-npn and --http2. --no-alpn requires that the un‐
1908              derlying libcurl was built to support TLS. Added in 7.36.0.
1909
1910       -N, --no-buffer
1911              Disables the buffering of the output stream. In normal work sit‐
1912              uations,  curl  will  use a standard buffered output stream that
1913              will have the effect that it will output the data in chunks, not
1914              necessarily  exactly  when  the data arrives.  Using this option
1915              will disable that buffering.
1916
1917              Note that this is the negated option name  documented.  You  can
1918              thus use --buffer to enforce the buffering.
1919
1920       --no-keepalive
1921              Disables  the  use  of keepalive messages on the TCP connection.
1922              curl otherwise enables them by default.
1923
1924              Note that this is the negated option name  documented.  You  can
1925              thus use --keepalive to enforce keepalive.
1926
1927       --no-npn
1928              (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
1929              if libcurl was built with an SSL library that supports NPN.  NPN
1930              is  used  by  a libcurl that supports HTTP/2 to negotiate HTTP/2
1931              support with the server during https sessions.
1932
1933              See also --no-alpn and --http2. --no-npn requires that  the  un‐
1934              derlying libcurl was built to support TLS. Added in 7.36.0.
1935
1936       --no-progress-meter
1937              Option to switch off the progress meter output without muting or
1938              otherwise affecting warning and informational messages like  -s,
1939              --silent does.
1940
1941              Note  that  this  is the negated option name documented. You can
1942              thus use --progress-meter to enable the progress meter again.
1943
1944              See also -v, --verbose and -s, --silent. Added in 7.67.0.
1945
1946       --no-sessionid
1947              (TLS) Disable curl's use of SSL session-ID caching.  By  default
1948              all  transfers are done using the cache. Note that while nothing
1949              should ever get hurt by attempting  to  reuse  SSL  session-IDs,
1950              there seem to be broken SSL implementations in the wild that may
1951              require you to disable this in order for you to succeed.
1952
1953              Note that this is the negated option name  documented.  You  can
1954              thus use --sessionid to enforce session-ID caching.
1955
1956              Added in 7.16.0.
1957
1958       --noproxy <no-proxy-list>
1959              Comma-separated  list  of hosts which do not use a proxy, if one
1960              is specified.  The only wildcard is a single * character,  which
1961              matches all hosts, and effectively disables the proxy. Each name
1962              in this list is matched as either a domain  which  contains  the
1963              hostname,  or  the hostname itself. For example, local.com would
1964              match  local.com,  local.com:80,  and  www.local.com,  but   not
1965              www.notlocal.com.
1966
1967              Since  7.53.0,  This  option overrides the environment variables
1968              that disable the proxy. If there's an environment variable  dis‐
1969              abling a proxy, you can set noproxy list to "" to override it.
1970
1971              Added in 7.19.4.
1972
1973       --ntlm-wb
1974              (HTTP) Enables NTLM much in the style --ntlm does, but hand over
1975              the authentication to the separate binary  ntlmauth  application
1976              that is executed when needed.
1977
1978              See also --ntlm and --proxy-ntlm.
1979
1980       --ntlm (HTTP)  Enables  NTLM  authentication.  The  NTLM authentication
1981              method was designed by Microsoft and is used by IIS web servers.
1982              It  is a proprietary protocol, reverse-engineered by clever peo‐
1983              ple and implemented in curl based on their efforts. This kind of
1984              behavior  should  not be endorsed, you should encourage everyone
1985              who uses NTLM to switch to a public and  documented  authentica‐
1986              tion method instead, such as Digest.
1987
1988              If  you  want to enable NTLM for your proxy authentication, then
1989              use --proxy-ntlm.
1990
1991              If this option is used several times,  only  the  first  one  is
1992              used.
1993
1994              See  also  --proxy-ntlm.  --ntlm  requires  that  the underlying
1995              libcurl was built to support TLS. This option overrides  --basic
1996              and --negotiate and --digest and --anyauth.
1997
1998       --oauth2-bearer <token>
1999              (IMAP  POP3  SMTP  HTTP)  Specify the Bearer Token for OAUTH 2.0
2000              server authentication. The Bearer Token is used  in  conjunction
2001              with  the  user name which can be specified as part of the --url
2002              or -u, --user options.
2003
2004              The Bearer Token and user name are formatted  according  to  RFC
2005              6750.
2006
2007              If this option is used several times, the last one will be used.
2008
2009       --output-dir <dir>
2010
2011              This  option  specifies  the  directory in which files should be
2012              stored, when -O, --remote-name or -o, --output are used.
2013
2014              The given output directory is used for all URLs and  output  op‐
2015              tions on the command line, up until the first -:, --next.
2016
2017              If  the  specified target directory doesn't exist, the operation
2018              will fail unless --create-dirs is also used.
2019
2020              If this option is used multiple times, the last specified direc‐
2021              tory will be used.
2022
2023              See  also  -O, --remote-name and -J, --remote-header-name. Added
2024              in 7.73.0.
2025
2026       -o, --output <file>
2027              Write output to <file> instead of stdout. If you are using {} or
2028              [] to fetch multiple documents, you should quote the URL and you
2029              can use '#' followed by a number in the <file>  specifier.  That
2030              variable  will  be  replaced with the current string for the URL
2031              being fetched. Like in:
2032
2033               curl "http://{one,two}.example.com" -o "file_#1.txt"
2034
2035              or use several variables like:
2036
2037               curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2038
2039              You may use this option as many times as the number of URLs  you
2040              have.  For  example, if you specify two URLs on the same command
2041              line, you can use it like this:
2042
2043                curl -o aa example.com -o bb example.net
2044
2045              and the order of the -o options and  the  URLs  doesn't  matter,
2046              just  that  the  first -o is for the first URL and so on, so the
2047              above command line can also be written as
2048
2049                curl example.com example.net -o aa -o bb
2050
2051              See also the --create-dirs option to create the  local  directo‐
2052              ries  dynamically.  Specifying the output as '-' (a single dash)
2053              will force the output to be done to stdout.
2054
2055              See also -O, --remote-name, --remote-name-all and -J,  --remote-
2056              header-name.
2057
2058       --parallel-immediate
2059              When  doing  parallel  transfers, this option will instruct curl
2060              that it should rather prefer opening up more connections in par‐
2061              allel at once rather than waiting to see if new transfers can be
2062              added as multiplexed streams on another connection.
2063
2064              See also -Z, --parallel and --parallel-max. Added in 7.68.0.
2065
2066       --parallel-max
2067              When asked to do parallel transfers, using -Z, --parallel,  this
2068              option controls the maximum amount of transfers to do simultane‐
2069              ously.
2070
2071              The default is 50.
2072
2073              See also -Z, --parallel. Added in 7.66.0.
2074
2075       -Z, --parallel
2076              Makes curl perform its transfers in parallel as compared to  the
2077              regular serial manner.
2078
2079              Added in 7.66.0.
2080
2081       --pass <phrase>
2082              (SSH TLS) Passphrase for the private key
2083
2084              If this option is used several times, the last one will be used.
2085
2086       --path-as-is
2087              Tell  curl  to  not handle sequences of /../ or /./ in the given
2088              URL path. Normally curl will squash or merge them  according  to
2089              standards but with this option set you tell it not to do that.
2090
2091              Added in 7.42.0.
2092
2093       --pinnedpubkey <hashes>
2094              (TLS)  Tells  curl  to  use  the  specified  public key file (or
2095              hashes) to verify the peer. This can be a path to a  file  which
2096              contains a single public key in PEM or DER format, or any number
2097              of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2098              rated by ´;´
2099
2100              When  negotiating  a  TLS  or SSL connection, the server sends a
2101              certificate indicating its identity. A public key  is  extracted
2102              from  this certificate and if it does not exactly match the pub‐
2103              lic key provided to this option, curl will abort the  connection
2104              before sending or receiving any data.
2105
2106              PEM/DER support:
2107                7.39.0: OpenSSL, GnuTLS and GSKit
2108                7.43.0: NSS and wolfSSL
2109                7.47.0: mbedtls sha256 support:
2110                7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
2111                7.47.0: mbedtls Other SSL backends not supported.
2112
2113              If this option is used several times, the last one will be used.
2114
2115       --post301
2116              (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
2117              requests into GET requests when following a 301 redirection. The
2118              non-RFC behavior is ubiquitous in web browsers, so curl does the
2119              conversion by default to maintain consistency. However, a server
2120              may  require  a  POST to remain a POST after such a redirection.
2121              This option is meaningful only when using -L, --location.
2122
2123              See also --post302,  --post303  and  -L,  --location.  Added  in
2124              7.17.1.
2125
2126       --post302
2127              (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
2128              requests into GET requests when following a 302 redirection. The
2129              non-RFC behavior is ubiquitous in web browsers, so curl does the
2130              conversion by default to maintain consistency. However, a server
2131              may  require  a  POST to remain a POST after such a redirection.
2132              This option is meaningful only when using -L, --location.
2133
2134              See also --post301,  --post303  and  -L,  --location.  Added  in
2135              7.19.1.
2136
2137       --post303
2138              (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
2139              requests into GET requests when following  303  redirections.  A
2140              server may require a POST to remain a POST after a 303 redirect‐
2141              ion. This option is meaningful only when using -L, --location.
2142
2143              See also --post302,  --post301  and  -L,  --location.  Added  in
2144              7.26.0.
2145
2146       --preproxy [protocol://]host[:port]
2147              Use  the  specified  SOCKS proxy before connecting to an HTTP or
2148              HTTPS -x, --proxy. In such a case curl  first  connects  to  the
2149              SOCKS  proxy  and  then  connects (through SOCKS) to the HTTP or
2150              HTTPS proxy. Hence pre proxy.
2151
2152              The pre proxy string should be specified with a protocol:// pre‐
2153              fix  to  specify  alternative  proxy  protocols.  Use socks4://,
2154              socks4a://, socks5:// or  socks5h://  to  request  the  specific
2155              SOCKS  version  to be used. No protocol specified will make curl
2156              default to SOCKS4.
2157
2158              If the port number is not specified in the proxy string,  it  is
2159              assumed to be 1080.
2160
2161              User and password that might be provided in the proxy string are
2162              URL decoded by curl. This allows you to pass in special  charac‐
2163              ters such as @ by using %40 or pass in a colon with %3a.
2164
2165              If this option is used several times, the last one will be used.
2166
2167              Added in 7.52.0.
2168
2169       -#, --progress-bar
2170              Make curl display transfer progress as a simple progress bar in‐
2171              stead of the standard, more informational, meter.
2172
2173              This progress bar draws a single line of '#'  characters  across
2174              the screen and shows a percentage if the transfer size is known.
2175              For transfers without a known size, there  will  be  space  ship
2176              (-=o=-)  that  moves back and forth but only while data is being
2177              transferred, with a set of flying hash sign symbols on top.
2178
2179       --proto-default <protocol>
2180              Tells curl to use protocol for any URL missing a scheme name.
2181
2182              Example:
2183
2184               curl --proto-default https ftp.mozilla.org
2185
2186              An unknown or unsupported  protocol  causes  error  CURLE_UNSUP‐
2187              PORTED_PROTOCOL (1).
2188
2189              This option does not change the default proxy protocol (http).
2190
2191              Without  this  option curl would make a guess based on the host,
2192              see --url for details.
2193
2194              Added in 7.45.0.
2195
2196       --proto-redir <protocols>
2197              Tells curl to limit what protocols it may use on redirect.  Pro‐
2198              tocols  denied by --proto are not overridden by this option. See
2199              --proto for how protocols are represented.
2200
2201              Example, allow only HTTP and HTTPS on redirect:
2202
2203               curl --proto-redir -all,http,https http://example.com
2204
2205              By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect
2206              (7.65.2).  Older versions of curl allowed all protocols on redi‐
2207              rect except several disabled for security reasons: Since  7.19.4
2208              FILE  and  SCP  are  disabled, and since 7.40.0 SMB and SMBS are
2209              also disabled. Specifying all or +all enables all  protocols  on
2210              redirect, including those disabled for security.
2211
2212              Added in 7.20.2.
2213
2214       --proto <protocols>
2215              Tells  curl  to limit what protocols it may use in the transfer.
2216              Protocols are evaluated left to right, are comma separated,  and
2217              are  each  a protocol name or 'all', optionally prefixed by zero
2218              or more modifiers. Available modifiers are:
2219
2220              +  Permit this protocol in addition to protocols already permit‐
2221                 ted (this is the default if no modifier is used).
2222
2223              -  Deny  this  protocol,  removing it from the list of protocols
2224                 already permitted.
2225
2226              =  Permit only this protocol (ignoring the list already  permit‐
2227                 ted),  though subject to later modification by subsequent en‐
2228                 tries in the comma separated list.
2229
2230              For example:
2231
2232              --proto -ftps  uses the default protocols, but disables ftps
2233
2234              --proto -all,https,+http
2235                             only enables http and https
2236
2237              --proto =http,https
2238                             also only enables http and https
2239
2240       Unknown protocols produce a warning. This allows scripts to safely rely
2241       on being able to disable potentially dangerous protocols, without rely‐
2242       ing upon support for that protocol being built into curl  to  avoid  an
2243       error.
2244
2245       This option can be used multiple times, in which case the effect is the
2246       same as concatenating the protocols into one instance of the option.
2247
2248       See also --proto-redir and --proto-default. Added in 7.20.2.
2249
2250       --proxy-anyauth
2251              Tells curl to pick a suitable authentication method when  commu‐
2252              nicating  with  the  given HTTP proxy. This might cause an extra
2253              request/response round-trip.
2254
2255              See also -x, --proxy, --proxy-basic and --proxy-digest. Added in
2256              7.13.2.
2257
2258       --proxy-basic
2259              Tells  curl  to use HTTP Basic authentication when communicating
2260              with the given proxy. Use --basic for enabling HTTP Basic with a
2261              remote  host.  Basic  is  the default authentication method curl
2262              uses with proxies.
2263
2264              See also -x, --proxy, --proxy-anyauth and --proxy-digest.
2265
2266       --proxy-cacert <file>
2267              Same as --cacert but used in HTTPS proxy context.
2268
2269              See also --proxy-capath, --cacert,  --capath  and  -x,  --proxy.
2270              Added in 7.52.0.
2271
2272       --proxy-capath <dir>
2273              Same as --capath but used in HTTPS proxy context.
2274
2275              See  also  --proxy-cacert,  -x,  --proxy  and --capath. Added in
2276              7.52.0.
2277
2278       --proxy-cert-type <type>
2279              Same as --cert-type but used in HTTPS proxy context.
2280
2281              Added in 7.52.0.
2282
2283       --proxy-cert <cert[:passwd]>
2284              Same as -E, --cert but used in HTTPS proxy context.
2285
2286              Added in 7.52.0.
2287
2288       --proxy-ciphers <list>
2289              Same as --ciphers but used in HTTPS proxy context.
2290
2291              Added in 7.52.0.
2292
2293       --proxy-crlfile <file>
2294              Same as --crlfile but used in HTTPS proxy context.
2295
2296              Added in 7.52.0.
2297
2298       --proxy-digest
2299              Tells curl to use HTTP Digest authentication when  communicating
2300              with the given proxy. Use --digest for enabling HTTP Digest with
2301              a remote host.
2302
2303              See also -x, --proxy, --proxy-anyauth and --proxy-basic.
2304
2305       --proxy-header <header/@file>
2306              (HTTP) Extra header to include in the request when sending  HTTP
2307              to a proxy. You may specify any number of extra headers. This is
2308              the equivalent option to -H, --header but is for proxy  communi‐
2309              cation  only  like  in CONNECT requests when you want a separate
2310              header sent to the proxy to what is sent to  the  actual  remote
2311              host.
2312
2313              curl  will  make  sure  that each header you add/replace is sent
2314              with the proper end-of-line marker, you should thus not add that
2315              as a part of the header content: do not add newlines or carriage
2316              returns, they will only mess things up for you.
2317
2318              Headers specified with this option will not be included  in  re‐
2319              quests that curl knows will not be sent to a proxy.
2320
2321              Starting  in  7.55.0, this option can take an argument in @file‐
2322              name style, which then adds a header for each line in the  input
2323              file. Using @- will make curl read the header file from stdin.
2324
2325              This  option  can  be  used multiple times to add/replace/remove
2326              multiple headers.
2327
2328              Added in 7.37.0.
2329
2330       --proxy-insecure
2331              Same as -k, --insecure but used in HTTPS proxy context.
2332
2333              Added in 7.52.0.
2334
2335       --proxy-key-type <type>
2336              Same as --key-type but used in HTTPS proxy context.
2337
2338              Added in 7.52.0.
2339
2340       --proxy-key <key>
2341              Same as --key but used in HTTPS proxy context.
2342
2343       --proxy-negotiate
2344              Tells curl to use HTTP Negotiate  (SPNEGO)  authentication  when
2345              communicating with the given proxy. Use --negotiate for enabling
2346              HTTP Negotiate (SPNEGO) with a remote host.
2347
2348              See also --proxy-anyauth and --proxy-basic. Added in 7.17.1.
2349
2350       --proxy-ntlm
2351              Tells curl to use HTTP NTLM  authentication  when  communicating
2352              with the given proxy. Use --ntlm for enabling NTLM with a remote
2353              host.
2354
2355              See also --proxy-negotiate and --proxy-anyauth.
2356
2357       --proxy-pass <phrase>
2358              Same as --pass but used in HTTPS proxy context.
2359
2360              Added in 7.52.0.
2361
2362       --proxy-pinnedpubkey <hashes>
2363              (TLS) Tells curl to  use  the  specified  public  key  file  (or
2364              hashes)  to verify the proxy. This can be a path to a file which
2365              contains a single public key in PEM or DER format, or any number
2366              of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2367              rated by ´;´
2368
2369              When negotiating a TLS or SSL connection,  the  server  sends  a
2370              certificate  indicating  its identity. A public key is extracted
2371              from this certificate and if it does not exactly match the  pub‐
2372              lic  key provided to this option, curl will abort the connection
2373              before sending or receiving any data.
2374
2375              If this option is used several times, the last one will be used.
2376
2377       --proxy-service-name <name>
2378              This option allows you to change the service name for proxy  ne‐
2379              gotiation.
2380
2381              Added in 7.43.0.
2382
2383       --proxy-ssl-allow-beast
2384              Same as --ssl-allow-beast but used in HTTPS proxy context.
2385
2386              Added in 7.52.0.
2387
2388       --proxy-tls13-ciphers <ciphersuite list>
2389              (TLS)  Specifies which cipher suites to use in the connection to
2390              your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
2391              suites  must  specify  valid  ciphers. Read up on TLS 1.3 cipher
2392              suite details on this URL:
2393
2394               https://curl.se/docs/ssl-ciphers.html
2395
2396              This option is currently used only when curl  is  built  to  use
2397              OpenSSL 1.1.1 or later. If you are using a different SSL backend
2398              you can try setting TLS 1.3 cipher suites by using the  --proxy-
2399              ciphers option.
2400
2401              If this option is used several times, the last one will be used.
2402
2403       --proxy-tlsauthtype <type>
2404              Same as --tlsauthtype but used in HTTPS proxy context.
2405
2406              Added in 7.52.0.
2407
2408       --proxy-tlspassword <string>
2409              Same as --tlspassword but used in HTTPS proxy context.
2410
2411              Added in 7.52.0.
2412
2413       --proxy-tlsuser <name>
2414              Same as --tlsuser but used in HTTPS proxy context.
2415
2416              Added in 7.52.0.
2417
2418       --proxy-tlsv1
2419              Same as -1, --tlsv1 but used in HTTPS proxy context.
2420
2421              Added in 7.52.0.
2422
2423       -U, --proxy-user <user:password>
2424              Specify  the user name and password to use for proxy authentica‐
2425              tion.
2426
2427              If you use a Windows SSPI-enabled curl binary and do either  Ne‐
2428              gotiate  or NTLM authentication then you can tell curl to select
2429              the user name and password from your environment by specifying a
2430              single colon with this option: "-U :".
2431
2432              On systems where it works, curl will hide the given option argu‐
2433              ment from process listings. This is not enough to  protect  cre‐
2434              dentials  from  possibly getting seen by other users on the same
2435              system as they will still be visible for a brief  moment  before
2436              cleared. Such sensitive data should be retrieved from a file in‐
2437              stead or similar and never used in clear text in a command line.
2438
2439              If this option is used several times, the last one will be used.
2440
2441       -x, --proxy [protocol://]host[:port]
2442              Use the specified proxy.
2443
2444              The proxy string can be specified with a protocol:// prefix.  No
2445              protocol specified or http:// will be treated as HTTP proxy. Use
2446              socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
2447              cific SOCKS version to be used.  (The protocol support was added
2448              in curl 7.21.7)
2449
2450              HTTPS proxy support via https:// protocol prefix  was  added  in
2451              7.52.0 for OpenSSL, GnuTLS and NSS.
2452
2453              Unrecognized  and  unsupported  proxy  protocols  cause an error
2454              since 7.52.0.  Prior versions may ignore the  protocol  and  use
2455              http:// instead.
2456
2457              If  the  port number is not specified in the proxy string, it is
2458              assumed to be 1080.
2459
2460              This option overrides existing environment  variables  that  set
2461              the  proxy  to use. If there's an environment variable setting a
2462              proxy, you can set proxy to "" to override it.
2463
2464              All operations that are performed over an HTTP proxy will trans‐
2465              parently  be  converted  to HTTP. It means that certain protocol
2466              specific operations might not be available. This is not the case
2467              if you can tunnel through the proxy, as one with the -p, --prox‐
2468              ytunnel option.
2469
2470              User and password that might be provided in the proxy string are
2471              URL  decoded by curl. This allows you to pass in special charac‐
2472              ters such as @ by using %40 or pass in a colon with %3a.
2473
2474              The proxy host can be specified the exact same way as the  proxy
2475              environment  variables,  including the protocol prefix (http://)
2476              and the embedded user + password.
2477
2478              If this option is used several times, the last one will be used.
2479
2480       --proxy1.0 <host[:port]>
2481              Use the specified HTTP 1.0 proxy. If  the  port  number  is  not
2482              specified, it is assumed at port 1080.
2483
2484              The  only  difference between this and the HTTP proxy option -x,
2485              --proxy, is that attempts to use CONNECT through the proxy  will
2486              specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
2487
2488       -p, --proxytunnel
2489              When  an  HTTP  proxy is used -x, --proxy, this option will make
2490              curl tunnel through the proxy. The tunnel approach is made  with
2491              the  HTTP  proxy CONNECT request and requires that the proxy al‐
2492              lows direct connect to the remote port number curl wants to tun‐
2493              nel through to.
2494
2495              To  suppress  proxy CONNECT response headers when curl is set to
2496              output headers use --suppress-connect-headers.
2497
2498              See also -x, --proxy.
2499
2500       --pubkey <key>
2501              (SFTP SCP) Public key file name. Allows you to provide your pub‐
2502              lic key in this separate file.
2503
2504              If this option is used several times, the last one will be used.
2505
2506              (As of 7.39.0, curl attempts to automatically extract the public
2507              key from the private key file, so passing this option is  gener‐
2508              ally not required. Note that this public key extraction requires
2509              libcurl to be linked against a copy of libssh2 1.2.8  or  higher
2510              that is itself linked against OpenSSL.)
2511
2512       -Q, --quote
2513              (FTP  SFTP)  Send an arbitrary command to the remote FTP or SFTP
2514              server. Quote commands are sent BEFORE the transfer takes  place
2515              (just  after  the  initial PWD command in an FTP transfer, to be
2516              exact). To make commands take place after a successful transfer,
2517              prefix  them  with  a  dash '-'.  To make commands be sent after
2518              curl has changed the working directory, just before the transfer
2519              command(s),  prefix  the  command  with a '+' (this is only sup‐
2520              ported for FTP). You may specify any number of commands.
2521
2522              If the server returns failure for one of the commands,  the  en‐
2523              tire operation will be aborted. You must send syntactically cor‐
2524              rect FTP commands as RFC 959 defines to FTP servers, or  one  of
2525              the commands listed below to SFTP servers.
2526
2527              Prefix  the  command  with an asterisk (*) to make curl continue
2528              even if the command fails as by default curl will stop at  first
2529              failure.
2530
2531              This option can be used multiple times.
2532
2533              SFTP  is a binary protocol. Unlike for FTP, curl interprets SFTP
2534              quote commands itself before sending them to the  server.   File
2535              names may be quoted shell-style to embed spaces or special char‐
2536              acters.  Following is the list of all supported SFTP quote  com‐
2537              mands:
2538
2539              atime date file
2540                     The  atime  command sets the last access time of the file
2541                     named by the file operand. The <date expression>  can  be
2542                     all  sorts  of  date strings, see the curl_getdate(3) man
2543                     page for date expression details. (Added in 7.73.0)
2544
2545              chgrp group file
2546                     The chgrp command sets the group ID of the file named  by
2547                     the  file  operand to the group ID specified by the group
2548                     operand. The group operand is a decimal integer group ID.
2549
2550              chmod mode file
2551                     The chmod command modifies the  file  mode  bits  of  the
2552                     specified file. The mode operand is an octal integer mode
2553                     number.
2554
2555              chown user file
2556                     The chown command sets the owner of the file named by the
2557                     file  operand  to the user ID specified by the user oper‐
2558                     and. The user operand is a decimal integer user ID.
2559
2560              ln source_file target_file
2561                     The ln and symlink commands create a symbolic link at the
2562                     target_file  location  pointing  to the source_file loca‐
2563                     tion.
2564
2565              mkdir directory_name
2566                     The mkdir command creates the directory named by the  di‐
2567                     rectory_name operand.
2568
2569              mtime date file
2570                     The  mtime command sets the last modification time of the
2571                     file named by the file operand. The <date expression> can
2572                     be all sorts of date strings, see the curl_getdate(3) man
2573                     page for date expression details. (Added in 7.73.0)
2574
2575              pwd    The pwd command returns the absolute pathname of the cur‐
2576                     rent working directory.
2577
2578              rename source target
2579                     The rename command renames the file or directory named by
2580                     the source operand to the destination path named  by  the
2581                     target operand.
2582
2583              rm file
2584                     The rm command removes the file specified by the file op‐
2585                     erand.
2586
2587              rmdir directory
2588                     The rmdir command removes the directory  entry  specified
2589                     by the directory operand, provided it is empty.
2590
2591              symlink source_file target_file
2592                     See ln.
2593
2594       --random-file <file>
2595              Specify the path name to file containing what will be considered
2596              as random data. The data may be used to seed the  random  engine
2597              for SSL connections.  See also the --egd-file option.
2598
2599       -r, --range <range>
2600              (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
2601              ment) from an HTTP/1.1, FTP or SFTP  server  or  a  local  FILE.
2602              Ranges can be specified in a number of ways.
2603
2604              0-499     specifies the first 500 bytes
2605
2606              500-999   specifies the second 500 bytes
2607
2608              -500      specifies the last 500 bytes
2609
2610              9500-     specifies the bytes from offset 9500 and forward
2611
2612              0-0,-1    specifies the first and last byte only(*)(HTTP)
2613
2614              100-199,500-599
2615                        specifies two separate 100-byte ranges(*) (HTTP)
2616
2617              (*)  = NOTE that this will cause the server to reply with a mul‐
2618              tipart response, which will be returned as-is by  curl!  Parsing
2619              or otherwise transforming this response is the responsibility of
2620              the caller.
2621
2622              Only digit characters (0-9) are valid in the 'start' and  'stop'
2623              fields  of the 'start-stop' range syntax. If a non-digit charac‐
2624              ter is given in the range, the server's response will be unspec‐
2625              ified, depending on the server's configuration.
2626
2627              You  should also be aware that many HTTP/1.1 servers do not have
2628              this feature enabled, so that when you attempt to get  a  range,
2629              you'll instead get the whole document.
2630
2631              FTP  and  SFTP  range  downloads only support the simple 'start-
2632              stop' syntax (optionally with one of the numbers  omitted).  FTP
2633              use depends on the extended FTP command SIZE.
2634
2635              If this option is used several times, the last one will be used.
2636
2637       --raw  (HTTP) When used, it disables all internal HTTP decoding of con‐
2638              tent or transfer encodings and instead makes them passed on  un‐
2639              altered, raw.
2640
2641              Added in 7.16.2.
2642
2643       -e, --referer <URL>
2644              (HTTP) Sends the "Referrer Page" information to the HTTP server.
2645              This can also be set with the -H, --header flag of course.  When
2646              used  with  -L,  --location  you  can  append ";auto" to the -e,
2647              --referer URL to make curl automatically set  the  previous  URL
2648              when  it  follows  a Location: header. The ";auto" string can be
2649              used alone, even if you don't set an initial -e, --referer.
2650
2651              If this option is used several times, the last one will be used.
2652
2653              See also -A, --user-agent and -H, --header.
2654
2655       -J, --remote-header-name
2656              (HTTP) This option tells the -O, --remote-name option to use the
2657              server-specified  Content-Disposition  filename  instead  of ex‐
2658              tracting a filename from the URL.
2659
2660              If the server specifies a file name and a file  with  that  name
2661              already  exists  in the current working directory it will not be
2662              overwritten and an error will occur. If the server doesn't spec‐
2663              ify a file name then this option has no effect.
2664
2665              There's  no  attempt to decode %-sequences (yet) in the provided
2666              file name, so this option may provide you with rather unexpected
2667              file names.
2668
2669              WARNING:  Exercise  judicious  use of this option, especially on
2670              Windows. A rogue server could send you the  name  of  a  DLL  or
2671              other  file  that could possibly be loaded automatically by Win‐
2672              dows or some third party software.
2673
2674       --remote-name-all
2675              This option changes the default action for all given URLs to  be
2676              dealt with as if -O, --remote-name were used for each one. So if
2677              you want to disable that for a specific URL after --remote-name-
2678              all has been used, you must use "-o -" or --no-remote-name.
2679
2680              Added in 7.19.0.
2681
2682       -O, --remote-name
2683              Write  output to a local file named like the remote file we get.
2684              (Only the file part of the remote file is used, the path is  cut
2685              off.)
2686
2687              The  file will be saved in the current working directory. If you
2688              want the file saved in a  different  directory,  make  sure  you
2689              change  the  current working directory before invoking curl with
2690              this option.
2691
2692              The remote file name to use for saving  is  extracted  from  the
2693              given  URL,  nothing  else,  and if it already exists it will be
2694              overwritten. If you want the server to be  able  to  choose  the
2695              file name refer to -J, --remote-header-name which can be used in
2696              addition to this option. If the server chooses a file  name  and
2697              that name already exists it will not be overwritten.
2698
2699              There is no URL decoding done on the file name. If it has %20 or
2700              other URL encoded parts of the name, they will end up  as-is  as
2701              file name.
2702
2703              You  may use this option as many times as the number of URLs you
2704              have.
2705
2706       -R, --remote-time
2707              When used, this will make curl attempt to figure out  the  time‐
2708              stamp  of the remote file, and if that is available make the lo‐
2709              cal file get that same timestamp.
2710
2711       --request-target
2712              (HTTP) Tells curl to use an alternative "target" (path)  instead
2713              of  using  the  path as provided in the URL. Particularly useful
2714              when wanting to issue HTTP requests  without  leading  slash  or
2715              other  data  that  doesn't  follow the regular URL pattern, like
2716              "OPTIONS *".
2717
2718              Added in 7.55.0.
2719
2720       -X, --request <command>
2721              (HTTP) Specifies a custom request method to use when communicat‐
2722              ing  with the HTTP server.  The specified request method will be
2723              used instead of the method otherwise  used  (which  defaults  to
2724              GET).  Read  the HTTP 1.1 specification for details and explana‐
2725              tions. Common additional HTTP requests include PUT  and  DELETE,
2726              but related technologies like WebDAV offers PROPFIND, COPY, MOVE
2727              and more.
2728
2729              Normally you don't need this option. All  sorts  of  GET,  HEAD,
2730              POST and PUT requests are rather invoked by using dedicated com‐
2731              mand line options.
2732
2733              This option only changes the actual word used in  the  HTTP  re‐
2734              quest, it does not alter the way curl behaves. So for example if
2735              you want to make a proper HEAD request, using -X HEAD  will  not
2736              suffice. You need to use the -I, --head option.
2737
2738              The  method  string  you set with -X, --request will be used for
2739              all requests, which if you for example use  -L,  --location  may
2740              cause  unintended  side-effects when curl doesn't change request
2741              method according to the HTTP 30x response codes - and similar.
2742
2743              (FTP) Specifies a custom FTP command to use instead of LIST when
2744              doing file lists with FTP.
2745
2746              (POP3) Specifies a custom POP3 command to use instead of LIST or
2747              RETR. (Added in 7.26.0)
2748
2749              (IMAP) Specifies a custom IMAP command to use instead  of  LIST.
2750              (Added in 7.30.0)
2751
2752              (SMTP) Specifies a custom SMTP command to use instead of HELP or
2753              VRFY. (Added in 7.34.0)
2754
2755              If this option is used several times, the last one will be used.
2756
2757       --resolve <[+]host:port:addr[,addr]...>
2758              Provide a custom address for a specific host and port pair.  Us‐
2759              ing  this, you can make the curl requests(s) use a specified ad‐
2760              dress and prevent the otherwise normally resolved address to  be
2761              used.  Consider  it a sort of /etc/hosts alternative provided on
2762              the command line. The port number should be the number used  for
2763              the  specific  protocol  the host will be used for. It means you
2764              need several entries if you want to provide address for the same
2765              host but different ports.
2766
2767              By  specifying '*' as host you can tell curl to resolve any host
2768              and specific port pair to the specified address. Wildcard is re‐
2769              solved  last so any --resolve with a specific host and port will
2770              be used first.
2771
2772              The provided address set by this option will be used even if -4,
2773              --ipv4 or -6, --ipv6 is set to make curl use another IP version.
2774
2775              By prefixing the host with a '+' you can make the entry time out
2776              after curl's default timeout (1 minute).  Note  that  this  will
2777              only  make  sense for long running parallel transfers with a lot
2778              of files. In such cases, if this option is used curl will try to
2779              resolve  the  host as it normally would once the timeout has ex‐
2780              pired.
2781
2782              Support for providing the IP address within [brackets] was added
2783              in 7.57.0.
2784
2785              Support  for providing multiple IP addresses per entry was added
2786              in 7.59.0.
2787
2788              Support for resolving with wildcard was added in 7.64.0.
2789
2790              Support for the '+' prefix was was added in 7.75.0.
2791
2792              This option can be used many times to add many host names to re‐
2793              solve.
2794
2795              Added in 7.21.3.
2796
2797       --retry-all-errors
2798              Retry on any error. This option is used together with --retry.
2799
2800              This  option  is the "sledgehammer" of retrying. Do not use this
2801              option by default (eg in curlrc), there may be unintended conse‐
2802              quences  such as sending or receiving duplicate data. Do not use
2803              with redirected input or output. You'd be much better  off  han‐
2804              dling  your unique problems in shell script. Please read the ex‐
2805              ample below.
2806
2807              Warning: For server compatibility curl attempts to retry  failed
2808              flaky  transfers  as close as possible to how they were started,
2809              but this is not possible with redirected input  or  output.  For
2810              example,  before  retrying  it removes output data from a failed
2811              partial transfer that was written to  an  output  file.  However
2812              this is not true of data redirected to a | pipe or > file, which
2813              are not reset. We strongly suggest don't parse or record  output
2814              via  redirect in combination with this option, since you may re‐
2815              ceive duplicate data.
2816
2817              By default curl will not error on an HTTP response code that in‐
2818              dicates an HTTP error, if the transfer was successful. For exam‐
2819              ple, if a server replies 404 Not Found and the  reply  is  fully
2820              received  then  that  is not an error. When --retry is used then
2821              curl will retry on some HTTP response codes that indicate  tran‐
2822              sient  HTTP  errors, but that does not include most 4xx response
2823              codes such as 404. If you want to retry on  all  response  codes
2824              that  indicate  HTTP  errors (4xx and 5xx) then combine with -f,
2825              --fail.
2826
2827              Added in 7.71.0.
2828
2829       --retry-connrefused
2830              In addition to the other conditions, consider ECONNREFUSED as  a
2831              transient  error  too  for --retry. This option is used together
2832              with --retry.
2833
2834              Added in 7.52.0.
2835
2836       --retry-delay <seconds>
2837              Make curl sleep this amount of time before  each  retry  when  a
2838              transfer  has  failed with a transient error (it changes the de‐
2839              fault backoff time algorithm between retries).  This  option  is
2840              only  interesting if --retry is also used. Setting this delay to
2841              zero will make curl use the default backoff time.
2842
2843              If this option is used several times, the last one will be used.
2844
2845              Added in 7.12.3.
2846
2847       --retry-max-time <seconds>
2848              The retry timer is reset before the first transfer attempt.  Re‐
2849              tries  will  be done as usual (see --retry) as long as the timer
2850              hasn't reached this given limit. Notice that if the timer hasn't
2851              reached  the  limit, the request will be made and while perform‐
2852              ing, it may take longer than this given time period. To limit  a
2853              single request´s maximum time, use -m, --max-time.  Set this op‐
2854              tion to zero to not timeout retries.
2855
2856              If this option is used several times, the last one will be used.
2857
2858              Added in 7.12.3.
2859
2860       --retry <num>
2861              If a transient error is returned when curl tries  to  perform  a
2862              transfer,  it  will retry this number of times before giving up.
2863              Setting the number to 0 makes curl do no retries (which  is  the
2864              default).  Transient  error  means either: a timeout, an FTP 4xx
2865              response code or an HTTP 408, 429, 500, 502, 503 or 504 response
2866              code.
2867
2868              When  curl  is about to retry a transfer, it will first wait one
2869              second and then for all forthcoming retries it will  double  the
2870              waiting  time until it reaches 10 minutes which then will be the
2871              delay between the rest of the retries.  By  using  --retry-delay
2872              you   disable  this  exponential  backoff  algorithm.  See  also
2873              --retry-max-time to limit the total time allowed for retries.
2874
2875              Since curl 7.66.0, curl will comply with  the  Retry-After:  re‐
2876              sponse  header if one was present to know when to issue the next
2877              retry.
2878
2879              If this option is used several times, the last one will be used.
2880
2881              Added in 7.12.3.
2882
2883       --sasl-authzid <identity>
2884              Use this authorisation identity (authzid), during SASL PLAIN au‐
2885              thentication,  in addition to the authentication identity (auth‐
2886              cid) as specified by -u, --user.
2887
2888              If the option isn't specified, the server will  derive  the  au‐
2889              thzid  from  the authcid, but if specified, and depending on the
2890              server implementation, it may be used to access  another  user's
2891              inbox,  that  the  user  has been granted access to, or a shared
2892              mailbox for example.
2893
2894              Added in 7.66.0.
2895
2896       --sasl-ir
2897              Enable initial response in SASL authentication.
2898
2899              Added in 7.31.0.
2900
2901       --service-name <name>
2902              This option allows you to change the service name for SPNEGO.
2903
2904              Examples:   --negotiate   --service-name   sockd    would    use
2905              sockd/server-name.
2906
2907              Added in 7.43.0.
2908
2909       -S, --show-error
2910              When used with -s, --silent, it makes curl show an error message
2911              if it fails.
2912
2913              See also --no-progress-meter.
2914
2915       -s, --silent
2916              Silent or quiet mode. Don't show progress meter  or  error  mes‐
2917              sages.   Makes  Curl mute. It will still output the data you ask
2918              for, potentially even to the terminal/stdout unless you redirect
2919              it.
2920
2921              Use  -S,  --show-error  in  addition  to  this option to disable
2922              progress meter but still show error messages.
2923
2924              See also -v, --verbose, --stderr and --no-progress-meter.
2925
2926       --socks4 <host[:port]>
2927              Use the specified SOCKS4 proxy. If the port number is not speci‐
2928              fied, it is assumed at port 1080.
2929
2930              This  option  overrides any previous use of -x, --proxy, as they
2931              are mutually exclusive.
2932
2933              Since 7.21.7, this option is superfluous since you can specify a
2934              socks4 proxy with -x, --proxy using a socks4:// protocol prefix.
2935
2936              Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2937              the same time -x, --proxy is used with an HTTP/HTTPS  proxy.  In
2938              such a case curl first connects to the SOCKS proxy and then con‐
2939              nects (through SOCKS) to the HTTP or HTTPS proxy.
2940
2941              If this option is used several times, the last one will be used.
2942
2943              Added in 7.15.2.
2944
2945       --socks4a <host[:port]>
2946              Use the specified SOCKS4a proxy. If the port number is not spec‐
2947              ified, it is assumed at port 1080.
2948
2949              This  option  overrides any previous use of -x, --proxy, as they
2950              are mutually exclusive.
2951
2952              Since 7.21.7, this option is superfluous since you can specify a
2953              socks4a  proxy with -x, --proxy using a socks4a:// protocol pre‐
2954              fix.
2955
2956              Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2957              the  same  time -x, --proxy is used with an HTTP/HTTPS proxy. In
2958              such a case curl first connects to the SOCKS proxy and then con‐
2959              nects (through SOCKS) to the HTTP or HTTPS proxy.
2960
2961              If this option is used several times, the last one will be used.
2962
2963              Added in 7.18.0.
2964
2965       --socks5-basic
2966              Tells curl to use username/password authentication when connect‐
2967              ing to a SOCKS5 proxy.  The username/password authentication  is
2968              enabled  by  default.   Use --socks5-gssapi to force GSS-API au‐
2969              thentication to SOCKS5 proxies.
2970
2971              Added in 7.55.0.
2972
2973       --socks5-gssapi-nec
2974              As part of the GSS-API negotiation a protection mode is  negoti‐
2975              ated.  RFC  1961 says in section 4.3/4.4 it should be protected,
2976              but the NEC  reference  implementation  does  not.   The  option
2977              --socks5-gssapi-nec  allows the unprotected exchange of the pro‐
2978              tection mode negotiation.
2979
2980              Added in 7.19.4.
2981
2982       --socks5-gssapi-service <name>
2983              The default service name for a socks server is rcmd/server-fqdn.
2984              This option allows you to change it.
2985
2986              Examples:   --socks5  proxy-name  --socks5-gssapi-service  sockd
2987              would use sockd/proxy-name --socks5 proxy-name  --socks5-gssapi-
2988              service  sockd/real-name  would  use  sockd/real-name  for cases
2989              where the proxy-name does not match the principal name.
2990
2991              Added in 7.19.4.
2992
2993       --socks5-gssapi
2994              Tells curl to use GSS-API authentication when  connecting  to  a
2995              SOCKS5  proxy.  The GSS-API authentication is enabled by default
2996              (if curl is compiled with GSS-API support).  Use  --socks5-basic
2997              to force username/password authentication to SOCKS5 proxies.
2998
2999              Added in 7.55.0.
3000
3001       --socks5-hostname <host[:port]>
3002              Use  the  specified  SOCKS5 proxy (and let the proxy resolve the
3003              host name). If the port number is not specified, it  is  assumed
3004              at port 1080.
3005
3006              This  option  overrides any previous use of -x, --proxy, as they
3007              are mutually exclusive.
3008
3009              Since 7.21.7, this option is superfluous since you can specify a
3010              socks5 hostname proxy with -x, --proxy using a socks5h:// proto‐
3011              col prefix.
3012
3013              Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3014              the  same  time -x, --proxy is used with an HTTP/HTTPS proxy. In
3015              such a case curl first connects to the SOCKS proxy and then con‐
3016              nects (through SOCKS) to the HTTP or HTTPS proxy.
3017
3018              If this option is used several times, the last one will be used.
3019
3020              Added in 7.18.0.
3021
3022       --socks5 <host[:port]>
3023              Use  the  specified SOCKS5 proxy - but resolve the host name lo‐
3024              cally. If the port number is not specified,  it  is  assumed  at
3025              port 1080.
3026
3027              This  option  overrides any previous use of -x, --proxy, as they
3028              are mutually exclusive.
3029
3030              Since 7.21.7, this option is superfluous since you can specify a
3031              socks5 proxy with -x, --proxy using a socks5:// protocol prefix.
3032
3033              Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3034              the same time -x, --proxy is used with an HTTP/HTTPS  proxy.  In
3035              such a case curl first connects to the SOCKS proxy and then con‐
3036              nects (through SOCKS) to the HTTP or HTTPS proxy.
3037
3038              If this option is used several times, the last one will be used.
3039
3040              This option (as well as --socks4) does not work with IPV6,  FTPS
3041              or LDAP.
3042
3043              Added in 7.18.0.
3044
3045       -Y, --speed-limit <speed>
3046              If a download is slower than this given speed (in bytes per sec‐
3047              ond) for speed-time seconds it gets aborted. speed-time  is  set
3048              with -y, --speed-time and is 30 if not set.
3049
3050              If this option is used several times, the last one will be used.
3051
3052       -y, --speed-time <seconds>
3053              If a download is slower than speed-limit bytes per second during
3054              a speed-time period, the download gets aborted. If speed-time is
3055              used,  the  default  speed-limit  will  be 1 unless set with -Y,
3056              --speed-limit.
3057
3058              This option controls transfers and thus  will  not  affect  slow
3059              connects  etc.  If this is a concern for you, try the --connect-
3060              timeout option.
3061
3062              If this option is used several times, the last one will be used.
3063
3064       --ssl-allow-beast
3065              This option tells curl to not work around a security flaw in the
3066              SSL3  and TLS1.0 protocols known as BEAST.  If this option isn't
3067              used, the SSL layer may use workarounds known to cause  interop‐
3068              erability problems with some older SSL implementations. WARNING:
3069              this option loosens the SSL security, and by using this flag you
3070              ask for exactly that.
3071
3072              Added in 7.25.0.
3073
3074       --ssl-no-revoke
3075              (Schannel) This option tells curl to disable certificate revoca‐
3076              tion checks.  WARNING: this option loosens the SSL security, and
3077              by using this flag you ask for exactly that.
3078
3079              Added in 7.44.0.
3080
3081       --ssl-reqd
3082              (FTP IMAP POP3 SMTP) Require SSL/TLS for the connection.  Termi‐
3083              nates the connection if the server doesn't support SSL/TLS.
3084
3085              This option was formerly known as --ftp-ssl-reqd.
3086
3087              Added in 7.20.0.
3088
3089       --ssl-revoke-best-effort
3090              (Schannel) This option tells curl to ignore certificate  revoca‐
3091              tion checks when they failed due to missing/offline distribution
3092              points for the revocation check lists.
3093
3094              Added in 7.70.0.
3095
3096       --ssl  (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection.  Re‐
3097              verts  to  a non-secure connection if the server doesn't support
3098              SSL/TLS.  See also --ftp-ssl-control and --ssl-reqd for  differ‐
3099              ent levels of encryption required.
3100
3101              This  option  was formerly known as --ftp-ssl (Added in 7.11.0).
3102              That option name can still be used but will be removed in a  fu‐
3103              ture version.
3104
3105              Added in 7.20.0.
3106
3107       -2, --sslv2
3108              (SSL)  Forces  curl to use SSL version 2 when negotiating with a
3109              remote SSL server. Sometimes curl is built  without  SSLv2  sup‐
3110              port. SSLv2 is widely considered insecure (see RFC 6176).
3111
3112              See  also  --http1.1  and --http2. -2, --sslv2 requires that the
3113              underlying libcurl was built to support TLS. This  option  over‐
3114              rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3115
3116       -3, --sslv3
3117              (SSL)  Forces  curl to use SSL version 3 when negotiating with a
3118              remote SSL server. Sometimes curl is built  without  SSLv3  sup‐
3119              port. SSLv3 is widely considered insecure (see RFC 7568).
3120
3121              See  also  --http1.1  and --http2. -3, --sslv3 requires that the
3122              underlying libcurl was built to support TLS. This  option  over‐
3123              rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3124
3125       --stderr <file>
3126              Redirect  all writes to stderr to the specified file instead. If
3127              the file name is a plain '-', it is instead written to stdout.
3128
3129              If this option is used several times, the last one will be used.
3130
3131              See also -v, --verbose and -s, --silent.
3132
3133       --styled-output
3134              Enables the automatic use of bold font styles when writing  HTTP
3135              headers  to  the terminal. Use --no-styled-output to switch them
3136              off.
3137
3138              Added in 7.61.0.
3139
3140       --suppress-connect-headers
3141              When -p, --proxytunnel is used and a  CONNECT  request  is  made
3142              don't  output  proxy  CONNECT  response  headers. This option is
3143              meant to be used with -D, --dump-header or -i,  --include  which
3144              are  used  to show protocol headers in the output. It has no ef‐
3145              fect on debug options such as -v, --verbose or --trace,  or  any
3146              statistics.
3147
3148              See also -D, --dump-header, -i, --include and -p, --proxytunnel.
3149
3150       --tcp-fastopen
3151              Enable use of TCP Fast Open (RFC7413).
3152
3153              Added in 7.49.0.
3154
3155       --tcp-nodelay
3156              Turn  on the TCP_NODELAY option. See the curl_easy_setopt(3) man
3157              page for details about this option.
3158
3159              Since 7.50.2, curl sets this option by default and you  need  to
3160              explicitly switch it off if you don't want it on.
3161
3162              Added in 7.11.2.
3163
3164       -t, --telnet-option <opt=val>
3165              Pass options to the telnet protocol. Supported options are:
3166
3167              TTYPE=<term> Sets the terminal type.
3168
3169              XDISPLOC=<X display> Sets the X display location.
3170
3171              NEW_ENV=<var,val> Sets an environment variable.
3172
3173       --tftp-blksize <value>
3174              (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
3175              size that curl will try to use when transferring data to or from
3176              a TFTP server. By default 512 bytes will be used.
3177
3178              If this option is used several times, the last one will be used.
3179
3180              Added in 7.20.0.
3181
3182       --tftp-no-options
3183              (TFTP) Tells curl not to send TFTP options requests.
3184
3185              This  option  improves  interop with some legacy servers that do
3186              not acknowledge or properly implement TFTP  options.  When  this
3187              option is used --tftp-blksize is ignored.
3188
3189              Added in 7.48.0.
3190
3191       -z, --time-cond <time>
3192              (HTTP  FTP) Request a file that has been modified later than the
3193              given time and date, or one that has been modified  before  that
3194              time.  The <date expression> can be all sorts of date strings or
3195              if it doesn't match any internal ones, it is taken as a filename
3196              and  tries  to get the modification date (mtime) from <file> in‐
3197              stead. See the curl_getdate(3) man pages for date expression de‐
3198              tails.
3199
3200              Start the date expression with a dash (-) to make it request for
3201              a document that is older than the given date/time, default is  a
3202              document that is newer than the specified date/time.
3203
3204              If this option is used several times, the last one will be used.
3205
3206       --tls-max <VERSION>
3207              (SSL) VERSION defines maximum supported TLS version. The minimum
3208              acceptable version  is  set  by  tlsv1.0,  tlsv1.1,  tlsv1.2  or
3209              tlsv1.3.
3210
3211              If  the  connection  is done without TLS, this option has no ef‐
3212              fect. This includes QUIC-using (HTTP/3) transfers.
3213
3214
3215              default
3216                     Use up to recommended TLS version.
3217
3218              1.0    Use up to TLSv1.0.
3219
3220              1.1    Use up to TLSv1.1.
3221
3222              1.2    Use up to TLSv1.2.
3223
3224              1.3    Use up to TLSv1.3.
3225
3226       See also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3.  --tls-max  re‐
3227       quires  that  the underlying libcurl was built to support TLS. Added in
3228       7.54.0.
3229
3230       --tls13-ciphers <ciphersuite list>
3231              (TLS) Specifies which cipher suites to use in the connection  if
3232              it  negotiates  TLS 1.3. The list of ciphers suites must specify
3233              valid ciphers. Read up on TLS 1.3 cipher suite details  on  this
3234              URL:
3235
3236               https://curl.se/docs/ssl-ciphers.html
3237
3238              This  option  is  currently  used only when curl is built to use
3239              OpenSSL 1.1.1 or later. If you are using a different SSL backend
3240              you can try setting TLS 1.3 cipher suites by using the --ciphers
3241              option.
3242
3243              If this option is used several times, the last one will be used.
3244
3245       --tlsauthtype <type>
3246              Set TLS authentication type. Currently, the only  supported  op‐
3247              tion  is  "SRP",  for  TLS-SRP  (RFC  5054).  If  --tlsuser  and
3248              --tlspassword are specified but --tlsauthtype is not, then  this
3249              option  defaults to "SRP".  This option works only if the under‐
3250              lying libcurl is built  with  TLS-SRP  support,  which  requires
3251              OpenSSL or GnuTLS with TLS-SRP support.
3252
3253              Added in 7.21.4.
3254
3255       --tlspassword
3256              Set  password  for use with the TLS authentication method speci‐
3257              fied with --tlsauthtype. Requires that --tlsuser also be set.
3258
3259              This doesn't work with TLS 1.3.
3260
3261              Added in 7.21.4.
3262
3263       --tlsuser <name>
3264              Set username for use with the TLS authentication  method  speci‐
3265              fied  with  --tlsauthtype.  Requires  that --tlspassword also is
3266              set.
3267
3268              This doesn't work with TLS 1.3.
3269
3270              Added in 7.21.4.
3271
3272       --tlsv1.0
3273              (TLS) Forces curl to use TLS version 1.0 or later when  connect‐
3274              ing to a remote TLS server.
3275
3276              In  old  versions  of  curl  this option was documented to allow
3277              _only_ TLS 1.0, but behavior was inconsistent depending  on  the
3278              TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3279              sion.
3280
3281              Added in 7.34.0.
3282
3283       --tlsv1.1
3284              (TLS) Forces curl to use TLS version 1.1 or later when  connect‐
3285              ing to a remote TLS server.
3286
3287              In  old  versions  of  curl  this option was documented to allow
3288              _only_ TLS 1.1, but behavior was inconsistent depending  on  the
3289              TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3290              sion.
3291
3292              Added in 7.34.0.
3293
3294       --tlsv1.2
3295              (TLS) Forces curl to use TLS version 1.2 or later when  connect‐
3296              ing to a remote TLS server.
3297
3298              In  old  versions  of  curl  this option was documented to allow
3299              _only_ TLS 1.2, but behavior was inconsistent depending  on  the
3300              TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3301              sion.
3302
3303              Added in 7.34.0.
3304
3305       --tlsv1.3
3306              (TLS) Forces curl to use TLS version 1.3 or later when  connect‐
3307              ing to a remote TLS server.
3308
3309              If  the  connection  is done without TLS, this option has no ef‐
3310              fect. This includes QUIC-using (HTTP/3) transfers.
3311
3312              Note that TLS 1.3 is not supported by all TLS backends.
3313
3314              Added in 7.52.0.
3315
3316       -1, --tlsv1
3317              (SSL) Tells curl to use at least TLS version 1.x when  negotiat‐
3318              ing  with  a  remote  TLS  server. That means TLS version 1.0 or
3319              higher
3320
3321              See also --http1.1 and --http2. -1, --tlsv1  requires  that  the
3322              underlying  libcurl  was built to support TLS. This option over‐
3323              rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
3324
3325       --tr-encoding
3326              (HTTP) Request a compressed Transfer-Encoding response using one
3327              of  the  algorithms curl supports, and uncompress the data while
3328              receiving it.
3329
3330              Added in 7.21.6.
3331
3332       --trace-ascii <file>
3333              Enables a full trace dump of all incoming and outgoing data, in‐
3334              cluding  descriptive  information, to the given output file. Use
3335              "-" as filename to have the output sent to stdout.
3336
3337              This is very similar to --trace, but leaves out the hex part and
3338              only  shows  the ASCII part of the dump. It makes smaller output
3339              that might be easier to read for untrained humans.
3340
3341              If this option is used several times, the last one will be used.
3342
3343              This option overrides --trace and -v, --verbose.
3344
3345       --trace-time
3346              Prepends a time stamp to each trace or verbose  line  that  curl
3347              displays.
3348
3349              Added in 7.14.0.
3350
3351       --trace <file>
3352              Enables a full trace dump of all incoming and outgoing data, in‐
3353              cluding descriptive information, to the given output  file.  Use
3354              "-"  as  filename  to have the output sent to stdout. Use "%" as
3355              filename to have the output sent to stderr.
3356
3357              If this option is used several times, the last one will be used.
3358
3359              This option overrides -v, --verbose and --trace-ascii.
3360
3361       --unix-socket <path>
3362              (HTTP) Connect through this Unix domain socket, instead of using
3363              the network.
3364
3365              Added in 7.40.0.
3366
3367       -T, --upload-file <file>
3368              This  transfers  the  specified local file to the remote URL. If
3369              there is no file part in the specified URL, curl will append the
3370              local file name. NOTE that you must use a trailing / on the last
3371              directory to really prove to Curl that there is no file name  or
3372              curl will think that your last directory name is the remote file
3373              name to use. That will most likely cause the upload operation to
3374              fail. If this is used on an HTTP(S) server, the PUT command will
3375              be used.
3376
3377              Use the file name "-" (a single dash) to use stdin instead of  a
3378              given  file.   Alternately,  the file name "." (a single period)
3379              may be specified instead of "-" to  use  stdin  in  non-blocking
3380              mode  to  allow  reading  server output while stdin is being up‐
3381              loaded.
3382
3383              You can specify one -T, --upload-file for each URL on  the  com‐
3384              mand  line.  Each -T, --upload-file + URL pair specifies what to
3385              upload and to where. curl also supports "globbing"  of  the  -T,
3386              --upload-file  argument,  meaning  that  you can upload multiple
3387              files to a single URL by using the same URL globbing style  sup‐
3388              ported in the URL, like this:
3389
3390               curl --upload-file "{file1,file2}" http://www.example.com
3391
3392              or even
3393
3394               curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
3395
3396              When  uploading  to an SMTP server: the uploaded data is assumed
3397              to be RFC 5322 formatted. It has to feature the necessary set of
3398              headers  and  mail  body formatted correctly by the user as curl
3399              will not transcode nor encode it further in any way.
3400
3401       --url <url>
3402              Specify a URL to fetch. This option is  mostly  handy  when  you
3403              want to specify URL(s) in a config file.
3404
3405              If  the given URL is missing a scheme name (such as "http://" or
3406              "ftp://" etc) then curl will make a guess based on the host.  If
3407              the  outermost  sub-domain  name  matches DICT, FTP, IMAP, LDAP,
3408              POP3 or SMTP then that protocol will  be  used,  otherwise  HTTP
3409              will be used. Since 7.45.0 guessing can be disabled by setting a
3410              default protocol, see --proto-default for details.
3411
3412              This option may be used any number of times.  To  control  where
3413              this  URL  is written, use the -o, --output or the -O, --remote-
3414              name options.
3415
3416              Warning: On Windows, particular file://  accesses  can  be  con‐
3417              verted to network accesses by the operating system. Beware!
3418
3419       -B, --use-ascii
3420              (FTP  LDAP) Enable ASCII transfer. For FTP, this can also be en‐
3421              forced by using a URL that  ends  with  ";type=A".  This  option
3422              causes data sent to stdout to be in text mode for win32 systems.
3423
3424       -A, --user-agent <name>
3425              (HTTP) Specify the User-Agent string to send to the HTTP server.
3426              To encode blanks in the string, surround the string with  single
3427              quote  marks.  This header can also be set with the -H, --header
3428              or the --proxy-header options.
3429
3430              If you give an empty argument to -A, --user-agent (""), it  will
3431              remove  the  header completely from the request. If you prefer a
3432              blank header, you can set it to a single space (" ").
3433
3434              If this option is used several times, the last one will be used.
3435
3436       -u, --user <user:password>
3437              Specify the user name and password to use for server authentica‐
3438              tion. Overrides -n, --netrc and --netrc-optional.
3439
3440              If  you  simply  specify  the  user name, curl will prompt for a
3441              password.
3442
3443              The user name and passwords are split up  on  the  first  colon,
3444              which  makes  it impossible to use a colon in the user name with
3445              this option. The password can, still.
3446
3447              On systems where it works, curl will hide the given option argu‐
3448              ment  from  process listings. This is not enough to protect cre‐
3449              dentials from possibly getting seen by other users on  the  same
3450              system  as  they will still be visible for a brief moment before
3451              cleared. Such sensitive data should be retrieved from a file in‐
3452              stead or similar and never used in clear text in a command line.
3453
3454              When  using  Kerberos  V5 with a Windows based server you should
3455              include the Windows domain name in the user name, in  order  for
3456              the  server  to  successfully  obtain  a Kerberos Ticket. If you
3457              don't then the initial authentication handshake may fail.
3458
3459              When using NTLM, the user name can be specified  simply  as  the
3460              user  name,  without the domain, if there is a single domain and
3461              forest in your setup for example.
3462
3463              To specify the domain name use either Down-Level Logon  Name  or
3464              UPN (User Principal Name) formats. For example, EXAMPLE\user and
3465              user@example.com respectively.
3466
3467              If you use a Windows SSPI-enabled curl binary and  perform  Ker‐
3468              beros  V5, Negotiate, NTLM or Digest authentication then you can
3469              tell curl to select the user name and password from  your  envi‐
3470              ronment by specifying a single colon with this option: "-u :".
3471
3472              If this option is used several times, the last one will be used.
3473
3474       -v, --verbose
3475              Makes  curl  verbose  during the operation. Useful for debugging
3476              and seeing what's going on "under the  hood".  A  line  starting
3477              with  '>'  means  "header  data" sent by curl, '<' means "header
3478              data" received by curl that is hidden in  normal  cases,  and  a
3479              line starting with '*' means additional info provided by curl.
3480
3481              If you only want HTTP headers in the output, -i, --include might
3482              be the option you're looking for.
3483
3484              If you think this option still doesn't give you enough  details,
3485              consider using --trace or --trace-ascii instead.
3486
3487              Use -s, --silent to make curl really quiet.
3488
3489              See  also  -i,  --include.  This  option  overrides  --trace and
3490              --trace-ascii.
3491
3492       -V, --version
3493              Displays information about curl and the libcurl version it uses.
3494
3495              The first line includes the full version of  curl,  libcurl  and
3496              other 3rd party libraries linked with the executable.
3497
3498              The  second  line (starts with "Protocols:") shows all protocols
3499              that libcurl reports to support.
3500
3501              The third line (starts with "Features:") shows specific features
3502              libcurl reports to offer. Available features include:
3503
3504              alt-svc
3505                     Support for the Alt-Svc: header is provided.
3506
3507              AsynchDNS
3508                     This  curl  uses asynchronous name resolves. Asynchronous
3509                     name resolves can be done using either the c-ares or  the
3510                     threaded resolver backends.
3511
3512              brotli Support for automatic brotli compression over HTTP(S).
3513
3514              CharConv
3515                     curl was built with support for character set conversions
3516                     (like EBCDIC)
3517
3518              Debug  This curl uses a libcurl built with Debug.  This  enables
3519                     more  error-tracking  and memory debugging etc. For curl-
3520                     developers only!
3521
3522              gsasl  The built-in SASL authentication includes  extensions  to
3523                     support SCRAM because libcurl was built with libgsasl.
3524
3525              GSS-API
3526                     GSS-API is supported.
3527
3528              HSTS   HSTS support is present.
3529
3530              HTTP2  HTTP/2 support has been built-in.
3531
3532              HTTP3  HTTP/3 support has been built-in.
3533
3534              HTTPS-proxy
3535                     This curl is built to support HTTPS proxy.
3536
3537              IDN    This curl supports IDN - international domain names.
3538
3539              IPv6   You can use IPv6 with this.
3540
3541              Kerberos
3542                     Kerberos V5 authentication is supported.
3543
3544              Largefile
3545                     This curl supports transfers of large files, files larger
3546                     than 2GB.
3547
3548              libz   Automatic decompression (via gzip, deflate) of compressed
3549                     files over HTTP is supported.
3550
3551              Metalink
3552                     This curl supports Metalink.
3553
3554              MultiSSL
3555                     This curl supports multiple TLS backends.
3556
3557              NTLM   NTLM authentication is supported.
3558
3559              NTLM_WB
3560                     NTLM delegation to winbind helper is supported.
3561
3562              PSL    PSL  is  short for Public Suffix List and means that this
3563                     curl has been built with  knowledge  about  "public  suf‐
3564                     fixes".
3565
3566              SPNEGO SPNEGO authentication is supported.
3567
3568              SSL    SSL  versions of various protocols are supported, such as
3569                     HTTPS, FTPS, POP3S and so on.
3570
3571              SSPI   SSPI is supported.
3572
3573              TLS-SRP
3574                     SRP (Secure Remote Password) authentication is  supported
3575                     for TLS.
3576
3577              TrackMemory
3578                     Debug memory tracking is supported.
3579
3580              Unicode
3581                     Unicode support on Windows.
3582
3583              UnixSockets
3584                     Unix sockets support is provided.
3585
3586              zstd   Automatic  decompression  (via  zstd) of compressed files
3587                     over HTTP is supported.
3588
3589       -w, --write-out <format>
3590              Make curl display information on stdout after a completed trans‐
3591              fer.  The  format  is a string that may contain plain text mixed
3592              with any number of variables. The format can be specified  as  a
3593              literal  "string",  or  you can have curl read the format from a
3594              file with "@filename" and to tell curl to read the  format  from
3595              stdin you write "@-".
3596
3597              The  variables  present in the output format will be substituted
3598              by the value or text that curl thinks fit, as  described  below.
3599              All  variables are specified as %{variable_name} and to output a
3600              normal % you just write them as %%. You can output a newline  by
3601              using \n, a carriage return with \r and a tab space with \t.
3602
3603              The  output  will be written to standard output, but this can be
3604              switched to standard error by using %{stderr}.
3605
3606              NOTE: The %-symbol is a special symbol in the win32-environment,
3607              where  all  occurrences of % must be doubled when using this op‐
3608              tion.
3609
3610              The variables available are:
3611
3612              content_type   The Content-Type of the  requested  document,  if
3613                             there was any.
3614
3615              errormsg       The error message. (Added in 7.75.0)
3616
3617              exitcode       The numerical exitcode of the transfer. (Added in
3618                             7.75.0)
3619
3620              filename_effective
3621                             The ultimate filename that curl  writes  out  to.
3622                             This  is only meaningful if curl is told to write
3623                             to a file  with  the  -O,  --remote-name  or  -o,
3624                             --output  option. It's most useful in combination
3625                             with the -J, --remote-header-name option.  (Added
3626                             in 7.26.0)
3627
3628              ftp_entry_path The initial path curl ended up in when logging on
3629                             to the remote FTP server. (Added in 7.15.4)
3630
3631              http_code      The numerical response code that was found in the
3632                             last  retrieved  HTTP(S)  or  FTP(s) transfer. In
3633                             7.18.2 the alias response_code was added to  show
3634                             the same info.
3635
3636              http_connect   The numerical code that was found in the last re‐
3637                             sponse (from a proxy) to a curl CONNECT  request.
3638                             (Added in 7.12.4)
3639
3640              http_version   The  http  version  that  was  effectively  used.
3641                             (Added in 7.50.0)
3642
3643              json           A JSON object with all available keys.
3644
3645              local_ip       The IP address of the local end of the  most  re‐
3646                             cently  done  connection  - can be either IPv4 or
3647                             IPv6 (Added in 7.29.0)
3648
3649              local_port     The local port number of the most  recently  done
3650                             connection (Added in 7.29.0)
3651
3652              method         The  http method used in the most recent HTTP re‐
3653                             quest (Added in 7.72.0)
3654
3655              num_connects   Number of new connects made in the recent  trans‐
3656                             fer. (Added in 7.12.3)
3657
3658              num_headers    The number of response headers in the most recent
3659                             request (restarted at each
3660                              redirect). Note that the status line  IS  NOT  a
3661                             header. (Added in 7.73.0)
3662
3663              num_redirects  Number of redirects that were followed in the re‐
3664                             quest. (Added in 7.12.3)
3665
3666              onerror        The rest of the  output  is  only  shown  if  the
3667                             transfer  returned  a  non-zero  error  (Added in
3668                             7.75.0)
3669
3670              proxy_ssl_verify_result
3671                             The result of the HTTPS proxy's SSL peer certifi‐
3672                             cate verification that was requested. 0 means the
3673                             verification was successful. (Added in 7.52.0)
3674
3675              redirect_url   When an HTTP request was made without -L, --loca‐
3676                             tion  to follow redirects (or when --max-redir is
3677                             met), this variable will show the  actual  URL  a
3678                             redirect would have gone to. (Added in 7.18.2)
3679
3680              referer        The  Referer: header, if there was any. (Added in
3681                             7.76.0)
3682
3683              remote_ip      The remote IP address of the most  recently  done
3684                             connection - can be either IPv4 or IPv6 (Added in
3685                             7.29.0)
3686
3687              remote_port    The remote port number of the most recently  done
3688                             connection (Added in 7.29.0)
3689
3690              response_code  The numerical response code that was found in the
3691                             last transfer (formerly  known  as  "http_code").
3692                             (Added in 7.18.2)
3693
3694              scheme         The  URL  scheme (sometimes called protocol) that
3695                             was effectively used (Added in 7.52.0)
3696
3697              size_download  The total amount of bytes that were downloaded.
3698
3699              size_header    The total amount of bytes of the downloaded head‐
3700                             ers.
3701
3702              size_request   The  total  amount of bytes that were sent in the
3703                             HTTP request.
3704
3705              size_upload    The total amount of bytes that were uploaded.
3706
3707              speed_download The average download speed that curl measured for
3708                             the complete download. Bytes per second.
3709
3710              speed_upload   The  average  upload speed that curl measured for
3711                             the complete upload. Bytes per second.
3712
3713              ssl_verify_result
3714                             The result of the SSL peer certificate  verifica‐
3715                             tion that was requested. 0 means the verification
3716                             was successful. (Added in 7.19.0)
3717
3718              stderr         From this point on, the  -w,  --write-out  output
3719                             will  be  written  to  standard  error. (Added in
3720                             7.63.0)
3721
3722              stdout         From this point on, the  -w,  --write-out  output
3723                             will  be written to standard output.  This is the
3724                             default, but can be used  to  switch  back  after
3725                             switching to stderr.  (Added in 7.63.0)
3726
3727              time_appconnect
3728                             The  time, in seconds, it took from the start un‐
3729                             til the SSL/SSH/etc connect/handshake to the  re‐
3730                             mote host was completed. (Added in 7.19.0)
3731
3732              time_connect   The  time, in seconds, it took from the start un‐
3733                             til the TCP connect to the remote host (or proxy)
3734                             was completed.
3735
3736              time_namelookup
3737                             The  time, in seconds, it took from the start un‐
3738                             til the name resolving was completed.
3739
3740              time_pretransfer
3741                             The time, in seconds, it took from the start  un‐
3742                             til  the  file  transfer was just about to begin.
3743                             This includes all pre-transfer commands and nego‐
3744                             tiations that are specific to the particular pro‐
3745                             tocol(s) involved.
3746
3747              time_redirect  The time, in seconds, it took for all redirection
3748                             steps including name lookup, connect, pretransfer
3749                             and transfer before  the  final  transaction  was
3750                             started.  time_redirect shows the complete execu‐
3751                             tion time for multiple  redirections.  (Added  in
3752                             7.12.3)
3753
3754              time_starttransfer
3755                             The  time, in seconds, it took from the start un‐
3756                             til the first byte was just about  to  be  trans‐
3757                             ferred.  This  includes time_pretransfer and also
3758                             the time the server needed to calculate  the  re‐
3759                             sult.
3760
3761              time_total     The  total time, in seconds, that the full opera‐
3762                             tion lasted.
3763
3764              url            The URL that was fetched. (Added in 7.75.0)
3765
3766              urlnum         The URL index number of this transfer, 0-indexed.
3767                             (Added in 7.75.0)
3768
3769              url_effective  The URL that was fetched last. This is most mean‐
3770                             ingful if you've told curl  to  follow  location:
3771                             headers.
3772
3773              If this option is used several times, the last one will be used.
3774
3775       --xattr
3776              When  saving  output  to a file, this option tells curl to store
3777              certain file metadata in extended  file  attributes.  Currently,
3778              the URL is stored in the xdg.origin.url attribute and, for HTTP,
3779              the content type is stored in the mime_type  attribute.  If  the
3780              file  system  does not support extended attributes, a warning is
3781              issued.
3782

FILES

3784       ~/.curlrc
3785              Default config file, see -K, --config for details.
3786

ENVIRONMENT

3788       The environment variables can be specified in lower case or upper case.
3789       The lower case version has precedence. http_proxy is an exception as it
3790       is only available in lower case.
3791
3792       Using an environment variable to set the proxy has the same  effect  as
3793       using the -x, --proxy option.
3794
3795
3796       http_proxy [protocol://]<host>[:port]
3797              Sets the proxy server to use for HTTP.
3798
3799       HTTPS_PROXY [protocol://]<host>[:port]
3800              Sets the proxy server to use for HTTPS.
3801
3802       [url-protocol]_PROXY [protocol://]<host>[:port]
3803              Sets  the proxy server to use for [url-protocol], where the pro‐
3804              tocol is a protocol that curl supports and  as  specified  in  a
3805              URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
3806
3807       ALL_PROXY [protocol://]<host>[:port]
3808              Sets  the  proxy  server to use if no protocol-specific proxy is
3809              set.
3810
3811       NO_PROXY <comma-separated list of hosts/domains>
3812              list of host names that shouldn't go through any proxy.  If  set
3813              to an asterisk '*' only, it matches all hosts. Each name in this
3814              list is matched as either a domain name which contains the host‐
3815              name, or the hostname itself.
3816
3817              This  environment  variable  disables use of the proxy even when
3818              specified with the -x,  --proxy  option.  That  is  NO_PROXY=di‐
3819              rect.example.com  curl  -x  http://proxy.example.com  http://di
3820              rect.example.com  accesses  the   target   URL   directly,   and
3821              NO_PROXY=direct.example.com   curl  -x  http://proxy.example.com
3822              http://somewhere.example.com accesses the target URL through the
3823              proxy.
3824
3825              The  list  of  host  names  can also be include numerical IP ad‐
3826              dresses, and IPv6 versions should then be given without  enclos‐
3827              ing brackets.
3828
3829              IPv6  numerical  addresses are compared as strings, so they will
3830              only match if the representations are the  same:  "::1"  is  the
3831              same as "::0:1" but they don't match.
3832
3833       CURL_SSL_BACKEND <TLS backend>
3834              If  curl  was built with support for "MultiSSL", meaning that it
3835              has built-in support for more than one TLS backend,  this  envi‐
3836              ronment  variable can be set to the case insensitive name of the
3837              particular backend to use when curl is invoked. Setting  a  name
3838              that  isn't  a built-in alternative will make curl stay with the
3839              default.
3840
3841              SSL backend names (case-insensitive):  bearssl,  gnutls,  gskit,
3842              mbedtls, mesalink, nss, openssl, rustls, schannel, secure-trans‐
3843              port, wolfssl
3844
3845       QLOGDIR <directory name>
3846              If curl was built with HTTP/3 support, setting this  environment
3847              variable  to  a  local directory will make curl produce qlogs in
3848              that directory, using file names  named  after  the  destination
3849              connection  id  (in  hex).  Do  note that these files can become
3850              rather large. Works with both QUIC backends.
3851
3852       SSLKEYLOGFILE <file name>
3853              If you set this environment variable to a file name,  curl  will
3854              store TLS secrets from its connections in that file when invoked
3855              to enable you to analyze the TLS traffic in real time using net‐
3856              work analyzing tools such as Wireshark. This works with the fol‐
3857              lowing TLS backends: OpenSSL, libressl, BoringSSL,  GnuTLS,  NSS
3858              and wolfSSL.
3859

PROXY PROTOCOL PREFIXES

3861       Since  curl  version  7.21.7,  the proxy string may be specified with a
3862       protocol:// prefix to specify alternative proxy protocols.
3863
3864       If no protocol is specified in  the  proxy  string  or  if  the  string
3865       doesn't  match  a  supported  one, the proxy will be treated as an HTTP
3866       proxy.
3867
3868       The supported proxy protocol prefixes are as follows:
3869
3870       http://
3871              Makes it use it as an HTTP proxy. The default if no scheme  pre‐
3872              fix is used.
3873
3874       https://
3875              Makes it treated as an HTTPS proxy.
3876
3877       socks4://
3878              Makes it the equivalent of --socks4
3879
3880       socks4a://
3881              Makes it the equivalent of --socks4a
3882
3883       socks5://
3884              Makes it the equivalent of --socks5
3885
3886       socks5h://
3887              Makes it the equivalent of --socks5-hostname
3888

EXIT CODES

3890       There  are a bunch of different error codes and their corresponding er‐
3891       ror messages that may appear during bad conditions. At the time of this
3892       writing, the exit codes are:
3893
3894       1      Unsupported protocol. This build of curl has no support for this
3895              protocol.
3896
3897       2      Failed to initialize.
3898
3899       3      URL malformed. The syntax was not correct.
3900
3901       4      A feature or option that was needed to perform the  desired  re‐
3902              quest  was not enabled or was explicitly disabled at build-time.
3903              To make curl able to do this, you probably need another build of
3904              libcurl!
3905
3906       5      Couldn't  resolve  proxy.  The given proxy host could not be re‐
3907              solved.
3908
3909       6      Couldn't resolve host. The given remote host was not resolved.
3910
3911       7      Failed to connect to host.
3912
3913       8      Weird server reply. The server sent data curl couldn't parse.
3914
3915       9      FTP access denied. The server denied login or denied  access  to
3916              the  particular  resource or directory you wanted to reach. Most
3917              often you tried to change to a directory that doesn't  exist  on
3918              the server.
3919
3920       10     FTP  accept failed. While waiting for the server to connect back
3921              when an active FTP session is used, an error code was sent  over
3922              the control connection or similar.
3923
3924       11     FTP  weird PASS reply. Curl couldn't parse the reply sent to the
3925              PASS request.
3926
3927       12     During an active FTP session while waiting  for  the  server  to
3928              connect back to curl, the timeout expired.
3929
3930       13     FTP  weird PASV reply, Curl couldn't parse the reply sent to the
3931              PASV request.
3932
3933       14     FTP weird 227 format.  Curl  couldn't  parse  the  227-line  the
3934              server sent.
3935
3936       15     FTP  can't  get host. Couldn't resolve the host IP we got in the
3937              227-line.
3938
3939       16     HTTP/2 error. A problem was detected in the HTTP2 framing layer.
3940              This is somewhat generic and can be one out of several problems,
3941              see the error message for details.
3942
3943       17     FTP couldn't set binary. Couldn't change transfer method to  bi‐
3944              nary.
3945
3946       18     Partial file. Only a part of the file was transferred.
3947
3948       19     FTP  couldn't download/access the given file, the RETR (or simi‐
3949              lar) command failed.
3950
3951       21     FTP quote error. A quote command returned error from the server.
3952
3953       22     HTTP page not retrieved. The requested url was not found or  re‐
3954              turned  another  error  with  the  HTTP  error code being 400 or
3955              above. This return code only appears if -f, --fail is used.
3956
3957       23     Write error. Curl couldn't write data to a local  filesystem  or
3958              similar.
3959
3960       25     FTP  couldn't  STOR  file. The server denied the STOR operation,
3961              used for FTP uploading.
3962
3963       26     Read error. Various reading problems.
3964
3965       27     Out of memory. A memory allocation request failed.
3966
3967       28     Operation timeout. The specified time-out period was reached ac‐
3968              cording to the conditions.
3969
3970       30     FTP  PORT  failed.  The PORT command failed. Not all FTP servers
3971              support the PORT command, try doing a transfer  using  PASV  in‐
3972              stead!
3973
3974       31     FTP  couldn't use REST. The REST command failed. This command is
3975              used for resumed FTP transfers.
3976
3977       33     HTTP range error. The range "command" didn't work.
3978
3979       34     HTTP post error. Internal post-request generation error.
3980
3981       35     SSL connect error. The SSL handshaking failed.
3982
3983       36     Bad download resume. Couldn't continue an earlier aborted  down‐
3984              load.
3985
3986       37     FILE couldn't read file. Failed to open the file. Permissions?
3987
3988       38     LDAP cannot bind. LDAP bind operation failed.
3989
3990       39     LDAP search failed.
3991
3992       41     Function not found. A required LDAP function was not found.
3993
3994       42     Aborted by callback. An application told curl to abort the oper‐
3995              ation.
3996
3997       43     Internal error. A function was called with a bad parameter.
3998
3999       45     Interface error. A specified outgoing  interface  could  not  be
4000              used.
4001
4002       47     Too many redirects. When following redirects, curl hit the maxi‐
4003              mum amount.
4004
4005       48     Unknown option specified to libcurl.  This  indicates  that  you
4006              passed  a weird option to curl that was passed on to libcurl and
4007              rejected. Read up in the manual!
4008
4009       49     Malformed telnet option.
4010
4011       51     The peer's SSL certificate or SSH MD5 fingerprint was not OK.
4012
4013       52     The server didn't reply anything, which here  is  considered  an
4014              error.
4015
4016       53     SSL crypto engine not found.
4017
4018       54     Cannot set SSL crypto engine as default.
4019
4020       55     Failed sending network data.
4021
4022       56     Failure in receiving network data.
4023
4024       58     Problem with the local certificate.
4025
4026       59     Couldn't use specified SSL cipher.
4027
4028       60     Peer  certificate cannot be authenticated with known CA certifi‐
4029              cates.
4030
4031       61     Unrecognized transfer encoding.
4032
4033       62     Invalid LDAP URL.
4034
4035       63     Maximum file size exceeded.
4036
4037       64     Requested FTP SSL level failed.
4038
4039       65     Sending the data requires a rewind that failed.
4040
4041       66     Failed to initialise SSL Engine.
4042
4043       67     The user name, password, or similar was not  accepted  and  curl
4044              failed to log in.
4045
4046       68     File not found on TFTP server.
4047
4048       69     Permission problem on TFTP server.
4049
4050       70     Out of disk space on TFTP server.
4051
4052       71     Illegal TFTP operation.
4053
4054       72     Unknown TFTP transfer ID.
4055
4056       73     File already exists (TFTP).
4057
4058       74     No such user (TFTP).
4059
4060       75     Character conversion failed.
4061
4062       76     Character conversion functions required.
4063
4064       77     Problem with reading the SSL CA cert (path? access rights?).
4065
4066       78     The resource referenced in the URL does not exist.
4067
4068       79     An unspecified error occurred during the SSH session.
4069
4070       80     Failed to shut down the SSL connection.
4071
4072       82     Could  not  load  CRL  file,  missing  or wrong format (added in
4073              7.19.0).
4074
4075       83     Issuer check failed (added in 7.19.0).
4076
4077       84     The FTP PRET command failed
4078
4079       85     RTSP: mismatch of CSeq numbers
4080
4081       86     RTSP: mismatch of Session Identifiers
4082
4083       87     unable to parse FTP file list
4084
4085       88     FTP chunk callback reported error
4086
4087       89     No connection available, the session will be queued
4088
4089       90     SSL public key does not matched pinned public key
4090
4091       91     Invalid SSL certificate status.
4092
4093       92     Stream error in HTTP/2 framing layer.
4094
4095       93     An API function was called from inside a callback.
4096
4097       94     An authentication function returned an error.
4098
4099       95     A problem was detected in the HTTP/3  layer.  This  is  somewhat
4100              generic  and  can  be one out of several problems, see the error
4101              message for details.
4102
4103       96     QUIC connection error. This error may be caused by  an  SSL  li‐
4104              brary error. QUIC is the protocol used for HTTP/3 transfers.
4105
4106       XX     More error codes will appear here in future releases. The exist‐
4107              ing ones are meant to never change.
4108

AUTHORS / CONTRIBUTORS

4110       Daniel Stenberg is the main author, but the whole list of  contributors
4111       is found in the separate THANKS file.
4112

WWW

4114       https://curl.se
4115

SEE ALSO

4117       ftp(1), wget(1)
4118
4119
4120
4121Curl 7.76.1                    November 16, 2016                       curl(1)
Impressum