1curl(1) Curl Manual curl(1)
2
3
4
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool to transfer data from or to a server, using one of the
13 supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP,
14 IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP,
15 SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to
16 work without user interaction.
17
18 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume, Metalink, and more. As you will see below, the number of
21 features will make your head spin!
22
23 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You'll find a detailed descrip‐
28 tion in RFC 3986.
29
30 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces and quoting the URL as in:
32
33 "http://site.{one,two,three}.com"
34
35 or you can get sequences of alphanumeric series by using [] as in:
36
37 "ftp://ftp.example.com/file[1-100].txt"
38
39 "ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
40
41 "ftp://ftp.example.com/file[a-z].txt"
42
43 Nested sequences are not supported, but you can use several ones next
44 to each other:
45
46 "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
47
48 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52
53 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55
56 "http://example.com/file[1-100:10].txt"
57
58 "http://example.com/file[a-z:2].txt"
59
60 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64
65 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67
68 "http://[fe80::3%25eth0]/"
69
70 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75
76 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is instead very liberal with what it accepts.
79
80 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invokes.
85
87 If not told otherwise, curl writes the received data to stdout. It can
88 be instructed to instead save that data into a local file, using the
89 -o, --output or -O, --remote-name options. If curl is given multiple
90 URLs to transfer on the command line, it similarly needs multiple op‐
91 tions for where to save them.
92
93 curl does not parse or otherwise "understand" the content it gets or
94 writes as output. It does no encoding or decoding, unless explicitly
95 asked so with dedicated command line options.
96
98 curl supports numerous protocols, or put in URL terms: schemes. Your
99 particular build may not support them all.
100
101 DICT Lets you lookup words using online dictionaries.
102
103 FILE Read or write local files. curl does not support accessing
104 file:// URL remotely, but when running on Microsoft Windows us‐
105 ing the native UNC approach will work.
106
107 FTP(S) curl supports the File Transfer Protocol with a lot of tweaks
108 and levers. With or without using TLS.
109
110 GOPHER Retrieve files.
111
112 HTTP(S)
113 curl supports HTTP with numerous options and variations. It can
114 speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op‐
115 tions and the correct command line options.
116
117 IMAP(S)
118 Using the mail reading protocol, curl can "download" emails for
119 you. With or without using TLS.
120
121 LDAP(S)
122 curl can do directory lookups for you, with or without TLS.
123
124 MQTT curl supports MQTT version 3. Downloading over MQTT equals "sub‐
125 scribe" to a topic while uploading/posting equals "publish" on a
126 topic. MQTT support is experimental and TLS based MQTT is not
127 supported (yet).
128
129 POP3(S)
130 Downloading from a pop3 server means getting a mail. With or
131 without using TLS.
132
133 RTMP(S)
134 The Realtime Messaging Protocol is primarily used to server
135 streaming media and curl can download it.
136
137 RTSP curl supports RTSP 1.0 downloads.
138
139 SCP curl supports SSH version 2 scp transfers.
140
141 SFTP curl supports SFTP (draft 5) done over SSH version 2.
142
143 SMB(S) curl supports SMB version 1 for upload and download.
144
145 SMTP(S)
146 Uploading contents to an SMTP server means sending an email.
147 With or without TLS.
148
149 TELNET Telling curl to fetch a telnet URL starts an interactive session
150 where it sends what it reads on stdin and outputs what the
151 server sends it.
152
153 TFTP curl can do TFTP downloads and uploads.
154
156 curl normally displays a progress meter during operations, indicating
157 the amount of transferred data, transfer speeds and estimated time
158 left, etc. The progress meter displays number of bytes and the speeds
159 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
160 For example 1k is 1024 bytes. 1M is 1048576 bytes.
161
162 curl displays this data to the terminal by default, so if you invoke
163 curl to do an operation and it is about to write data to the terminal,
164 it disables the progress meter as otherwise it would mess up the output
165 mixing progress meter and response data.
166
167 If you want a progress meter for HTTP POST or PUT requests, you need to
168 redirect the response output to a file, using shell redirect (>), -o,
169 --output or similar.
170
171 It is not the same case for FTP upload as that operation does not spit
172 out any response data to the terminal.
173
174 If you prefer a progress "bar" instead of the regular meter, -#,
175 --progress-bar is your friend. You can also disable the progress meter
176 completely with the -s, --silent option.
177
179 Options start with one or two dashes. Many of the options require an
180 additional value next to them.
181
182 The short "single-dash" form of the options, -d for example, may be
183 used with or without a space between it and its value, although a space
184 is a recommended separator. The long "double-dash" form, -d, --data for
185 example, requires a space between it and its value.
186
187 Short version options that don't need any additional values can be used
188 immediately next to each other, like for example you can specify all
189 the options -O, -L and -v at once as -OLv.
190
191 In general, all boolean options are enabled with --option and yet again
192 disabled with --no-option. That is, you use the exact same option name
193 but prefix it with "no-". However, in this list we mostly only list and
194 show the --option version of them. (This concept with --no options was
195 added in 7.19.0. Previously most options were toggled on/off on re‐
196 peated use of the same command line option.)
197
198 --abstract-unix-socket <path>
199 (HTTP) Connect through an abstract Unix domain socket, instead
200 of using the network. Note: netstat shows the path of an ab‐
201 stract socket prefixed with '@', however the <path> argument
202 should not have this leading character.
203
204 Added in 7.53.0.
205
206 --alt-svc <file name>
207 (HTTPS) WARNING: this option is experimental. Do not use in pro‐
208 duction.
209
210 This option enables the alt-svc parser in curl. If the file name
211 points to an existing alt-svc cache file, that will be used. Af‐
212 ter a completed transfer, the cache will be saved to the file
213 name again if it has been modified.
214
215 Specify a "" file name (zero length) to avoid loading/saving and
216 make curl just handle the cache in memory.
217
218 If this option is used several times, curl will load contents
219 from all the files but the last one will be used for saving.
220
221 Added in 7.64.1.
222
223 --anyauth
224 (HTTP) Tells curl to figure out authentication method by itself,
225 and use the most secure one the remote site claims to support.
226 This is done by first doing a request and checking the response-
227 headers, thus possibly inducing an extra network round-trip.
228 This is used instead of setting a specific authentication
229 method, which you can do with --basic, --digest, --ntlm, and
230 --negotiate.
231
232 Using --anyauth is not recommended if you do uploads from stdin,
233 since it may require data to be sent twice and then the client
234 must be able to rewind. If the need should arise when uploading
235 from stdin, the upload operation will fail.
236
237 Used together with -u, --user.
238
239 See also --proxy-anyauth, --basic and --digest.
240
241 -a, --append
242 (FTP SFTP) When used in an upload, this makes curl append to the
243 target file instead of overwriting it. If the remote file
244 doesn't exist, it will be created. Note that this flag is ig‐
245 nored by some SFTP servers (including OpenSSH).
246
247 --aws-sigv4 <provider1[:provider2[:region[:service]]]>
248 Use AWS V4 signature authentication in the transfer.
249
250 The provider argument is a string that is used by the algorithm
251 when creating outgoing authentication headers.
252
253 The region argument is a string that points to a geographic area
254 of a resources collection (region-code) when the region name is
255 omitted from the endpoint.
256
257 The service argument is a string that points to a function pro‐
258 vided by a cloud (service-code) when the service name is omitted
259 from the endpoint.
260
261 Added in 7.75.0.
262
263 --basic
264 (HTTP) Tells curl to use HTTP Basic authentication with the re‐
265 mote host. This is the default and this option is usually point‐
266 less, unless you use it to override a previously set option that
267 sets a different authentication method (such as --ntlm, --di‐
268 gest, or --negotiate).
269
270 Used together with -u, --user.
271
272 See also --proxy-basic.
273
274 --cacert <file>
275 (TLS) Tells curl to use the specified certificate file to verify
276 the peer. The file may contain multiple CA certificates. The
277 certificate(s) must be in PEM format. Normally curl is built to
278 use a default file for this, so this option is typically used to
279 alter that default file.
280
281 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
282 if it is set, and uses the given path as a path to a CA cert
283 bundle. This option overrides that variable.
284
285 The windows version of curl will automatically look for a CA
286 certs file named ´curl-ca-bundle.crt´, either in the same direc‐
287 tory as curl.exe, or in the Current Working Directory, or in any
288 folder along your PATH.
289
290 If curl is built against the NSS SSL library, the NSS PEM
291 PKCS#11 module (libnsspem.so) needs to be available for this op‐
292 tion to work properly.
293
294 (iOS and macOS only) If curl is built against Secure Transport,
295 then this option is supported for backward compatibility with
296 other SSL engines, but it should not be set. If the option is
297 not set, then curl will use the certificates in the system and
298 user Keychain to verify the peer, which is the preferred method
299 of verifying the peer's certificate chain.
300
301 (Schannel only) This option is supported for Schannel in Windows
302 7 or later with libcurl 7.60 or later. This option is supported
303 for backward compatibility with other SSL engines; instead it is
304 recommended to use Windows' store of root certificates (the de‐
305 fault for Schannel).
306
307 If this option is used several times, the last one will be used.
308
309 --capath <dir>
310 (TLS) Tells curl to use the specified certificate directory to
311 verify the peer. Multiple paths can be provided by separating
312 them with ":" (e.g. "path1:path2:path3"). The certificates must
313 be in PEM format, and if curl is built against OpenSSL, the di‐
314 rectory must have been processed using the c_rehash utility sup‐
315 plied with OpenSSL. Using --capath can allow OpenSSL-powered
316 curl to make SSL-connections much more efficiently than using
317 --cacert if the --cacert file contains many CA certificates.
318
319 If this option is set, the default capath value will be ignored,
320 and if it is used several times, the last one will be used.
321
322 --cert-status
323 (TLS) Tells curl to verify the status of the server certificate
324 by using the Certificate Status Request (aka. OCSP stapling) TLS
325 extension.
326
327 If this option is enabled and the server sends an invalid (e.g.
328 expired) response, if the response suggests that the server cer‐
329 tificate has been revoked, or no response at all is received,
330 the verification fails.
331
332 This is currently only implemented in the OpenSSL, GnuTLS and
333 NSS backends.
334
335 Added in 7.41.0.
336
337 --cert-type <type>
338 (TLS) Tells curl what type the provided client certificate is
339 using. PEM, DER, ENG and P12 are recognized types. If not spec‐
340 ified, PEM is assumed.
341
342 If this option is used several times, the last one will be used.
343
344 See also -E, --cert, --key and --key-type.
345
346 -E, --cert <certificate[:password]>
347 (TLS) Tells curl to use the specified client certificate file
348 when getting a file with HTTPS, FTPS or another SSL-based proto‐
349 col. The certificate must be in PKCS#12 format if using Secure
350 Transport, or PEM format if using any other engine. If the op‐
351 tional password isn't specified, it will be queried for on the
352 terminal. Note that this option assumes a "certificate" file
353 that is the private key and the client certificate concatenated!
354 See -E, --cert and --key to specify them independently.
355
356 If curl is built against the NSS SSL library then this option
357 can tell curl the nickname of the certificate to use within the
358 NSS database defined by the environment variable SSL_DIR (or by
359 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
360 nsspem.so) is available then PEM files may be loaded. If you
361 want to use a file from the current directory, please precede it
362 with "./" prefix, in order to avoid confusion with a nickname.
363 If the nickname contains ":", it needs to be preceded by "\" so
364 that it is not recognized as password delimiter. If the nick‐
365 name contains "\", it needs to be escaped as "\\" so that it is
366 not recognized as an escape character.
367
368 If curl is built against OpenSSL library, and the engine pkcs11
369 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
370 ify a certificate located in a PKCS#11 device. A string begin‐
371 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
372 PKCS#11 URI is provided, then the --engine option will be set as
373 "pkcs11" if none was provided and the --cert-type option will be
374 set as "ENG" if none was provided.
375
376 (iOS and macOS only) If curl is built against Secure Transport,
377 then the certificate string can either be the name of a certifi‐
378 cate/private key in the system or user keychain, or the path to
379 a PKCS#12-encoded certificate and private key. If you want to
380 use a file from the current directory, please precede it with
381 "./" prefix, in order to avoid confusion with a nickname.
382
383 (Schannel only) Client certificates must be specified by a path
384 expression to a certificate store. (Loading PFX is not sup‐
385 ported; you can import it to a store first). You can use "<store
386 location>\<store name>\<thumbprint>" to refer to a certificate
387 in the system certificates store, for example, "Curren‐
388 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
389 is usually a SHA-1 hex string which you can see in certificate
390 details. Following store locations are supported: CurrentUser,
391 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
392 LocalMachineGroupPolicy, LocalMachineEnterprise.
393
394 If this option is used several times, the last one will be used.
395
396 See also --cert-type, --key and --key-type.
397
398 --ciphers <list of ciphers>
399 (TLS) Specifies which ciphers to use in the connection. The list
400 of ciphers must specify valid ciphers. Read up on SSL cipher
401 list details on this URL:
402
403 https://curl.se/docs/ssl-ciphers.html
404
405 If this option is used several times, the last one will be used.
406
407 --compressed-ssh
408 (SCP SFTP) Enables built-in SSH compression. This is a request,
409 not an order; the server may or may not do it.
410
411 Added in 7.56.0.
412
413 --compressed
414 (HTTP) Request a compressed response using one of the algorithms
415 curl supports, and automatically decompress the content. Headers
416 are not modified.
417
418 If this option is used and the server sends an unsupported en‐
419 coding, curl will report an error.
420
421 -K, --config <file>
422
423 Specify a text file to read curl arguments from. The command
424 line arguments found in the text file will be used as if they
425 were provided on the command line.
426
427 Options and their parameters must be specified on the same line
428 in the file, separated by whitespace, colon, or the equals sign.
429 Long option names can optionally be given in the config file
430 without the initial double dashes and if so, the colon or equals
431 characters can be used as separators. If the option is specified
432 with one or two dashes, there can be no colon or equals charac‐
433 ter between the option and its parameter.
434
435 If the parameter contains whitespace (or starts with : or =),
436 the parameter must be enclosed within quotes. Within double
437 quotes, the following escape sequences are available: \\, \",
438 \t, \n, \r and \v. A backslash preceding any other letter is ig‐
439 nored. If the first column of a config line is a '#' character,
440 the rest of the line will be treated as a comment. Only write
441 one option per physical line in the config file.
442
443 Specify the filename to -K, --config as '-' to make curl read
444 the file from stdin.
445
446 Note that to be able to specify a URL in the config file, you
447 need to specify it using the --url option, and not by simply
448 writing the URL on its own line. So, it could look similar to
449 this:
450
451 url = "https://curl.se/docs/"
452
453 When curl is invoked, it (unless -q, --disable is used) checks
454 for a default config file and uses it if found. The default con‐
455 fig file is checked for in the following places in this order:
456
457 1) Use the CURL_HOME environment variable if set
458
459 2) Use the XDG_CONFIG_HOME environment variable if set (Added in
460 7.73.0)
461
462 3) Use the HOME environment variable if set
463
464 4) Non-windows: use getpwuid to find the home directory
465
466 5) Windows: use APPDATA if set
467
468 6) Windows: use "USERPROFILE0lication Data" if set
469
470 7) On windows, if there is no .curlrc file in the home dir, it
471 checks for one in the same dir the curl executable is placed. On
472 Unix-like systems, it will simply try to load .curlrc from the
473 determined home dir.
474
475 # --- Example file ---
476 # this is a comment
477 url = "example.com"
478 output = "curlhere.html"
479 user-agent = "superagent/1.0"
480
481 # and fetch another URL too
482 url = "example.com/docs/manpage.html"
483 -O
484 referer = "http://nowhereatall.example.com/"
485 # --- End of example file ---
486
487 This option can be used multiple times to load multiple config
488 files.
489
490 --connect-timeout <seconds>
491 Maximum time in seconds that you allow curl's connection to
492 take. This only limits the connection phase, so if curl con‐
493 nects within the given period it will continue - if not it will
494 exit. Since version 7.32.0, this option accepts decimal values.
495
496 If this option is used several times, the last one will be used.
497
498 See also -m, --max-time.
499
500 --connect-to <HOST1:PORT1:HOST2:PORT2>
501
502 For a request to the given HOST1:PORT1 pair, connect to
503 HOST2:PORT2 instead. This option is suitable to direct requests
504 at a specific server, e.g. at a specific cluster node in a clus‐
505 ter of servers. This option is only used to establish the net‐
506 work connection. It does NOT affect the hostname/port that is
507 used for TLS/SSL (e.g. SNI, certificate verification) or for the
508 application protocols. "HOST1" and "PORT1" may be the empty
509 string, meaning "any host/port". "HOST2" and "PORT2" may also be
510 the empty string, meaning "use the request's original
511 host/port".
512
513 A "host" specified to this option is compared as a string, so it
514 needs to match the name used in request URL. It can be either
515 numerical such as "127.0.0.1" or the full host name such as "ex‐
516 ample.org".
517
518 This option can be used many times to add many connect rules.
519
520 See also --resolve and -H, --header. Added in 7.49.0.
521
522 -C, --continue-at <offset>
523 Continue/Resume a previous file transfer at the given offset.
524 The given offset is the exact number of bytes that will be
525 skipped, counting from the beginning of the source file before
526 it is transferred to the destination. If used with uploads, the
527 FTP server command SIZE will not be used by curl.
528
529 Use "-C -" to tell curl to automatically find out where/how to
530 resume the transfer. It then uses the given output/input files
531 to figure that out.
532
533 If this option is used several times, the last one will be used.
534
535 See also -r, --range.
536
537 -c, --cookie-jar <filename>
538 (HTTP) Specify to which file you want curl to write all cookies
539 after a completed operation. Curl writes all cookies from its
540 in-memory cookie storage to the given file at the end of opera‐
541 tions. If no cookies are known, no data will be written. The
542 file will be written using the Netscape cookie file format. If
543 you set the file name to a single dash, "-", the cookies will be
544 written to stdout.
545
546 This command line option will activate the cookie engine that
547 makes curl record and use cookies. Another way to activate it is
548 to use the -b, --cookie option.
549
550 If the cookie jar can't be created or written to, the whole curl
551 operation won't fail or even report an error clearly. Using -v,
552 --verbose will get a warning displayed, but that is the only
553 visible feedback you get about this possibly lethal situation.
554
555 If this option is used several times, the last specified file
556 name will be used.
557
558 -b, --cookie <data|filename>
559 (HTTP) Pass the data to the HTTP server in the Cookie header. It
560 is supposedly the data previously received from the server in a
561 "Set-Cookie:" line. The data should be in the format
562 "NAME1=VALUE1; NAME2=VALUE2".
563
564 If no '=' symbol is used in the argument, it is instead treated
565 as a filename to read previously stored cookie from. This option
566 also activates the cookie engine which will make curl record in‐
567 coming cookies, which may be handy if you're using this in com‐
568 bination with the -L, --location option or do multiple URL
569 transfers on the same invoke. If the file name is exactly a mi‐
570 nus ("-"), curl will instead read the contents from stdin.
571
572 The file format of the file to read cookies from should be plain
573 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
574 file format.
575
576 The file specified with -b, --cookie is only used as input. No
577 cookies will be written to the file. To store cookies, use the
578 -c, --cookie-jar option.
579
580 Exercise caution if you are using this option and multiple
581 transfers may occur. If you use the NAME1=VALUE1; format, or in
582 a file use the Set-Cookie format and don't specify a domain,
583 then the cookie is sent for any domain (even after redirects are
584 followed) and cannot be modified by a server-set cookie. If the
585 cookie engine is enabled and a server sets a cookie of the same
586 name then both will be sent on a future transfer to that server,
587 likely not what you intended. To address these issues set a do‐
588 main in Set-Cookie (doing that will include sub domains) or use
589 the Netscape format.
590
591 This option can be used multiple times.
592
593 Users very often want to both read cookies from a file and write
594 updated cookies back to a file, so using both -b, --cookie and
595 -c, --cookie-jar in the same command line is common.
596
597 --create-dirs
598 When used in conjunction with the -o, --output option, curl will
599 create the necessary local directory hierarchy as needed. This
600 option creates the dirs mentioned with the -o, --output option,
601 nothing else. If the --output file name uses no dir or if the
602 dirs it mentions already exist, no dir will be created.
603
604 Created dirs are made with mode 0750 on unix style file systems.
605
606 To create remote directories when using FTP or SFTP, try --ftp-
607 create-dirs.
608
609 --create-file-mode <mode>
610 (SFTP SCP FILE) When curl is used to create files remotely using
611 one of the supported protocols, this option allows the user to
612 set which 'mode' to set on the file at creation time, instead of
613 the default 0644.
614
615 This option takes an octal number as argument.
616
617 See also --ftp-create-dirs. Added in 7.75.0.
618
619 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
620 (OS/390).
621
622 (SMTP added in 7.40.0)
623
624 --crlfile <file>
625 (TLS) Provide a file using PEM format with a Certificate Revoca‐
626 tion List that may specify peer certificates that are to be con‐
627 sidered revoked.
628
629 If this option is used several times, the last one will be used.
630
631 Added in 7.19.7.
632
633 --curves <algorithm list>
634 (TLS) Tells curl to request specific curves to use during SSL
635 session establishment according to RFC 8422, 5.1. Multiple al‐
636 gorithms can be provided by separating them with ":" (e.g.
637 "X25519:P-521"). The parameter is available identically in the
638 "openssl s_client/s_server" utilities.
639
640 --curves allows a OpenSSL powered curl to make SSL-connections
641 with exactly the (EC) curve requested by the client, avoiding
642 intransparent client/server negotiations.
643
644 If this option is set, the default curves list built into
645 openssl will be ignored.
646
647 Added in 7.73.0.
648
649 --data-ascii <data>
650 (HTTP) This is just an alias for -d, --data.
651
652 --data-binary <data>
653 (HTTP) This posts data exactly as specified with no extra pro‐
654 cessing whatsoever.
655
656 If you start the data with the letter @, the rest should be a
657 filename. Data is posted in a similar manner as -d, --data
658 does, except that newlines and carriage returns are preserved
659 and conversions are never done.
660
661 Like -d, --data the default content-type sent to the server is
662 application/x-www-form-urlencoded. If you want the data to be
663 treated as arbitrary binary data by the server then set the con‐
664 tent-type to octet-stream: -H "Content-Type: application/octet-
665 stream".
666
667 If this option is used several times, the ones following the
668 first will append data as described in -d, --data.
669
670 --data-raw <data>
671 (HTTP) This posts data similarly to -d, --data but without the
672 special interpretation of the @ character.
673
674 See also -d, --data. Added in 7.43.0.
675
676 --data-urlencode <data>
677 (HTTP) This posts data, similar to the other -d, --data options
678 with the exception that this performs URL-encoding.
679
680 To be CGI-compliant, the <data> part should begin with a name
681 followed by a separator and a content specification. The <data>
682 part can be passed to curl using one of the following syntaxes:
683
684 content
685 This will make curl URL-encode the content and pass that
686 on. Just be careful so that the content doesn't contain
687 any = or @ symbols, as that will then make the syntax
688 match one of the other cases below!
689
690 =content
691 This will make curl URL-encode the content and pass that
692 on. The preceding = symbol is not included in the data.
693
694 name=content
695 This will make curl URL-encode the content part and pass
696 that on. Note that the name part is expected to be URL-
697 encoded already.
698
699 @filename
700 This will make curl load data from the given file (in‐
701 cluding any newlines), URL-encode that data and pass it
702 on in the POST.
703
704 name@filename
705 This will make curl load data from the given file (in‐
706 cluding any newlines), URL-encode that data and pass it
707 on in the POST. The name part gets an equal sign ap‐
708 pended, resulting in name=urlencoded-file-content. Note
709 that the name is expected to be URL-encoded already.
710
711 See also -d, --data and --data-raw. Added in 7.18.0.
712
713 -d, --data <data>
714 (HTTP MQTT) Sends the specified data in a POST request to the
715 HTTP server, in the same way that a browser does when a user has
716 filled in an HTML form and presses the submit button. This will
717 cause curl to pass the data to the server using the content-type
718 application/x-www-form-urlencoded. Compare to -F, --form.
719
720 --data-raw is almost the same but does not have a special inter‐
721 pretation of the @ character. To post data purely binary, you
722 should instead use the --data-binary option. To URL-encode the
723 value of a form field you may use --data-urlencode.
724
725 If any of these options is used more than once on the same com‐
726 mand line, the data pieces specified will be merged together
727 with a separating &-symbol. Thus, using '-d name=daniel -d
728 skill=lousy' would generate a post chunk that looks like
729 'name=daniel&skill=lousy'.
730
731 If you start the data with the letter @, the rest should be a
732 file name to read the data from, or - if you want curl to read
733 the data from stdin. Posting data from a file named 'foobar'
734 would thus be done with -d, --data @foobar. When -d, --data is
735 told to read from a file like that, carriage returns and new‐
736 lines will be stripped out. If you don't want the @ character to
737 have a special interpretation use --data-raw instead.
738
739 See also --data-binary, --data-urlencode and --data-raw. This
740 option overrides -F, --form and -I, --head and -T, --upload-
741 file.
742
743 --delegation <LEVEL>
744 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
745 to delegate when it comes to user credentials.
746
747 none Don't allow any delegation.
748
749 policy Delegates if and only if the OK-AS-DELEGATE flag is set
750 in the Kerberos service ticket, which is a matter of
751 realm policy.
752
753 always Unconditionally allow the server to delegate.
754
755 --digest
756 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
757 cation scheme that prevents the password from being sent over
758 the wire in clear text. Use this in combination with the normal
759 -u, --user option to set user name and password.
760
761 If this option is used several times, only the first one is
762 used.
763
764 See also -u, --user, --proxy-digest and --anyauth. This option
765 overrides --basic and --ntlm and --negotiate.
766
767 --disable-eprt
768 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
769 when doing active FTP transfers. Curl will normally always first
770 attempt to use EPRT, then LPRT before using PORT, but with this
771 option, it will use PORT right away. EPRT and LPRT are exten‐
772 sions to the original FTP protocol, and may not work on all
773 servers, but they enable more functionality in a better way than
774 the traditional PORT command.
775
776 --eprt can be used to explicitly enable EPRT again and --no-eprt
777 is an alias for --disable-eprt.
778
779 If the server is accessed using IPv6, this option will have no
780 effect as EPRT is necessary then.
781
782 Disabling EPRT only changes the active behavior. If you want to
783 switch to passive mode you need to not use -P, --ftp-port or
784 force it with --ftp-pasv.
785
786 --disable-epsv
787 (FTP) (FTP) Tell curl to disable the use of the EPSV command
788 when doing passive FTP transfers. Curl will normally always
789 first attempt to use EPSV before PASV, but with this option, it
790 will not try using EPSV.
791
792 --epsv can be used to explicitly enable EPSV again and --no-epsv
793 is an alias for --disable-epsv.
794
795 If the server is an IPv6 host, this option will have no effect
796 as EPSV is necessary then.
797
798 Disabling EPSV only changes the passive behavior. If you want to
799 switch to active mode you need to use -P, --ftp-port.
800
801 -q, --disable
802 If used as the first parameter on the command line, the curlrc
803 config file will not be read and used. See the -K, --config for
804 details on the default config file search path.
805
806 --disallow-username-in-url
807 (HTTP) This tells curl to exit if passed a url containing a
808 username.
809
810 See also --proto. Added in 7.61.0.
811
812 --dns-interface <interface>
813 (DNS) Tell curl to send outgoing DNS requests through <inter‐
814 face>. This option is a counterpart to --interface (which does
815 not affect DNS). The supplied string must be an interface name
816 (not an address).
817
818 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
819 requires that the underlying libcurl was built to support c-
820 ares. Added in 7.33.0.
821
822 --dns-ipv4-addr <address>
823 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS re‐
824 quests, so that the DNS requests originate from this address.
825 The argument should be a single IPv4 address.
826
827 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
828 requires that the underlying libcurl was built to support c-
829 ares. Added in 7.33.0.
830
831 --dns-ipv6-addr <address>
832 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS re‐
833 quests, so that the DNS requests originate from this address.
834 The argument should be a single IPv6 address.
835
836 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
837 requires that the underlying libcurl was built to support c-
838 ares. Added in 7.33.0.
839
840 --dns-servers <addresses>
841 Set the list of DNS servers to be used instead of the system de‐
842 fault. The list of IP addresses should be separated with com‐
843 mas. Port numbers may also optionally be given as :<port-number>
844 after each IP address.
845
846 --dns-servers requires that the underlying libcurl was built to
847 support c-ares. Added in 7.33.0.
848
849 --doh-cert-status
850 (all) Same as --cert-status but used for DOH (DNS-over-HTTPS).
851
852 Added in 7.76.0.
853
854 --doh-insecure
855 (all) Same as -k, --insecure but used for DOH (DNS-over-HTTPS).
856
857 Added in 7.76.0.
858
859 --doh-url <URL>
860 (all) Specifies which DNS-over-HTTPS (DOH) server to use to re‐
861 solve hostnames, instead of using the default name resolver
862 mechanism. The URL must be HTTPS.
863
864 Some SSL options that you set for your transfer will apply to
865 DOH since the name lookups take place over SSL. However, the
866 certificate verification settings are not inherited and can be
867 controlled separately via --doh-insecure and --doh-cert-status.
868
869 If this option is used several times, the last one will be used.
870
871 Added in 7.62.0.
872
873 -D, --dump-header <filename>
874 (HTTP FTP) Write the received protocol headers to the specified
875 file.
876
877 This option is handy to use when you want to store the headers
878 that an HTTP site sends to you. Cookies from the headers could
879 then be read in a second curl invocation by using the -b,
880 --cookie option! The -c, --cookie-jar option is a better way to
881 store cookies.
882
883 If no headers are received, the use of this option will create
884 an empty file.
885
886 When used in FTP, the FTP server response lines are considered
887 being "headers" and thus are saved there.
888
889 If this option is used several times, the last one will be used.
890
891 See also -o, --output.
892
893 --egd-file <file>
894 (TLS) Specify the path name to the Entropy Gathering Daemon
895 socket. The socket is used to seed the random engine for SSL
896 connections.
897
898 See also --random-file.
899
900 --engine <name>
901 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
902 tions. Use --engine list to print a list of build-time supported
903 engines. Note that not all (or none) of the engines may be
904 available at run-time.
905
906 --etag-compare <file>
907 (HTTP) This option makes a conditional HTTP request for the spe‐
908 cific ETag read from the given file by sending a custom If-None-
909 Match header using the extracted ETag.
910
911 For correct results, make sure that specified file contains only
912 a single line with a desired ETag. An empty file is parsed as an
913 empty ETag.
914
915 Use the option --etag-save to first save the ETag from a re‐
916 sponse, and then use this option to compare using the saved ETag
917 in a subsequent request.
918
919 COMPARISON: There are 2 types of comparison or ETags: Weak and
920 Strong. This option expects, and uses a strong comparison.
921
922 Added in 7.68.0.
923
924 --etag-save <file>
925 (HTTP) This option saves an HTTP ETag to the specified file.
926 Etag is usually part of headers returned by a request. When
927 server sends an ETag, it must be enveloped by a double quote.
928 This option extracts the ETag without the double quotes and
929 saves it into the <file>.
930
931 A server can send a weak ETag which is prefixed by "W/". This
932 identifier is not considered, and only relevant ETag between
933 quotation marks is parsed.
934
935 It an ETag wasn't sent by the server or it cannot be parsed, an
936 empty file is created.
937
938 Added in 7.68.0.
939
940 --expect100-timeout <seconds>
941 (HTTP) Maximum time in seconds that you allow curl to wait for a
942 100-continue response when curl emits an Expects: 100-continue
943 header in its request. By default curl will wait one second.
944 This option accepts decimal values! When curl stops waiting, it
945 will continue as if the response has been received.
946
947 See also --connect-timeout. Added in 7.47.0.
948
949 --fail-early
950 Fail and exit on the first detected transfer error.
951
952 When curl is used to do multiple transfers on the command line,
953 it will attempt to operate on each given URL, one by one. By de‐
954 fault, it will ignore errors if there are more URLs given and
955 the last URL's success will determine the error code curl re‐
956 turns. So early failures will be "hidden" by subsequent success‐
957 ful transfers.
958
959 Using this option, curl will instead return an error on the
960 first transfer that fails, independent of the amount of URLs
961 that are given on the command line. This way, no transfer fail‐
962 ures go undetected by scripts and similar.
963
964 This option is global and does not need to be specified for each
965 use of -:, --next.
966
967 This option does not imply -f, --fail, which causes transfers to
968 fail due to the server's HTTP status code. You can combine the
969 two options, however note -f, --fail is not global and is there‐
970 fore contained by -:, --next.
971
972 Added in 7.52.0.
973
974 --fail-with-body
975 (HTTP) Return an error on server errors where the HTTP response
976 code is 400 or greater). In normal cases when an HTTP server
977 fails to deliver a document, it returns an HTML document stating
978 so (which often also describes why and more). This flag will
979 still allow curl to outputting and save that content but also to
980 return error 22.
981
982 This is an alternative option to -f, --fail which makes curl
983 fail for the same circumstances but without saving the content.
984
985 See also -f, --fail. Added in 7.76.0.
986
987 -f, --fail
988 (HTTP) Fail silently (no output at all) on server errors. This
989 is mostly done to enable scripts etc to better deal with failed
990 attempts. In normal cases when an HTTP server fails to deliver a
991 document, it returns an HTML document stating so (which often
992 also describes why and more). This flag will prevent curl from
993 outputting that and return error 22.
994
995 This method is not fail-safe and there are occasions where non-
996 successful response codes will slip through, especially when au‐
997 thentication is involved (response codes 401 and 407).
998
999 See also --fail-with-body.
1000
1001 --false-start
1002 (TLS) Tells curl to use false start during the TLS handshake.
1003 False start is a mode where a TLS client will start sending ap‐
1004 plication data before verifying the server's Finished message,
1005 thus saving a round trip when performing a full handshake.
1006
1007 This is currently only implemented in the NSS and Secure Trans‐
1008 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
1009
1010 Added in 7.42.0.
1011
1012 --form-string <name=string>
1013 (HTTP SMTP IMAP) Similar to -F, --form except that the value
1014 string for the named parameter is used literally. Leading '@'
1015 and '<' characters, and the ';type=' string in the value have no
1016 special meaning. Use this in preference to -F, --form if there's
1017 any possibility that the string value may accidentally trigger
1018 the '@' or '<' features of -F, --form.
1019
1020 See also -F, --form.
1021
1022 -F, --form <name=content>
1023 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
1024 late a filled-in form in which a user has pressed the submit
1025 button. This causes curl to POST data using the Content-Type
1026 multipart/form-data according to RFC 2388.
1027
1028 For SMTP and IMAP protocols, this is the mean to compose a mul‐
1029 tipart mail message to transmit.
1030
1031 This enables uploading of binary files etc. To force the 'con‐
1032 tent' part to be a file, prefix the file name with an @ sign. To
1033 just get the content part from a file, prefix the file name with
1034 the symbol <. The difference between @ and < is then that @
1035 makes a file get attached in the post as a file upload, while
1036 the < makes a text field and just get the contents for that text
1037 field from a file.
1038
1039 Tell curl to read content from stdin instead of a file by using
1040 - as filename. This goes for both @ and < constructs. When stdin
1041 is used, the contents is buffered in memory first by curl to de‐
1042 termine its size and allow a possible resend. Defining a part's
1043 data from a named non-regular file (such as a named pipe or sim‐
1044 ilar) is unfortunately not subject to buffering and will be ef‐
1045 fectively read at transmission time; since the full size is un‐
1046 known before the transfer starts, such data is sent as chunks by
1047 HTTP and rejected by IMAP.
1048
1049 Example: send an image to an HTTP server, where 'profile' is the
1050 name of the form-field to which the file portrait.jpg will be
1051 the input:
1052
1053 curl -F profile=@portrait.jpg https://example.com/upload.cgi
1054
1055 Example: send your name and shoe size in two text fields to the
1056 server:
1057
1058 curl -F name=John -F shoesize=11 https://example.com/
1059
1060 Example: send your essay in a text field to the server. Send it
1061 as a plain text field, but get the contents for it from a local
1062 file:
1063
1064 curl -F "story=<hugefile.txt" https://example.com/
1065
1066 You can also tell curl what Content-Type to use by using
1067 'type=', in a manner similar to:
1068
1069 curl -F "web=@index.html;type=text/html" example.com
1070
1071 or
1072
1073 curl -F "name=daniel;type=text/foo" example.com
1074
1075 You can also explicitly change the name field of a file upload
1076 part by setting filename=, like this:
1077
1078 curl -F "file=@localfile;filename=nameinpost" example.com
1079
1080 If filename/path contains ',' or ';', it must be quoted by dou‐
1081 ble-quotes like:
1082
1083 curl -F "file=@\"localfile\";filename=\"nameinpost\"" exam‐
1084 ple.com
1085
1086 or
1087
1088 curl -F 'file=@"localfile";filename="nameinpost"' example.com
1089
1090 Note that if a filename/path is quoted by double-quotes, any
1091 double-quote or backslash within the filename must be escaped by
1092 backslash.
1093
1094 Quoting must also be applied to non-file data if it contains
1095 semicolons, leading/trailing spaces or leading double quotes:
1096
1097 curl -F 'colors="red; green; blue";type=text/x-myapp' exam‐
1098 ple.com
1099
1100 You can add custom headers to the field by setting headers=,
1101 like
1102
1103 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
1104
1105 or
1106
1107 curl -F "submit=OK;headers=@headerfile" example.com
1108
1109 The headers= keyword may appear more that once and above notes
1110 about quoting apply. When headers are read from a file, Empty
1111 lines and lines starting with '#' are comments and ignored; each
1112 header can be folded by splitting between two words and starting
1113 the continuation line with a space; embedded carriage-returns
1114 and trailing spaces are stripped. Here is an example of a
1115 header file contents:
1116
1117 # This file contain two headers.
1118 X-header-1: this is a header
1119
1120 # The following header is folded.
1121 X-header-2: this is
1122 another header
1123
1124
1125 To support sending multipart mail messages, the syntax is ex‐
1126 tended as follows:
1127 - name can be omitted: the equal sign is the first character of
1128 the argument,
1129 - if data starts with '(', this signals to start a new multi‐
1130 part: it can be followed by a content type specification.
1131 - a multipart can be terminated with a '=)' argument.
1132
1133 Example: the following command sends an SMTP mime e-mail con‐
1134 sisting in an inline part in two alternative formats: plain text
1135 and HTML. It attaches a text file:
1136
1137 curl -F '=(;type=multipart/alternative' \
1138 -F '=plain text message' \
1139 -F '= <body>HTML message</body>;type=text/html' \
1140 -F '=)' -F '=@textfile.txt' ... smtp://example.com
1141
1142 Data can be encoded for transfer using encoder=. Available en‐
1143 codings are binary and 8bit that do nothing else than adding the
1144 corresponding Content-Transfer-Encoding header, 7bit that only
1145 rejects 8-bit characters with a transfer error, quoted-printable
1146 and base64 that encodes data according to the corresponding
1147 schemes, limiting lines length to 76 characters.
1148
1149 Example: send multipart mail with a quoted-printable text mes‐
1150 sage and a base64 attached file:
1151
1152 curl -F '=text message;encoder=quoted-printable' \
1153 -F '=@localfile;encoder=base64' ... smtp://example.com
1154
1155 See further examples and details in the MANUAL.
1156
1157 This option can be used multiple times.
1158
1159 This option overrides -d, --data and -I, --head and -T, --up‐
1160 load-file.
1161
1162 --ftp-account <data>
1163 (FTP) When an FTP server asks for "account data" after user name
1164 and password has been provided, this data is sent off using the
1165 ACCT command.
1166
1167 If this option is used several times, the last one will be used.
1168
1169 Added in 7.13.0.
1170
1171 --ftp-alternative-to-user <command>
1172 (FTP) If authenticating with the USER and PASS commands fails,
1173 send this command. When connecting to Tumbleweed's Secure
1174 Transport server over FTPS using a client certificate, using
1175 "SITE AUTH" will tell the server to retrieve the username from
1176 the certificate.
1177
1178 Added in 7.15.5.
1179
1180 --ftp-create-dirs
1181 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
1182 doesn't currently exist on the server, the standard behavior of
1183 curl is to fail. Using this option, curl will instead attempt to
1184 create missing directories.
1185
1186 See also --create-dirs.
1187
1188 --ftp-method <method>
1189 (FTP) Control what method curl should use to reach a file on an
1190 FTP(S) server. The method argument should be one of the follow‐
1191 ing alternatives:
1192
1193 multicwd
1194 curl does a single CWD operation for each path part in
1195 the given URL. For deep hierarchies this means very many
1196 commands. This is how RFC 1738 says it should be done.
1197 This is the default but the slowest behavior.
1198
1199 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1200 etc and give a full path to the server for all these com‐
1201 mands. This is the fastest behavior.
1202
1203 singlecwd
1204 curl does one CWD with the full target directory and then
1205 operates on the file "normally" (like in the multicwd
1206 case). This is somewhat more standards compliant than
1207 'nocwd' but without the full penalty of 'multicwd'.
1208
1209 Added in 7.15.1.
1210
1211 --ftp-pasv
1212 (FTP) Use passive mode for the data connection. Passive is the
1213 internal default behavior, but using this option can be used to
1214 override a previous -P, --ftp-port option.
1215
1216 If this option is used several times, only the first one is
1217 used. Undoing an enforced passive really isn't doable but you
1218 must then instead enforce the correct -P, --ftp-port again.
1219
1220 Passive mode means that curl will try the EPSV command first and
1221 then PASV, unless --disable-epsv is used.
1222
1223 See also --disable-epsv. Added in 7.11.0.
1224
1225 -P, --ftp-port <address>
1226 (FTP) Reverses the default initiator/listener roles when con‐
1227 necting with FTP. This option makes curl use active mode. curl
1228 then tells the server to connect back to the client's specified
1229 address and port, while passive mode asks the server to setup an
1230 IP address and port for it to connect to. <address> should be
1231 one of:
1232
1233 interface
1234 e.g. "eth0" to specify which interface's IP address you
1235 want to use (Unix only)
1236
1237 IP address
1238 e.g. "192.168.10.1" to specify the exact IP address
1239
1240 host name
1241 e.g. "my.host.domain" to specify the machine
1242
1243 - make curl pick the same IP address that is already used
1244 for the control connection
1245
1246 If this option is used several times, the last one will be used. Dis‐
1247 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1248 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1249 PORT++.
1250
1251 Since 7.19.5, you can append ":[start]-[end]" to the right of the ad‐
1252 dress, to tell curl what TCP port range to use. That means you specify
1253 a port range, from a lower to a higher number. A single number works as
1254 well, but do note that it increases the risk of failure since the port
1255 may not be available.
1256
1257 See also --ftp-pasv and --disable-eprt.
1258
1259 --ftp-pret
1260 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1261 Certain FTP servers, mainly drftpd, require this non-standard
1262 command for directory listings as well as up and downloads in
1263 PASV mode.
1264
1265 Added in 7.20.0.
1266
1267 --ftp-skip-pasv-ip
1268 (FTP) Tell curl to not use the IP address the server suggests in
1269 its response to curl's PASV command when curl connects the data
1270 connection. Instead curl will re-use the same IP address it al‐
1271 ready uses for the control connection.
1272
1273 Since curl 7.74.0 this option is enabled by default.
1274
1275 This option has no effect if PORT, EPRT or EPSV is used instead
1276 of PASV.
1277
1278 See also --ftp-pasv. Added in 7.14.2.
1279
1280 --ftp-ssl-ccc-mode <active/passive>
1281 (FTP) Sets the CCC mode. The passive mode will not initiate the
1282 shutdown, but instead wait for the server to do it, and will not
1283 reply to the shutdown from the server. The active mode initiates
1284 the shutdown and waits for a reply from the server.
1285
1286 See also --ftp-ssl-ccc. Added in 7.16.2.
1287
1288 --ftp-ssl-ccc
1289 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1290 layer after authenticating. The rest of the control channel com‐
1291 munication will be unencrypted. This allows NAT routers to fol‐
1292 low the FTP transaction. The default mode is passive.
1293
1294 See also --ssl and --ftp-ssl-ccc-mode. Added in 7.16.1.
1295
1296 --ftp-ssl-control
1297 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1298 Allows secure authentication, but non-encrypted data transfers
1299 for efficiency. Fails the transfer if the server doesn't sup‐
1300 port SSL/TLS.
1301
1302 Added in 7.16.0.
1303
1304 -G, --get
1305 When used, this option will make all data specified with -d,
1306 --data, --data-binary or --data-urlencode to be used in an HTTP
1307 GET request instead of the POST request that otherwise would be
1308 used. The data will be appended to the URL with a '?' separator.
1309
1310 If used in combination with -I, --head, the POST data will in‐
1311 stead be appended to the URL with a HEAD request.
1312
1313 If this option is used several times, only the first one is
1314 used. This is because undoing a GET doesn't make sense, but you
1315 should then instead enforce the alternative method you prefer.
1316
1317 -g, --globoff
1318 This option switches off the "URL globbing parser". When you set
1319 this option, you can specify URLs that contain the letters {}[]
1320 without having them being interpreted by curl itself. Note that
1321 these letters are not normal legal URL contents but they should
1322 be encoded according to the URI standard.
1323
1324 --happy-eyeballs-timeout-ms <milliseconds>
1325 Happy eyeballs is an algorithm that attempts to connect to both
1326 IPv4 and IPv6 addresses for dual-stack hosts, preferring IPv6
1327 first for the number of milliseconds. If the IPv6 address cannot
1328 be connected to within that time then a connection attempt is
1329 made to the IPv4 address in parallel. The first connection to be
1330 established is the one that is used.
1331
1332 The range of suggested useful values is limited. Happy Eyeballs
1333 RFC 6555 says "It is RECOMMENDED that connection attempts be
1334 paced 150-250 ms apart to balance human factors against network
1335 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1336 currently default to 300 ms.
1337
1338 If this option is used several times, the last one will be used.
1339
1340 Added in 7.59.0.
1341
1342 --haproxy-protocol
1343 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1344 of the connection. This is used by some load balancers and re‐
1345 verse proxies to indicate the client's true IP address and port.
1346
1347 This option is primarily useful when sending test requests to a
1348 service that expects this header.
1349
1350 Added in 7.60.0.
1351
1352 -I, --head
1353 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1354 command HEAD which this uses to get nothing but the header of a
1355 document. When used on an FTP or FILE file, curl displays the
1356 file size and last modification time only.
1357
1358 -H, --header <header/@file>
1359 (HTTP) Extra header to include in the request when sending HTTP
1360 to a server. You may specify any number of extra headers. Note
1361 that if you should add a custom header that has the same name as
1362 one of the internal ones curl would use, your externally set
1363 header will be used instead of the internal one. This allows you
1364 to make even trickier stuff than curl would normally do. You
1365 should not replace internally set headers without knowing per‐
1366 fectly well what you're doing. Remove an internal header by giv‐
1367 ing a replacement without content on the right side of the
1368 colon, as in: -H "Host:". If you send the custom header with no-
1369 value then its header must be terminated with a semicolon, such
1370 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1371
1372 curl will make sure that each header you add/replace is sent
1373 with the proper end-of-line marker, you should thus not add that
1374 as a part of the header content: do not add newlines or carriage
1375 returns, they will only mess things up for you.
1376
1377 This option can take an argument in @filename style, which then
1378 adds a header for each line in the input file. Using @- will
1379 make curl read the header file from stdin. Added in 7.55.0.
1380
1381 You need --proxy-header to send custom headers intended for a
1382 HTTP proxy. Added in 7.37.0.
1383
1384 Passing on a "Transfer-Encoding: chunked" header when doing a
1385 HTTP request with a request body, will make curl send the data
1386 using chunked encoding.
1387
1388 Example:
1389
1390 curl -H "X-First-Name: Joe" http://example.com/
1391
1392 WARNING: headers set with this option will be set in all re‐
1393 quests - even after redirects are followed, like when told with
1394 -L, --location. This can lead to the header being sent to other
1395 hosts than the original host, so sensitive headers should be
1396 used with caution combined with following redirects.
1397
1398 This option can be used multiple times to add/replace/remove
1399 multiple headers.
1400
1401 See also -A, --user-agent and -e, --referer.
1402
1403 -h, --help <category>
1404 Usage help. This lists all commands of the <category>. If no
1405 arg was provided, curl will display the most important command
1406 line arguments. If the argument "all" was provided, curl will
1407 display all options available. If the argument "category" was
1408 provided, curl will display all categories and their meanings.
1409
1410 --hostpubmd5 <md5>
1411 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1412 string should be the 128 bit MD5 checksum of the remote host's
1413 public key, curl will refuse the connection with the host unless
1414 the md5sums match.
1415
1416 Added in 7.17.1.
1417
1418 --hsts <file name>
1419 (HTTPS) WARNING: this option is experimental. Do not use in pro‐
1420 duction.
1421
1422 This option enables HSTS for the transfer. If the file name
1423 points to an existing HSTS cache file, that will be used. After
1424 a completed transfer, the cache will be saved to the file name
1425 again if it has been modified.
1426
1427 Specify a "" file name (zero length) to avoid loading/saving and
1428 make curl just handle HSTS in memory.
1429
1430 If this option is used several times, curl will load contents
1431 from all the files but the last one will be used for saving.
1432
1433 Added in 7.74.0.
1434
1435 --http0.9
1436 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1437
1438 HTTP/0.9 is a completely headerless response and therefore you
1439 can also connect with this to non-HTTP servers and still get a
1440 response since curl will simply transparently downgrade - if al‐
1441 lowed.
1442
1443 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1444
1445 -0, --http1.0
1446 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1447 internally preferred HTTP version.
1448
1449 This option overrides --http1.1 and --http2.
1450
1451 --http1.1
1452 (HTTP) Tells curl to use HTTP version 1.1.
1453
1454 This option overrides -0, --http1.0 and --http2. Added in
1455 7.33.0.
1456
1457 --http2-prior-knowledge
1458 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1459 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1460 that the server supports HTTP/2 straight away. HTTPS requests
1461 will still do HTTP/2 the standard way with negotiated protocol
1462 version in the TLS handshake.
1463
1464 --http2-prior-knowledge requires that the underlying libcurl was
1465 built to support HTTP/2. This option overrides --http1.1 and -0,
1466 --http1.0 and --http2. Added in 7.49.0.
1467
1468 --http2
1469 (HTTP) Tells curl to use HTTP version 2.
1470
1471 See also --http1.1 and --http3. --http2 requires that the under‐
1472 lying libcurl was built to support HTTP/2. This option overrides
1473 --http1.1 and -0, --http1.0 and --http2-prior-knowledge. Added
1474 in 7.33.0.
1475
1476 --http3
1477 (HTTP) WARNING: this option is experimental. Do not use in pro‐
1478 duction.
1479
1480 Tells curl to use HTTP version 3 directly to the host and port
1481 number used in the URL. A normal HTTP/3 transaction will be done
1482 to a host and then get redirected via Alt-SVc, but this option
1483 allows a user to circumvent that when you know that the target
1484 speaks HTTP/3 on the given host and port.
1485
1486 This option will make curl fail if a QUIC connection cannot be
1487 established, it cannot fall back to a lower HTTP version on its
1488 own.
1489
1490 See also --http1.1 and --http2. --http3 requires that the under‐
1491 lying libcurl was built to support HTTP/3. This option overrides
1492 --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1493 edge. Added in 7.66.0.
1494
1495 --ignore-content-length
1496 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1497 particularly useful for servers running Apache 1.x, which will
1498 report incorrect Content-Length for files larger than 2 giga‐
1499 bytes.
1500
1501 For FTP (since 7.46.0), skip the RETR command to figure out the
1502 size before downloading a file.
1503
1504 -i, --include
1505 Include the HTTP response headers in the output. The HTTP re‐
1506 sponse headers can include things like server name, cookies,
1507 date of the document, HTTP version and more...
1508
1509 To view the request headers, consider the -v, --verbose option.
1510
1511 See also -v, --verbose.
1512
1513 -k, --insecure
1514 (TLS) By default, every SSL connection curl makes is verified to
1515 be secure. This option allows curl to proceed and operate even
1516 for server connections otherwise considered insecure.
1517
1518 The server connection is verified by making sure the server's
1519 certificate contains the right name and verifies successfully
1520 using the cert store.
1521
1522 See this online resource for further details:
1523 https://curl.se/docs/sslcerts.html
1524
1525 See also --proxy-insecure and --cacert.
1526
1527 --interface <name>
1528
1529 Perform an operation using a specified interface. You can enter
1530 interface name, IP address or host name. An example could look
1531 like:
1532
1533 curl --interface eth0:1 https://www.example.com/
1534
1535 If this option is used several times, the last one will be used.
1536
1537 On Linux it can be used to specify a VRF, but the binary needs
1538 to either have CAP_NET_RAW or to be run as root. More informa‐
1539 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1540 tion/networking/vrf.txt
1541
1542 See also --dns-interface.
1543
1544 -4, --ipv4
1545 This option tells curl to resolve names to IPv4 addresses only,
1546 and not for example try IPv6.
1547
1548 See also --http1.1 and --http2. This option overrides -6,
1549 --ipv6.
1550
1551 -6, --ipv6
1552 This option tells curl to resolve names to IPv6 addresses only,
1553 and not for example try IPv4.
1554
1555 See also --http1.1 and --http2. This option overrides -4,
1556 --ipv4.
1557
1558 -j, --junk-session-cookies
1559 (HTTP) When curl is told to read cookies from a given file, this
1560 option will make it discard all "session cookies". This will ba‐
1561 sically have the same effect as if a new session is started.
1562 Typical browsers always discard session cookies when they're
1563 closed down.
1564
1565 See also -b, --cookie and -c, --cookie-jar.
1566
1567 --keepalive-time <seconds>
1568 This option sets the time a connection needs to remain idle be‐
1569 fore sending keepalive probes and the time between individual
1570 keepalive probes. It is currently effective on operating systems
1571 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1572 (meaning Linux, recent AIX, HP-UX and more). This option has no
1573 effect if --no-keepalive is used.
1574
1575 If this option is used several times, the last one will be used.
1576 If unspecified, the option defaults to 60 seconds.
1577
1578 Added in 7.18.0.
1579
1580 --key-type <type>
1581 (TLS) Private key file type. Specify which type your --key pro‐
1582 vided private key is. DER, PEM, and ENG are supported. If not
1583 specified, PEM is assumed.
1584
1585 If this option is used several times, the last one will be used.
1586
1587 --key <key>
1588 (TLS SSH) Private key file name. Allows you to provide your pri‐
1589 vate key in this separate file. For SSH, if not specified, curl
1590 tries the following candidates in order: '~/.ssh/id_rsa',
1591 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1592
1593 If curl is built against OpenSSL library, and the engine pkcs11
1594 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1595 ify a private key located in a PKCS#11 device. A string begin‐
1596 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1597 PKCS#11 URI is provided, then the --engine option will be set as
1598 "pkcs11" if none was provided and the --key-type option will be
1599 set as "ENG" if none was provided.
1600
1601 If this option is used several times, the last one will be used.
1602
1603 --krb <level>
1604 (FTP) Enable Kerberos authentication and use. The level must be
1605 entered and should be one of 'clear', 'safe', 'confidential', or
1606 'private'. Should you use a level that is not one of these,
1607 'private' will instead be used.
1608
1609 If this option is used several times, the last one will be used.
1610
1611 --krb requires that the underlying libcurl was built to support
1612 Kerberos.
1613
1614 --libcurl <file>
1615 Append this option to any ordinary curl command line, and you
1616 will get a libcurl-using C source code written to the file that
1617 does the equivalent of what your command-line operation does!
1618
1619 If this option is used several times, the last given file name
1620 will be used.
1621
1622 Added in 7.16.1.
1623
1624 --limit-rate <speed>
1625 Specify the maximum transfer rate you want curl to use - for
1626 both downloads and uploads. This feature is useful if you have a
1627 limited pipe and you'd like your transfer not to use your entire
1628 bandwidth. To make it slower than it otherwise would be.
1629
1630 The given speed is measured in bytes/second, unless a suffix is
1631 appended. Appending 'k' or 'K' will count the number as kilo‐
1632 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
1633 gigabytes. Examples: 200K, 3m and 1G.
1634
1635 If you also use the -Y, --speed-limit option, that option will
1636 take precedence and might cripple the rate-limiting slightly, to
1637 help keeping the speed-limit logic working.
1638
1639 If this option is used several times, the last one will be used.
1640
1641 -l, --list-only
1642 (FTP POP3) (FTP) When listing an FTP directory, this switch
1643 forces a name-only view. This is especially useful if the user
1644 wants to machine-parse the contents of an FTP directory since
1645 the normal directory view doesn't use a standard look or format.
1646 When used like this, the option causes a NLST command to be sent
1647 to the server instead of LIST.
1648
1649 Note: Some FTP servers list only files in their response to
1650 NLST; they do not include sub-directories and symbolic links.
1651
1652 (POP3) When retrieving a specific email from POP3, this switch
1653 forces a LIST command to be performed instead of RETR. This is
1654 particularly useful if the user wants to see if a specific mes‐
1655 sage id exists on the server and what size it is.
1656
1657 Note: When combined with -X, --request, this option can be used
1658 to send an UIDL command instead, so the user may use the email's
1659 unique identifier rather than it's message id to make the re‐
1660 quest.
1661
1662 Added in 4.0.
1663
1664 --local-port <num/range>
1665 Set a preferred single number or range (FROM-TO) of local port
1666 numbers to use for the connection(s). Note that port numbers by
1667 nature are a scarce resource that will be busy at times so set‐
1668 ting this range to something too narrow might cause unnecessary
1669 connection setup failures.
1670
1671 Added in 7.15.2.
1672
1673 --location-trusted
1674 (HTTP) Like -L, --location, but will allow sending the name +
1675 password to all hosts that the site may redirect to. This may or
1676 may not introduce a security breach if the site redirects you to
1677 a site to which you'll send your authentication info (which is
1678 plaintext in the case of HTTP Basic authentication).
1679
1680 See also -u, --user.
1681
1682 -L, --location
1683 (HTTP) If the server reports that the requested page has moved
1684 to a different location (indicated with a Location: header and a
1685 3XX response code), this option will make curl redo the request
1686 on the new place. If used together with -i, --include or -I,
1687 --head, headers from all requested pages will be shown. When au‐
1688 thentication is used, curl only sends its credentials to the
1689 initial host. If a redirect takes curl to a different host, it
1690 won't be able to intercept the user+password. See also --loca‐
1691 tion-trusted on how to change this. You can limit the amount of
1692 redirects to follow by using the --max-redirs option.
1693
1694 When curl follows a redirect and if the request is a POST, it
1695 will do the following request with a GET if the HTTP response
1696 was 301, 302, or 303. If the response code was any other 3xx
1697 code, curl will re-send the following request using the same un‐
1698 modified method.
1699
1700 You can tell curl to not change POST requests to GET after a 30x
1701 response by using the dedicated options for that: --post301,
1702 --post302 and --post303.
1703
1704 The method set with -X, --request overrides the method curl
1705 would otherwise select to use.
1706
1707 --login-options <options>
1708 (IMAP POP3 SMTP) Specify the login options to use during server
1709 authentication.
1710
1711 You can use the login options to specify protocol specific op‐
1712 tions that may be used during authentication. At present only
1713 IMAP, POP3 and SMTP support login options. For more information
1714 about the login options please see RFC 2384, RFC 5092 and IETF
1715 draft draft-earhart-url-smtp-00.txt
1716
1717 If this option is used several times, the last one will be used.
1718
1719 Added in 7.34.0.
1720
1721 --mail-auth <address>
1722 (SMTP) Specify a single address. This will be used to specify
1723 the authentication address (identity) of a submitted message
1724 that is being relayed to another server.
1725
1726 See also --mail-rcpt and --mail-from. Added in 7.25.0.
1727
1728 --mail-from <address>
1729 (SMTP) Specify a single address that the given mail should get
1730 sent from.
1731
1732 See also --mail-rcpt and --mail-auth. Added in 7.20.0.
1733
1734 --mail-rcpt-allowfails
1735 (SMTP) When sending data to multiple recipients, by default curl
1736 will abort SMTP conversation if at least one of the recipients
1737 causes RCPT TO command to return an error.
1738
1739 The default behavior can be changed by passing --mail-rcpt-al‐
1740 lowfails command-line option which will make curl ignore errors
1741 and proceed with the remaining valid recipients.
1742
1743 In case when all recipients cause RCPT TO command to fail, curl
1744 will abort SMTP conversation and return the error received from
1745 to the last RCPT TO command. Added in 7.69.0.
1746
1747 --mail-rcpt <address>
1748 (SMTP) Specify a single address, user name or mailing list name.
1749 Repeat this option several times to send to multiple recipients.
1750
1751 When performing a mail transfer, the recipient should specify a
1752 valid email address to send the mail to.
1753
1754 When performing an address verification (VRFY command), the re‐
1755 cipient should be specified as the user name or user name and
1756 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
1757
1758 When performing a mailing list expand (EXPN command), the recip‐
1759 ient should be specified using the mailing list name, such as
1760 "Friends" or "London-Office". (Added in 7.34.0)
1761
1762 Added in 7.20.0.
1763
1764 -M, --manual
1765 Manual. Display the huge help text.
1766
1767 --max-filesize <bytes>
1768 Specify the maximum size (in bytes) of a file to download. If
1769 the file requested is larger than this value, the transfer will
1770 not start and curl will return with exit code 63.
1771
1772 A size modifier may be used. For example, Appending 'k' or 'K'
1773 will count the number as kilobytes, 'm' or 'M' makes it
1774 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
1775 3m and 1G. (Added in 7.58.0)
1776
1777 NOTE: The file size is not always known prior to download, and
1778 for such files this option has no effect even if the file trans‐
1779 fer ends up being larger than this given limit. This concerns
1780 both FTP and HTTP transfers.
1781
1782 See also --limit-rate.
1783
1784 --max-redirs <num>
1785 (HTTP) Set maximum number of redirection-followings allowed.
1786 When -L, --location is used, is used to prevent curl from fol‐
1787 lowing redirections too much. By default, the limit is set to 50
1788 redirections. Set this option to -1 to make it unlimited.
1789
1790 If this option is used several times, the last one will be used.
1791
1792 -m, --max-time <seconds>
1793 Maximum time in seconds that you allow the whole operation to
1794 take. This is useful for preventing your batch jobs from hang‐
1795 ing for hours due to slow networks or links going down. Since
1796 7.32.0, this option accepts decimal values, but the actual time‐
1797 out will decrease in accuracy as the specified timeout increases
1798 in decimal precision.
1799
1800 If this option is used several times, the last one will be used.
1801
1802 See also --connect-timeout.
1803
1804 --metalink
1805 This option can tell curl to parse and process a given URI as
1806 Metalink file (both version 3 and 4 (RFC 5854) are supported)
1807 and make use of the mirrors listed within for failover if there
1808 are errors (such as the file or server not being available). It
1809 will also verify the hash of the file after the download com‐
1810 pletes. The Metalink file itself is downloaded and processed in
1811 memory and not stored in the local file system.
1812
1813 Example to use a remote Metalink file:
1814
1815 curl --metalink http://www.example.com/example.metalink
1816
1817 To use a Metalink file in the local file system, use FILE proto‐
1818 col (file://):
1819
1820 curl --metalink file:///example.metalink
1821
1822 Please note that if FILE protocol is disabled, there is no way
1823 to use a local Metalink file at the time of this writing. Also
1824 note that if --metalink and -i, --include are used together,
1825 --include will be ignored. This is because including headers in
1826 the response will break Metalink parser and if the headers are
1827 included in the file described in Metalink file, hash check will
1828 fail.
1829
1830 --metalink requires that the underlying libcurl was built to
1831 support metalink. Added in 7.27.0.
1832
1833 --negotiate
1834 (HTTP) Enables Negotiate (SPNEGO) authentication.
1835
1836 This option requires a library built with GSS-API or SSPI sup‐
1837 port. Use -V, --version to see if your curl supports GSS-
1838 API/SSPI or SPNEGO.
1839
1840 When using this option, you must also provide a fake -u, --user
1841 option to activate the authentication code properly. Sending a
1842 '-u :' is enough as the user name and password from the -u,
1843 --user option aren't actually used.
1844
1845 If this option is used several times, only the first one is
1846 used.
1847
1848 See also --basic, --ntlm, --anyauth and --proxy-negotiate.
1849
1850 --netrc-file <filename>
1851 This option is similar to -n, --netrc, except that you provide
1852 the path (absolute or relative) to the netrc file that curl
1853 should use. You can only specify one netrc file per invocation.
1854 If several --netrc-file options are provided, the last one will
1855 be used.
1856
1857 It will abide by --netrc-optional if specified.
1858
1859 This option overrides -n, --netrc. Added in 7.21.5.
1860
1861 --netrc-optional
1862 Very similar to -n, --netrc, but this option makes the .netrc
1863 usage optional and not mandatory as the -n, --netrc option does.
1864
1865 See also --netrc-file. This option overrides -n, --netrc.
1866
1867 -n, --netrc
1868 Makes curl scan the .netrc (_netrc on Windows) file in the
1869 user's home directory for login name and password. This is typi‐
1870 cally used for FTP on Unix. If used with HTTP, curl will enable
1871 user authentication. See netrc(5) ftp(1) for details on the file
1872 format. Curl will not complain if that file doesn't have the
1873 right permissions (it should not be either world- or group-read‐
1874 able). The environment variable "HOME" is used to find the home
1875 directory.
1876
1877 A quick and very simple example of how to setup a .netrc to al‐
1878 low curl to FTP to the machine host.domain.com with user name
1879 'myself' and password 'secret' should look similar to:
1880
1881 machine host.domain.com login myself password secret
1882
1883 -:, --next
1884 Tells curl to use a separate operation for the following URL and
1885 associated options. This allows you to send several URL re‐
1886 quests, each with their own specific options, for example, such
1887 as different user names or custom requests for each.
1888
1889 -:, --next will reset all local options and only global ones
1890 will have their values survive over to the operation following
1891 the -:, --next instruction. Global options include -v, --ver‐
1892 bose, --trace, --trace-ascii and --fail-early.
1893
1894 For example, you can do both a GET and a POST in a single com‐
1895 mand line:
1896
1897 curl www1.example.com --next -d postthis www2.example.com
1898
1899 Added in 7.36.0.
1900
1901 --no-alpn
1902 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by de‐
1903 fault if libcurl was built with an SSL library that supports
1904 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
1905 ate HTTP/2 support with the server during https sessions.
1906
1907 See also --no-npn and --http2. --no-alpn requires that the un‐
1908 derlying libcurl was built to support TLS. Added in 7.36.0.
1909
1910 -N, --no-buffer
1911 Disables the buffering of the output stream. In normal work sit‐
1912 uations, curl will use a standard buffered output stream that
1913 will have the effect that it will output the data in chunks, not
1914 necessarily exactly when the data arrives. Using this option
1915 will disable that buffering.
1916
1917 Note that this is the negated option name documented. You can
1918 thus use --buffer to enforce the buffering.
1919
1920 --no-keepalive
1921 Disables the use of keepalive messages on the TCP connection.
1922 curl otherwise enables them by default.
1923
1924 Note that this is the negated option name documented. You can
1925 thus use --keepalive to enforce keepalive.
1926
1927 --no-npn
1928 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
1929 if libcurl was built with an SSL library that supports NPN. NPN
1930 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
1931 support with the server during https sessions.
1932
1933 See also --no-alpn and --http2. --no-npn requires that the un‐
1934 derlying libcurl was built to support TLS. Added in 7.36.0.
1935
1936 --no-progress-meter
1937 Option to switch off the progress meter output without muting or
1938 otherwise affecting warning and informational messages like -s,
1939 --silent does.
1940
1941 Note that this is the negated option name documented. You can
1942 thus use --progress-meter to enable the progress meter again.
1943
1944 See also -v, --verbose and -s, --silent. Added in 7.67.0.
1945
1946 --no-sessionid
1947 (TLS) Disable curl's use of SSL session-ID caching. By default
1948 all transfers are done using the cache. Note that while nothing
1949 should ever get hurt by attempting to reuse SSL session-IDs,
1950 there seem to be broken SSL implementations in the wild that may
1951 require you to disable this in order for you to succeed.
1952
1953 Note that this is the negated option name documented. You can
1954 thus use --sessionid to enforce session-ID caching.
1955
1956 Added in 7.16.0.
1957
1958 --noproxy <no-proxy-list>
1959 Comma-separated list of hosts which do not use a proxy, if one
1960 is specified. The only wildcard is a single * character, which
1961 matches all hosts, and effectively disables the proxy. Each name
1962 in this list is matched as either a domain which contains the
1963 hostname, or the hostname itself. For example, local.com would
1964 match local.com, local.com:80, and www.local.com, but not
1965 www.notlocal.com.
1966
1967 Since 7.53.0, This option overrides the environment variables
1968 that disable the proxy. If there's an environment variable dis‐
1969 abling a proxy, you can set noproxy list to "" to override it.
1970
1971 Added in 7.19.4.
1972
1973 --ntlm-wb
1974 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
1975 the authentication to the separate binary ntlmauth application
1976 that is executed when needed.
1977
1978 See also --ntlm and --proxy-ntlm.
1979
1980 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
1981 method was designed by Microsoft and is used by IIS web servers.
1982 It is a proprietary protocol, reverse-engineered by clever peo‐
1983 ple and implemented in curl based on their efforts. This kind of
1984 behavior should not be endorsed, you should encourage everyone
1985 who uses NTLM to switch to a public and documented authentica‐
1986 tion method instead, such as Digest.
1987
1988 If you want to enable NTLM for your proxy authentication, then
1989 use --proxy-ntlm.
1990
1991 If this option is used several times, only the first one is
1992 used.
1993
1994 See also --proxy-ntlm. --ntlm requires that the underlying
1995 libcurl was built to support TLS. This option overrides --basic
1996 and --negotiate and --digest and --anyauth.
1997
1998 --oauth2-bearer <token>
1999 (IMAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH 2.0
2000 server authentication. The Bearer Token is used in conjunction
2001 with the user name which can be specified as part of the --url
2002 or -u, --user options.
2003
2004 The Bearer Token and user name are formatted according to RFC
2005 6750.
2006
2007 If this option is used several times, the last one will be used.
2008
2009 --output-dir <dir>
2010
2011 This option specifies the directory in which files should be
2012 stored, when -O, --remote-name or -o, --output are used.
2013
2014 The given output directory is used for all URLs and output op‐
2015 tions on the command line, up until the first -:, --next.
2016
2017 If the specified target directory doesn't exist, the operation
2018 will fail unless --create-dirs is also used.
2019
2020 If this option is used multiple times, the last specified direc‐
2021 tory will be used.
2022
2023 See also -O, --remote-name and -J, --remote-header-name. Added
2024 in 7.73.0.
2025
2026 -o, --output <file>
2027 Write output to <file> instead of stdout. If you are using {} or
2028 [] to fetch multiple documents, you should quote the URL and you
2029 can use '#' followed by a number in the <file> specifier. That
2030 variable will be replaced with the current string for the URL
2031 being fetched. Like in:
2032
2033 curl "http://{one,two}.example.com" -o "file_#1.txt"
2034
2035 or use several variables like:
2036
2037 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2038
2039 You may use this option as many times as the number of URLs you
2040 have. For example, if you specify two URLs on the same command
2041 line, you can use it like this:
2042
2043 curl -o aa example.com -o bb example.net
2044
2045 and the order of the -o options and the URLs doesn't matter,
2046 just that the first -o is for the first URL and so on, so the
2047 above command line can also be written as
2048
2049 curl example.com example.net -o aa -o bb
2050
2051 See also the --create-dirs option to create the local directo‐
2052 ries dynamically. Specifying the output as '-' (a single dash)
2053 will force the output to be done to stdout.
2054
2055 See also -O, --remote-name, --remote-name-all and -J, --remote-
2056 header-name.
2057
2058 --parallel-immediate
2059 When doing parallel transfers, this option will instruct curl
2060 that it should rather prefer opening up more connections in par‐
2061 allel at once rather than waiting to see if new transfers can be
2062 added as multiplexed streams on another connection.
2063
2064 See also -Z, --parallel and --parallel-max. Added in 7.68.0.
2065
2066 --parallel-max
2067 When asked to do parallel transfers, using -Z, --parallel, this
2068 option controls the maximum amount of transfers to do simultane‐
2069 ously.
2070
2071 The default is 50.
2072
2073 See also -Z, --parallel. Added in 7.66.0.
2074
2075 -Z, --parallel
2076 Makes curl perform its transfers in parallel as compared to the
2077 regular serial manner.
2078
2079 Added in 7.66.0.
2080
2081 --pass <phrase>
2082 (SSH TLS) Passphrase for the private key
2083
2084 If this option is used several times, the last one will be used.
2085
2086 --path-as-is
2087 Tell curl to not handle sequences of /../ or /./ in the given
2088 URL path. Normally curl will squash or merge them according to
2089 standards but with this option set you tell it not to do that.
2090
2091 Added in 7.42.0.
2092
2093 --pinnedpubkey <hashes>
2094 (TLS) Tells curl to use the specified public key file (or
2095 hashes) to verify the peer. This can be a path to a file which
2096 contains a single public key in PEM or DER format, or any number
2097 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2098 rated by ´;´
2099
2100 When negotiating a TLS or SSL connection, the server sends a
2101 certificate indicating its identity. A public key is extracted
2102 from this certificate and if it does not exactly match the pub‐
2103 lic key provided to this option, curl will abort the connection
2104 before sending or receiving any data.
2105
2106 PEM/DER support:
2107 7.39.0: OpenSSL, GnuTLS and GSKit
2108 7.43.0: NSS and wolfSSL
2109 7.47.0: mbedtls sha256 support:
2110 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
2111 7.47.0: mbedtls Other SSL backends not supported.
2112
2113 If this option is used several times, the last one will be used.
2114
2115 --post301
2116 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
2117 requests into GET requests when following a 301 redirection. The
2118 non-RFC behavior is ubiquitous in web browsers, so curl does the
2119 conversion by default to maintain consistency. However, a server
2120 may require a POST to remain a POST after such a redirection.
2121 This option is meaningful only when using -L, --location.
2122
2123 See also --post302, --post303 and -L, --location. Added in
2124 7.17.1.
2125
2126 --post302
2127 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
2128 requests into GET requests when following a 302 redirection. The
2129 non-RFC behavior is ubiquitous in web browsers, so curl does the
2130 conversion by default to maintain consistency. However, a server
2131 may require a POST to remain a POST after such a redirection.
2132 This option is meaningful only when using -L, --location.
2133
2134 See also --post301, --post303 and -L, --location. Added in
2135 7.19.1.
2136
2137 --post303
2138 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
2139 requests into GET requests when following 303 redirections. A
2140 server may require a POST to remain a POST after a 303 redirect‐
2141 ion. This option is meaningful only when using -L, --location.
2142
2143 See also --post302, --post301 and -L, --location. Added in
2144 7.26.0.
2145
2146 --preproxy [protocol://]host[:port]
2147 Use the specified SOCKS proxy before connecting to an HTTP or
2148 HTTPS -x, --proxy. In such a case curl first connects to the
2149 SOCKS proxy and then connects (through SOCKS) to the HTTP or
2150 HTTPS proxy. Hence pre proxy.
2151
2152 The pre proxy string should be specified with a protocol:// pre‐
2153 fix to specify alternative proxy protocols. Use socks4://,
2154 socks4a://, socks5:// or socks5h:// to request the specific
2155 SOCKS version to be used. No protocol specified will make curl
2156 default to SOCKS4.
2157
2158 If the port number is not specified in the proxy string, it is
2159 assumed to be 1080.
2160
2161 User and password that might be provided in the proxy string are
2162 URL decoded by curl. This allows you to pass in special charac‐
2163 ters such as @ by using %40 or pass in a colon with %3a.
2164
2165 If this option is used several times, the last one will be used.
2166
2167 Added in 7.52.0.
2168
2169 -#, --progress-bar
2170 Make curl display transfer progress as a simple progress bar in‐
2171 stead of the standard, more informational, meter.
2172
2173 This progress bar draws a single line of '#' characters across
2174 the screen and shows a percentage if the transfer size is known.
2175 For transfers without a known size, there will be space ship
2176 (-=o=-) that moves back and forth but only while data is being
2177 transferred, with a set of flying hash sign symbols on top.
2178
2179 --proto-default <protocol>
2180 Tells curl to use protocol for any URL missing a scheme name.
2181
2182 Example:
2183
2184 curl --proto-default https ftp.mozilla.org
2185
2186 An unknown or unsupported protocol causes error CURLE_UNSUP‐
2187 PORTED_PROTOCOL (1).
2188
2189 This option does not change the default proxy protocol (http).
2190
2191 Without this option curl would make a guess based on the host,
2192 see --url for details.
2193
2194 Added in 7.45.0.
2195
2196 --proto-redir <protocols>
2197 Tells curl to limit what protocols it may use on redirect. Pro‐
2198 tocols denied by --proto are not overridden by this option. See
2199 --proto for how protocols are represented.
2200
2201 Example, allow only HTTP and HTTPS on redirect:
2202
2203 curl --proto-redir -all,http,https http://example.com
2204
2205 By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect
2206 (7.65.2). Older versions of curl allowed all protocols on redi‐
2207 rect except several disabled for security reasons: Since 7.19.4
2208 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS are
2209 also disabled. Specifying all or +all enables all protocols on
2210 redirect, including those disabled for security.
2211
2212 Added in 7.20.2.
2213
2214 --proto <protocols>
2215 Tells curl to limit what protocols it may use in the transfer.
2216 Protocols are evaluated left to right, are comma separated, and
2217 are each a protocol name or 'all', optionally prefixed by zero
2218 or more modifiers. Available modifiers are:
2219
2220 + Permit this protocol in addition to protocols already permit‐
2221 ted (this is the default if no modifier is used).
2222
2223 - Deny this protocol, removing it from the list of protocols
2224 already permitted.
2225
2226 = Permit only this protocol (ignoring the list already permit‐
2227 ted), though subject to later modification by subsequent en‐
2228 tries in the comma separated list.
2229
2230 For example:
2231
2232 --proto -ftps uses the default protocols, but disables ftps
2233
2234 --proto -all,https,+http
2235 only enables http and https
2236
2237 --proto =http,https
2238 also only enables http and https
2239
2240 Unknown protocols produce a warning. This allows scripts to safely rely
2241 on being able to disable potentially dangerous protocols, without rely‐
2242 ing upon support for that protocol being built into curl to avoid an
2243 error.
2244
2245 This option can be used multiple times, in which case the effect is the
2246 same as concatenating the protocols into one instance of the option.
2247
2248 See also --proto-redir and --proto-default. Added in 7.20.2.
2249
2250 --proxy-anyauth
2251 Tells curl to pick a suitable authentication method when commu‐
2252 nicating with the given HTTP proxy. This might cause an extra
2253 request/response round-trip.
2254
2255 See also -x, --proxy, --proxy-basic and --proxy-digest. Added in
2256 7.13.2.
2257
2258 --proxy-basic
2259 Tells curl to use HTTP Basic authentication when communicating
2260 with the given proxy. Use --basic for enabling HTTP Basic with a
2261 remote host. Basic is the default authentication method curl
2262 uses with proxies.
2263
2264 See also -x, --proxy, --proxy-anyauth and --proxy-digest.
2265
2266 --proxy-cacert <file>
2267 Same as --cacert but used in HTTPS proxy context.
2268
2269 See also --proxy-capath, --cacert, --capath and -x, --proxy.
2270 Added in 7.52.0.
2271
2272 --proxy-capath <dir>
2273 Same as --capath but used in HTTPS proxy context.
2274
2275 See also --proxy-cacert, -x, --proxy and --capath. Added in
2276 7.52.0.
2277
2278 --proxy-cert-type <type>
2279 Same as --cert-type but used in HTTPS proxy context.
2280
2281 Added in 7.52.0.
2282
2283 --proxy-cert <cert[:passwd]>
2284 Same as -E, --cert but used in HTTPS proxy context.
2285
2286 Added in 7.52.0.
2287
2288 --proxy-ciphers <list>
2289 Same as --ciphers but used in HTTPS proxy context.
2290
2291 Added in 7.52.0.
2292
2293 --proxy-crlfile <file>
2294 Same as --crlfile but used in HTTPS proxy context.
2295
2296 Added in 7.52.0.
2297
2298 --proxy-digest
2299 Tells curl to use HTTP Digest authentication when communicating
2300 with the given proxy. Use --digest for enabling HTTP Digest with
2301 a remote host.
2302
2303 See also -x, --proxy, --proxy-anyauth and --proxy-basic.
2304
2305 --proxy-header <header/@file>
2306 (HTTP) Extra header to include in the request when sending HTTP
2307 to a proxy. You may specify any number of extra headers. This is
2308 the equivalent option to -H, --header but is for proxy communi‐
2309 cation only like in CONNECT requests when you want a separate
2310 header sent to the proxy to what is sent to the actual remote
2311 host.
2312
2313 curl will make sure that each header you add/replace is sent
2314 with the proper end-of-line marker, you should thus not add that
2315 as a part of the header content: do not add newlines or carriage
2316 returns, they will only mess things up for you.
2317
2318 Headers specified with this option will not be included in re‐
2319 quests that curl knows will not be sent to a proxy.
2320
2321 Starting in 7.55.0, this option can take an argument in @file‐
2322 name style, which then adds a header for each line in the input
2323 file. Using @- will make curl read the header file from stdin.
2324
2325 This option can be used multiple times to add/replace/remove
2326 multiple headers.
2327
2328 Added in 7.37.0.
2329
2330 --proxy-insecure
2331 Same as -k, --insecure but used in HTTPS proxy context.
2332
2333 Added in 7.52.0.
2334
2335 --proxy-key-type <type>
2336 Same as --key-type but used in HTTPS proxy context.
2337
2338 Added in 7.52.0.
2339
2340 --proxy-key <key>
2341 Same as --key but used in HTTPS proxy context.
2342
2343 --proxy-negotiate
2344 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2345 communicating with the given proxy. Use --negotiate for enabling
2346 HTTP Negotiate (SPNEGO) with a remote host.
2347
2348 See also --proxy-anyauth and --proxy-basic. Added in 7.17.1.
2349
2350 --proxy-ntlm
2351 Tells curl to use HTTP NTLM authentication when communicating
2352 with the given proxy. Use --ntlm for enabling NTLM with a remote
2353 host.
2354
2355 See also --proxy-negotiate and --proxy-anyauth.
2356
2357 --proxy-pass <phrase>
2358 Same as --pass but used in HTTPS proxy context.
2359
2360 Added in 7.52.0.
2361
2362 --proxy-pinnedpubkey <hashes>
2363 (TLS) Tells curl to use the specified public key file (or
2364 hashes) to verify the proxy. This can be a path to a file which
2365 contains a single public key in PEM or DER format, or any number
2366 of base64 encoded sha256 hashes preceded by ´sha256//´ and sepa‐
2367 rated by ´;´
2368
2369 When negotiating a TLS or SSL connection, the server sends a
2370 certificate indicating its identity. A public key is extracted
2371 from this certificate and if it does not exactly match the pub‐
2372 lic key provided to this option, curl will abort the connection
2373 before sending or receiving any data.
2374
2375 If this option is used several times, the last one will be used.
2376
2377 --proxy-service-name <name>
2378 This option allows you to change the service name for proxy ne‐
2379 gotiation.
2380
2381 Added in 7.43.0.
2382
2383 --proxy-ssl-allow-beast
2384 Same as --ssl-allow-beast but used in HTTPS proxy context.
2385
2386 Added in 7.52.0.
2387
2388 --proxy-tls13-ciphers <ciphersuite list>
2389 (TLS) Specifies which cipher suites to use in the connection to
2390 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
2391 suites must specify valid ciphers. Read up on TLS 1.3 cipher
2392 suite details on this URL:
2393
2394 https://curl.se/docs/ssl-ciphers.html
2395
2396 This option is currently used only when curl is built to use
2397 OpenSSL 1.1.1 or later. If you are using a different SSL backend
2398 you can try setting TLS 1.3 cipher suites by using the --proxy-
2399 ciphers option.
2400
2401 If this option is used several times, the last one will be used.
2402
2403 --proxy-tlsauthtype <type>
2404 Same as --tlsauthtype but used in HTTPS proxy context.
2405
2406 Added in 7.52.0.
2407
2408 --proxy-tlspassword <string>
2409 Same as --tlspassword but used in HTTPS proxy context.
2410
2411 Added in 7.52.0.
2412
2413 --proxy-tlsuser <name>
2414 Same as --tlsuser but used in HTTPS proxy context.
2415
2416 Added in 7.52.0.
2417
2418 --proxy-tlsv1
2419 Same as -1, --tlsv1 but used in HTTPS proxy context.
2420
2421 Added in 7.52.0.
2422
2423 -U, --proxy-user <user:password>
2424 Specify the user name and password to use for proxy authentica‐
2425 tion.
2426
2427 If you use a Windows SSPI-enabled curl binary and do either Ne‐
2428 gotiate or NTLM authentication then you can tell curl to select
2429 the user name and password from your environment by specifying a
2430 single colon with this option: "-U :".
2431
2432 On systems where it works, curl will hide the given option argu‐
2433 ment from process listings. This is not enough to protect cre‐
2434 dentials from possibly getting seen by other users on the same
2435 system as they will still be visible for a brief moment before
2436 cleared. Such sensitive data should be retrieved from a file in‐
2437 stead or similar and never used in clear text in a command line.
2438
2439 If this option is used several times, the last one will be used.
2440
2441 -x, --proxy [protocol://]host[:port]
2442 Use the specified proxy.
2443
2444 The proxy string can be specified with a protocol:// prefix. No
2445 protocol specified or http:// will be treated as HTTP proxy. Use
2446 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
2447 cific SOCKS version to be used. (The protocol support was added
2448 in curl 7.21.7)
2449
2450 HTTPS proxy support via https:// protocol prefix was added in
2451 7.52.0 for OpenSSL, GnuTLS and NSS.
2452
2453 Unrecognized and unsupported proxy protocols cause an error
2454 since 7.52.0. Prior versions may ignore the protocol and use
2455 http:// instead.
2456
2457 If the port number is not specified in the proxy string, it is
2458 assumed to be 1080.
2459
2460 This option overrides existing environment variables that set
2461 the proxy to use. If there's an environment variable setting a
2462 proxy, you can set proxy to "" to override it.
2463
2464 All operations that are performed over an HTTP proxy will trans‐
2465 parently be converted to HTTP. It means that certain protocol
2466 specific operations might not be available. This is not the case
2467 if you can tunnel through the proxy, as one with the -p, --prox‐
2468 ytunnel option.
2469
2470 User and password that might be provided in the proxy string are
2471 URL decoded by curl. This allows you to pass in special charac‐
2472 ters such as @ by using %40 or pass in a colon with %3a.
2473
2474 The proxy host can be specified the exact same way as the proxy
2475 environment variables, including the protocol prefix (http://)
2476 and the embedded user + password.
2477
2478 If this option is used several times, the last one will be used.
2479
2480 --proxy1.0 <host[:port]>
2481 Use the specified HTTP 1.0 proxy. If the port number is not
2482 specified, it is assumed at port 1080.
2483
2484 The only difference between this and the HTTP proxy option -x,
2485 --proxy, is that attempts to use CONNECT through the proxy will
2486 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
2487
2488 -p, --proxytunnel
2489 When an HTTP proxy is used -x, --proxy, this option will make
2490 curl tunnel through the proxy. The tunnel approach is made with
2491 the HTTP proxy CONNECT request and requires that the proxy al‐
2492 lows direct connect to the remote port number curl wants to tun‐
2493 nel through to.
2494
2495 To suppress proxy CONNECT response headers when curl is set to
2496 output headers use --suppress-connect-headers.
2497
2498 See also -x, --proxy.
2499
2500 --pubkey <key>
2501 (SFTP SCP) Public key file name. Allows you to provide your pub‐
2502 lic key in this separate file.
2503
2504 If this option is used several times, the last one will be used.
2505
2506 (As of 7.39.0, curl attempts to automatically extract the public
2507 key from the private key file, so passing this option is gener‐
2508 ally not required. Note that this public key extraction requires
2509 libcurl to be linked against a copy of libssh2 1.2.8 or higher
2510 that is itself linked against OpenSSL.)
2511
2512 -Q, --quote
2513 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
2514 server. Quote commands are sent BEFORE the transfer takes place
2515 (just after the initial PWD command in an FTP transfer, to be
2516 exact). To make commands take place after a successful transfer,
2517 prefix them with a dash '-'. To make commands be sent after
2518 curl has changed the working directory, just before the transfer
2519 command(s), prefix the command with a '+' (this is only sup‐
2520 ported for FTP). You may specify any number of commands.
2521
2522 If the server returns failure for one of the commands, the en‐
2523 tire operation will be aborted. You must send syntactically cor‐
2524 rect FTP commands as RFC 959 defines to FTP servers, or one of
2525 the commands listed below to SFTP servers.
2526
2527 Prefix the command with an asterisk (*) to make curl continue
2528 even if the command fails as by default curl will stop at first
2529 failure.
2530
2531 This option can be used multiple times.
2532
2533 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
2534 quote commands itself before sending them to the server. File
2535 names may be quoted shell-style to embed spaces or special char‐
2536 acters. Following is the list of all supported SFTP quote com‐
2537 mands:
2538
2539 atime date file
2540 The atime command sets the last access time of the file
2541 named by the file operand. The <date expression> can be
2542 all sorts of date strings, see the curl_getdate(3) man
2543 page for date expression details. (Added in 7.73.0)
2544
2545 chgrp group file
2546 The chgrp command sets the group ID of the file named by
2547 the file operand to the group ID specified by the group
2548 operand. The group operand is a decimal integer group ID.
2549
2550 chmod mode file
2551 The chmod command modifies the file mode bits of the
2552 specified file. The mode operand is an octal integer mode
2553 number.
2554
2555 chown user file
2556 The chown command sets the owner of the file named by the
2557 file operand to the user ID specified by the user oper‐
2558 and. The user operand is a decimal integer user ID.
2559
2560 ln source_file target_file
2561 The ln and symlink commands create a symbolic link at the
2562 target_file location pointing to the source_file loca‐
2563 tion.
2564
2565 mkdir directory_name
2566 The mkdir command creates the directory named by the di‐
2567 rectory_name operand.
2568
2569 mtime date file
2570 The mtime command sets the last modification time of the
2571 file named by the file operand. The <date expression> can
2572 be all sorts of date strings, see the curl_getdate(3) man
2573 page for date expression details. (Added in 7.73.0)
2574
2575 pwd The pwd command returns the absolute pathname of the cur‐
2576 rent working directory.
2577
2578 rename source target
2579 The rename command renames the file or directory named by
2580 the source operand to the destination path named by the
2581 target operand.
2582
2583 rm file
2584 The rm command removes the file specified by the file op‐
2585 erand.
2586
2587 rmdir directory
2588 The rmdir command removes the directory entry specified
2589 by the directory operand, provided it is empty.
2590
2591 symlink source_file target_file
2592 See ln.
2593
2594 --random-file <file>
2595 Specify the path name to file containing what will be considered
2596 as random data. The data may be used to seed the random engine
2597 for SSL connections. See also the --egd-file option.
2598
2599 -r, --range <range>
2600 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
2601 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
2602 Ranges can be specified in a number of ways.
2603
2604 0-499 specifies the first 500 bytes
2605
2606 500-999 specifies the second 500 bytes
2607
2608 -500 specifies the last 500 bytes
2609
2610 9500- specifies the bytes from offset 9500 and forward
2611
2612 0-0,-1 specifies the first and last byte only(*)(HTTP)
2613
2614 100-199,500-599
2615 specifies two separate 100-byte ranges(*) (HTTP)
2616
2617 (*) = NOTE that this will cause the server to reply with a mul‐
2618 tipart response, which will be returned as-is by curl! Parsing
2619 or otherwise transforming this response is the responsibility of
2620 the caller.
2621
2622 Only digit characters (0-9) are valid in the 'start' and 'stop'
2623 fields of the 'start-stop' range syntax. If a non-digit charac‐
2624 ter is given in the range, the server's response will be unspec‐
2625 ified, depending on the server's configuration.
2626
2627 You should also be aware that many HTTP/1.1 servers do not have
2628 this feature enabled, so that when you attempt to get a range,
2629 you'll instead get the whole document.
2630
2631 FTP and SFTP range downloads only support the simple 'start-
2632 stop' syntax (optionally with one of the numbers omitted). FTP
2633 use depends on the extended FTP command SIZE.
2634
2635 If this option is used several times, the last one will be used.
2636
2637 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
2638 tent or transfer encodings and instead makes them passed on un‐
2639 altered, raw.
2640
2641 Added in 7.16.2.
2642
2643 -e, --referer <URL>
2644 (HTTP) Sends the "Referrer Page" information to the HTTP server.
2645 This can also be set with the -H, --header flag of course. When
2646 used with -L, --location you can append ";auto" to the -e,
2647 --referer URL to make curl automatically set the previous URL
2648 when it follows a Location: header. The ";auto" string can be
2649 used alone, even if you don't set an initial -e, --referer.
2650
2651 If this option is used several times, the last one will be used.
2652
2653 See also -A, --user-agent and -H, --header.
2654
2655 -J, --remote-header-name
2656 (HTTP) This option tells the -O, --remote-name option to use the
2657 server-specified Content-Disposition filename instead of ex‐
2658 tracting a filename from the URL.
2659
2660 If the server specifies a file name and a file with that name
2661 already exists in the current working directory it will not be
2662 overwritten and an error will occur. If the server doesn't spec‐
2663 ify a file name then this option has no effect.
2664
2665 There's no attempt to decode %-sequences (yet) in the provided
2666 file name, so this option may provide you with rather unexpected
2667 file names.
2668
2669 WARNING: Exercise judicious use of this option, especially on
2670 Windows. A rogue server could send you the name of a DLL or
2671 other file that could possibly be loaded automatically by Win‐
2672 dows or some third party software.
2673
2674 --remote-name-all
2675 This option changes the default action for all given URLs to be
2676 dealt with as if -O, --remote-name were used for each one. So if
2677 you want to disable that for a specific URL after --remote-name-
2678 all has been used, you must use "-o -" or --no-remote-name.
2679
2680 Added in 7.19.0.
2681
2682 -O, --remote-name
2683 Write output to a local file named like the remote file we get.
2684 (Only the file part of the remote file is used, the path is cut
2685 off.)
2686
2687 The file will be saved in the current working directory. If you
2688 want the file saved in a different directory, make sure you
2689 change the current working directory before invoking curl with
2690 this option.
2691
2692 The remote file name to use for saving is extracted from the
2693 given URL, nothing else, and if it already exists it will be
2694 overwritten. If you want the server to be able to choose the
2695 file name refer to -J, --remote-header-name which can be used in
2696 addition to this option. If the server chooses a file name and
2697 that name already exists it will not be overwritten.
2698
2699 There is no URL decoding done on the file name. If it has %20 or
2700 other URL encoded parts of the name, they will end up as-is as
2701 file name.
2702
2703 You may use this option as many times as the number of URLs you
2704 have.
2705
2706 -R, --remote-time
2707 When used, this will make curl attempt to figure out the time‐
2708 stamp of the remote file, and if that is available make the lo‐
2709 cal file get that same timestamp.
2710
2711 --request-target
2712 (HTTP) Tells curl to use an alternative "target" (path) instead
2713 of using the path as provided in the URL. Particularly useful
2714 when wanting to issue HTTP requests without leading slash or
2715 other data that doesn't follow the regular URL pattern, like
2716 "OPTIONS *".
2717
2718 Added in 7.55.0.
2719
2720 -X, --request <command>
2721 (HTTP) Specifies a custom request method to use when communicat‐
2722 ing with the HTTP server. The specified request method will be
2723 used instead of the method otherwise used (which defaults to
2724 GET). Read the HTTP 1.1 specification for details and explana‐
2725 tions. Common additional HTTP requests include PUT and DELETE,
2726 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
2727 and more.
2728
2729 Normally you don't need this option. All sorts of GET, HEAD,
2730 POST and PUT requests are rather invoked by using dedicated com‐
2731 mand line options.
2732
2733 This option only changes the actual word used in the HTTP re‐
2734 quest, it does not alter the way curl behaves. So for example if
2735 you want to make a proper HEAD request, using -X HEAD will not
2736 suffice. You need to use the -I, --head option.
2737
2738 The method string you set with -X, --request will be used for
2739 all requests, which if you for example use -L, --location may
2740 cause unintended side-effects when curl doesn't change request
2741 method according to the HTTP 30x response codes - and similar.
2742
2743 (FTP) Specifies a custom FTP command to use instead of LIST when
2744 doing file lists with FTP.
2745
2746 (POP3) Specifies a custom POP3 command to use instead of LIST or
2747 RETR. (Added in 7.26.0)
2748
2749 (IMAP) Specifies a custom IMAP command to use instead of LIST.
2750 (Added in 7.30.0)
2751
2752 (SMTP) Specifies a custom SMTP command to use instead of HELP or
2753 VRFY. (Added in 7.34.0)
2754
2755 If this option is used several times, the last one will be used.
2756
2757 --resolve <[+]host:port:addr[,addr]...>
2758 Provide a custom address for a specific host and port pair. Us‐
2759 ing this, you can make the curl requests(s) use a specified ad‐
2760 dress and prevent the otherwise normally resolved address to be
2761 used. Consider it a sort of /etc/hosts alternative provided on
2762 the command line. The port number should be the number used for
2763 the specific protocol the host will be used for. It means you
2764 need several entries if you want to provide address for the same
2765 host but different ports.
2766
2767 By specifying '*' as host you can tell curl to resolve any host
2768 and specific port pair to the specified address. Wildcard is re‐
2769 solved last so any --resolve with a specific host and port will
2770 be used first.
2771
2772 The provided address set by this option will be used even if -4,
2773 --ipv4 or -6, --ipv6 is set to make curl use another IP version.
2774
2775 By prefixing the host with a '+' you can make the entry time out
2776 after curl's default timeout (1 minute). Note that this will
2777 only make sense for long running parallel transfers with a lot
2778 of files. In such cases, if this option is used curl will try to
2779 resolve the host as it normally would once the timeout has ex‐
2780 pired.
2781
2782 Support for providing the IP address within [brackets] was added
2783 in 7.57.0.
2784
2785 Support for providing multiple IP addresses per entry was added
2786 in 7.59.0.
2787
2788 Support for resolving with wildcard was added in 7.64.0.
2789
2790 Support for the '+' prefix was was added in 7.75.0.
2791
2792 This option can be used many times to add many host names to re‐
2793 solve.
2794
2795 Added in 7.21.3.
2796
2797 --retry-all-errors
2798 Retry on any error. This option is used together with --retry.
2799
2800 This option is the "sledgehammer" of retrying. Do not use this
2801 option by default (eg in curlrc), there may be unintended conse‐
2802 quences such as sending or receiving duplicate data. Do not use
2803 with redirected input or output. You'd be much better off han‐
2804 dling your unique problems in shell script. Please read the ex‐
2805 ample below.
2806
2807 Warning: For server compatibility curl attempts to retry failed
2808 flaky transfers as close as possible to how they were started,
2809 but this is not possible with redirected input or output. For
2810 example, before retrying it removes output data from a failed
2811 partial transfer that was written to an output file. However
2812 this is not true of data redirected to a | pipe or > file, which
2813 are not reset. We strongly suggest don't parse or record output
2814 via redirect in combination with this option, since you may re‐
2815 ceive duplicate data.
2816
2817 By default curl will not error on an HTTP response code that in‐
2818 dicates an HTTP error, if the transfer was successful. For exam‐
2819 ple, if a server replies 404 Not Found and the reply is fully
2820 received then that is not an error. When --retry is used then
2821 curl will retry on some HTTP response codes that indicate tran‐
2822 sient HTTP errors, but that does not include most 4xx response
2823 codes such as 404. If you want to retry on all response codes
2824 that indicate HTTP errors (4xx and 5xx) then combine with -f,
2825 --fail.
2826
2827 Added in 7.71.0.
2828
2829 --retry-connrefused
2830 In addition to the other conditions, consider ECONNREFUSED as a
2831 transient error too for --retry. This option is used together
2832 with --retry.
2833
2834 Added in 7.52.0.
2835
2836 --retry-delay <seconds>
2837 Make curl sleep this amount of time before each retry when a
2838 transfer has failed with a transient error (it changes the de‐
2839 fault backoff time algorithm between retries). This option is
2840 only interesting if --retry is also used. Setting this delay to
2841 zero will make curl use the default backoff time.
2842
2843 If this option is used several times, the last one will be used.
2844
2845 Added in 7.12.3.
2846
2847 --retry-max-time <seconds>
2848 The retry timer is reset before the first transfer attempt. Re‐
2849 tries will be done as usual (see --retry) as long as the timer
2850 hasn't reached this given limit. Notice that if the timer hasn't
2851 reached the limit, the request will be made and while perform‐
2852 ing, it may take longer than this given time period. To limit a
2853 single request´s maximum time, use -m, --max-time. Set this op‐
2854 tion to zero to not timeout retries.
2855
2856 If this option is used several times, the last one will be used.
2857
2858 Added in 7.12.3.
2859
2860 --retry <num>
2861 If a transient error is returned when curl tries to perform a
2862 transfer, it will retry this number of times before giving up.
2863 Setting the number to 0 makes curl do no retries (which is the
2864 default). Transient error means either: a timeout, an FTP 4xx
2865 response code or an HTTP 408, 429, 500, 502, 503 or 504 response
2866 code.
2867
2868 When curl is about to retry a transfer, it will first wait one
2869 second and then for all forthcoming retries it will double the
2870 waiting time until it reaches 10 minutes which then will be the
2871 delay between the rest of the retries. By using --retry-delay
2872 you disable this exponential backoff algorithm. See also
2873 --retry-max-time to limit the total time allowed for retries.
2874
2875 Since curl 7.66.0, curl will comply with the Retry-After: re‐
2876 sponse header if one was present to know when to issue the next
2877 retry.
2878
2879 If this option is used several times, the last one will be used.
2880
2881 Added in 7.12.3.
2882
2883 --sasl-authzid <identity>
2884 Use this authorisation identity (authzid), during SASL PLAIN au‐
2885 thentication, in addition to the authentication identity (auth‐
2886 cid) as specified by -u, --user.
2887
2888 If the option isn't specified, the server will derive the au‐
2889 thzid from the authcid, but if specified, and depending on the
2890 server implementation, it may be used to access another user's
2891 inbox, that the user has been granted access to, or a shared
2892 mailbox for example.
2893
2894 Added in 7.66.0.
2895
2896 --sasl-ir
2897 Enable initial response in SASL authentication.
2898
2899 Added in 7.31.0.
2900
2901 --service-name <name>
2902 This option allows you to change the service name for SPNEGO.
2903
2904 Examples: --negotiate --service-name sockd would use
2905 sockd/server-name.
2906
2907 Added in 7.43.0.
2908
2909 -S, --show-error
2910 When used with -s, --silent, it makes curl show an error message
2911 if it fails.
2912
2913 See also --no-progress-meter.
2914
2915 -s, --silent
2916 Silent or quiet mode. Don't show progress meter or error mes‐
2917 sages. Makes Curl mute. It will still output the data you ask
2918 for, potentially even to the terminal/stdout unless you redirect
2919 it.
2920
2921 Use -S, --show-error in addition to this option to disable
2922 progress meter but still show error messages.
2923
2924 See also -v, --verbose, --stderr and --no-progress-meter.
2925
2926 --socks4 <host[:port]>
2927 Use the specified SOCKS4 proxy. If the port number is not speci‐
2928 fied, it is assumed at port 1080.
2929
2930 This option overrides any previous use of -x, --proxy, as they
2931 are mutually exclusive.
2932
2933 Since 7.21.7, this option is superfluous since you can specify a
2934 socks4 proxy with -x, --proxy using a socks4:// protocol prefix.
2935
2936 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2937 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2938 such a case curl first connects to the SOCKS proxy and then con‐
2939 nects (through SOCKS) to the HTTP or HTTPS proxy.
2940
2941 If this option is used several times, the last one will be used.
2942
2943 Added in 7.15.2.
2944
2945 --socks4a <host[:port]>
2946 Use the specified SOCKS4a proxy. If the port number is not spec‐
2947 ified, it is assumed at port 1080.
2948
2949 This option overrides any previous use of -x, --proxy, as they
2950 are mutually exclusive.
2951
2952 Since 7.21.7, this option is superfluous since you can specify a
2953 socks4a proxy with -x, --proxy using a socks4a:// protocol pre‐
2954 fix.
2955
2956 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
2957 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
2958 such a case curl first connects to the SOCKS proxy and then con‐
2959 nects (through SOCKS) to the HTTP or HTTPS proxy.
2960
2961 If this option is used several times, the last one will be used.
2962
2963 Added in 7.18.0.
2964
2965 --socks5-basic
2966 Tells curl to use username/password authentication when connect‐
2967 ing to a SOCKS5 proxy. The username/password authentication is
2968 enabled by default. Use --socks5-gssapi to force GSS-API au‐
2969 thentication to SOCKS5 proxies.
2970
2971 Added in 7.55.0.
2972
2973 --socks5-gssapi-nec
2974 As part of the GSS-API negotiation a protection mode is negoti‐
2975 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
2976 but the NEC reference implementation does not. The option
2977 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
2978 tection mode negotiation.
2979
2980 Added in 7.19.4.
2981
2982 --socks5-gssapi-service <name>
2983 The default service name for a socks server is rcmd/server-fqdn.
2984 This option allows you to change it.
2985
2986 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
2987 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
2988 service sockd/real-name would use sockd/real-name for cases
2989 where the proxy-name does not match the principal name.
2990
2991 Added in 7.19.4.
2992
2993 --socks5-gssapi
2994 Tells curl to use GSS-API authentication when connecting to a
2995 SOCKS5 proxy. The GSS-API authentication is enabled by default
2996 (if curl is compiled with GSS-API support). Use --socks5-basic
2997 to force username/password authentication to SOCKS5 proxies.
2998
2999 Added in 7.55.0.
3000
3001 --socks5-hostname <host[:port]>
3002 Use the specified SOCKS5 proxy (and let the proxy resolve the
3003 host name). If the port number is not specified, it is assumed
3004 at port 1080.
3005
3006 This option overrides any previous use of -x, --proxy, as they
3007 are mutually exclusive.
3008
3009 Since 7.21.7, this option is superfluous since you can specify a
3010 socks5 hostname proxy with -x, --proxy using a socks5h:// proto‐
3011 col prefix.
3012
3013 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3014 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
3015 such a case curl first connects to the SOCKS proxy and then con‐
3016 nects (through SOCKS) to the HTTP or HTTPS proxy.
3017
3018 If this option is used several times, the last one will be used.
3019
3020 Added in 7.18.0.
3021
3022 --socks5 <host[:port]>
3023 Use the specified SOCKS5 proxy - but resolve the host name lo‐
3024 cally. If the port number is not specified, it is assumed at
3025 port 1080.
3026
3027 This option overrides any previous use of -x, --proxy, as they
3028 are mutually exclusive.
3029
3030 Since 7.21.7, this option is superfluous since you can specify a
3031 socks5 proxy with -x, --proxy using a socks5:// protocol prefix.
3032
3033 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3034 the same time -x, --proxy is used with an HTTP/HTTPS proxy. In
3035 such a case curl first connects to the SOCKS proxy and then con‐
3036 nects (through SOCKS) to the HTTP or HTTPS proxy.
3037
3038 If this option is used several times, the last one will be used.
3039
3040 This option (as well as --socks4) does not work with IPV6, FTPS
3041 or LDAP.
3042
3043 Added in 7.18.0.
3044
3045 -Y, --speed-limit <speed>
3046 If a download is slower than this given speed (in bytes per sec‐
3047 ond) for speed-time seconds it gets aborted. speed-time is set
3048 with -y, --speed-time and is 30 if not set.
3049
3050 If this option is used several times, the last one will be used.
3051
3052 -y, --speed-time <seconds>
3053 If a download is slower than speed-limit bytes per second during
3054 a speed-time period, the download gets aborted. If speed-time is
3055 used, the default speed-limit will be 1 unless set with -Y,
3056 --speed-limit.
3057
3058 This option controls transfers and thus will not affect slow
3059 connects etc. If this is a concern for you, try the --connect-
3060 timeout option.
3061
3062 If this option is used several times, the last one will be used.
3063
3064 --ssl-allow-beast
3065 This option tells curl to not work around a security flaw in the
3066 SSL3 and TLS1.0 protocols known as BEAST. If this option isn't
3067 used, the SSL layer may use workarounds known to cause interop‐
3068 erability problems with some older SSL implementations. WARNING:
3069 this option loosens the SSL security, and by using this flag you
3070 ask for exactly that.
3071
3072 Added in 7.25.0.
3073
3074 --ssl-no-revoke
3075 (Schannel) This option tells curl to disable certificate revoca‐
3076 tion checks. WARNING: this option loosens the SSL security, and
3077 by using this flag you ask for exactly that.
3078
3079 Added in 7.44.0.
3080
3081 --ssl-reqd
3082 (FTP IMAP POP3 SMTP) Require SSL/TLS for the connection. Termi‐
3083 nates the connection if the server doesn't support SSL/TLS.
3084
3085 This option was formerly known as --ftp-ssl-reqd.
3086
3087 Added in 7.20.0.
3088
3089 --ssl-revoke-best-effort
3090 (Schannel) This option tells curl to ignore certificate revoca‐
3091 tion checks when they failed due to missing/offline distribution
3092 points for the revocation check lists.
3093
3094 Added in 7.70.0.
3095
3096 --ssl (FTP IMAP POP3 SMTP) Try to use SSL/TLS for the connection. Re‐
3097 verts to a non-secure connection if the server doesn't support
3098 SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for differ‐
3099 ent levels of encryption required.
3100
3101 This option was formerly known as --ftp-ssl (Added in 7.11.0).
3102 That option name can still be used but will be removed in a fu‐
3103 ture version.
3104
3105 Added in 7.20.0.
3106
3107 -2, --sslv2
3108 (SSL) Forces curl to use SSL version 2 when negotiating with a
3109 remote SSL server. Sometimes curl is built without SSLv2 sup‐
3110 port. SSLv2 is widely considered insecure (see RFC 6176).
3111
3112 See also --http1.1 and --http2. -2, --sslv2 requires that the
3113 underlying libcurl was built to support TLS. This option over‐
3114 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3115
3116 -3, --sslv3
3117 (SSL) Forces curl to use SSL version 3 when negotiating with a
3118 remote SSL server. Sometimes curl is built without SSLv3 sup‐
3119 port. SSLv3 is widely considered insecure (see RFC 7568).
3120
3121 See also --http1.1 and --http2. -3, --sslv3 requires that the
3122 underlying libcurl was built to support TLS. This option over‐
3123 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3124
3125 --stderr <file>
3126 Redirect all writes to stderr to the specified file instead. If
3127 the file name is a plain '-', it is instead written to stdout.
3128
3129 If this option is used several times, the last one will be used.
3130
3131 See also -v, --verbose and -s, --silent.
3132
3133 --styled-output
3134 Enables the automatic use of bold font styles when writing HTTP
3135 headers to the terminal. Use --no-styled-output to switch them
3136 off.
3137
3138 Added in 7.61.0.
3139
3140 --suppress-connect-headers
3141 When -p, --proxytunnel is used and a CONNECT request is made
3142 don't output proxy CONNECT response headers. This option is
3143 meant to be used with -D, --dump-header or -i, --include which
3144 are used to show protocol headers in the output. It has no ef‐
3145 fect on debug options such as -v, --verbose or --trace, or any
3146 statistics.
3147
3148 See also -D, --dump-header, -i, --include and -p, --proxytunnel.
3149
3150 --tcp-fastopen
3151 Enable use of TCP Fast Open (RFC7413).
3152
3153 Added in 7.49.0.
3154
3155 --tcp-nodelay
3156 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
3157 page for details about this option.
3158
3159 Since 7.50.2, curl sets this option by default and you need to
3160 explicitly switch it off if you don't want it on.
3161
3162 Added in 7.11.2.
3163
3164 -t, --telnet-option <opt=val>
3165 Pass options to the telnet protocol. Supported options are:
3166
3167 TTYPE=<term> Sets the terminal type.
3168
3169 XDISPLOC=<X display> Sets the X display location.
3170
3171 NEW_ENV=<var,val> Sets an environment variable.
3172
3173 --tftp-blksize <value>
3174 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
3175 size that curl will try to use when transferring data to or from
3176 a TFTP server. By default 512 bytes will be used.
3177
3178 If this option is used several times, the last one will be used.
3179
3180 Added in 7.20.0.
3181
3182 --tftp-no-options
3183 (TFTP) Tells curl not to send TFTP options requests.
3184
3185 This option improves interop with some legacy servers that do
3186 not acknowledge or properly implement TFTP options. When this
3187 option is used --tftp-blksize is ignored.
3188
3189 Added in 7.48.0.
3190
3191 -z, --time-cond <time>
3192 (HTTP FTP) Request a file that has been modified later than the
3193 given time and date, or one that has been modified before that
3194 time. The <date expression> can be all sorts of date strings or
3195 if it doesn't match any internal ones, it is taken as a filename
3196 and tries to get the modification date (mtime) from <file> in‐
3197 stead. See the curl_getdate(3) man pages for date expression de‐
3198 tails.
3199
3200 Start the date expression with a dash (-) to make it request for
3201 a document that is older than the given date/time, default is a
3202 document that is newer than the specified date/time.
3203
3204 If this option is used several times, the last one will be used.
3205
3206 --tls-max <VERSION>
3207 (SSL) VERSION defines maximum supported TLS version. The minimum
3208 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
3209 tlsv1.3.
3210
3211 If the connection is done without TLS, this option has no ef‐
3212 fect. This includes QUIC-using (HTTP/3) transfers.
3213
3214
3215 default
3216 Use up to recommended TLS version.
3217
3218 1.0 Use up to TLSv1.0.
3219
3220 1.1 Use up to TLSv1.1.
3221
3222 1.2 Use up to TLSv1.2.
3223
3224 1.3 Use up to TLSv1.3.
3225
3226 See also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3. --tls-max re‐
3227 quires that the underlying libcurl was built to support TLS. Added in
3228 7.54.0.
3229
3230 --tls13-ciphers <ciphersuite list>
3231 (TLS) Specifies which cipher suites to use in the connection if
3232 it negotiates TLS 1.3. The list of ciphers suites must specify
3233 valid ciphers. Read up on TLS 1.3 cipher suite details on this
3234 URL:
3235
3236 https://curl.se/docs/ssl-ciphers.html
3237
3238 This option is currently used only when curl is built to use
3239 OpenSSL 1.1.1 or later. If you are using a different SSL backend
3240 you can try setting TLS 1.3 cipher suites by using the --ciphers
3241 option.
3242
3243 If this option is used several times, the last one will be used.
3244
3245 --tlsauthtype <type>
3246 Set TLS authentication type. Currently, the only supported op‐
3247 tion is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
3248 --tlspassword are specified but --tlsauthtype is not, then this
3249 option defaults to "SRP". This option works only if the under‐
3250 lying libcurl is built with TLS-SRP support, which requires
3251 OpenSSL or GnuTLS with TLS-SRP support.
3252
3253 Added in 7.21.4.
3254
3255 --tlspassword
3256 Set password for use with the TLS authentication method speci‐
3257 fied with --tlsauthtype. Requires that --tlsuser also be set.
3258
3259 This doesn't work with TLS 1.3.
3260
3261 Added in 7.21.4.
3262
3263 --tlsuser <name>
3264 Set username for use with the TLS authentication method speci‐
3265 fied with --tlsauthtype. Requires that --tlspassword also is
3266 set.
3267
3268 This doesn't work with TLS 1.3.
3269
3270 Added in 7.21.4.
3271
3272 --tlsv1.0
3273 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
3274 ing to a remote TLS server.
3275
3276 In old versions of curl this option was documented to allow
3277 _only_ TLS 1.0, but behavior was inconsistent depending on the
3278 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3279 sion.
3280
3281 Added in 7.34.0.
3282
3283 --tlsv1.1
3284 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
3285 ing to a remote TLS server.
3286
3287 In old versions of curl this option was documented to allow
3288 _only_ TLS 1.1, but behavior was inconsistent depending on the
3289 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3290 sion.
3291
3292 Added in 7.34.0.
3293
3294 --tlsv1.2
3295 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
3296 ing to a remote TLS server.
3297
3298 In old versions of curl this option was documented to allow
3299 _only_ TLS 1.2, but behavior was inconsistent depending on the
3300 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
3301 sion.
3302
3303 Added in 7.34.0.
3304
3305 --tlsv1.3
3306 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
3307 ing to a remote TLS server.
3308
3309 If the connection is done without TLS, this option has no ef‐
3310 fect. This includes QUIC-using (HTTP/3) transfers.
3311
3312 Note that TLS 1.3 is not supported by all TLS backends.
3313
3314 Added in 7.52.0.
3315
3316 -1, --tlsv1
3317 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
3318 ing with a remote TLS server. That means TLS version 1.0 or
3319 higher
3320
3321 See also --http1.1 and --http2. -1, --tlsv1 requires that the
3322 underlying libcurl was built to support TLS. This option over‐
3323 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
3324
3325 --tr-encoding
3326 (HTTP) Request a compressed Transfer-Encoding response using one
3327 of the algorithms curl supports, and uncompress the data while
3328 receiving it.
3329
3330 Added in 7.21.6.
3331
3332 --trace-ascii <file>
3333 Enables a full trace dump of all incoming and outgoing data, in‐
3334 cluding descriptive information, to the given output file. Use
3335 "-" as filename to have the output sent to stdout.
3336
3337 This is very similar to --trace, but leaves out the hex part and
3338 only shows the ASCII part of the dump. It makes smaller output
3339 that might be easier to read for untrained humans.
3340
3341 If this option is used several times, the last one will be used.
3342
3343 This option overrides --trace and -v, --verbose.
3344
3345 --trace-time
3346 Prepends a time stamp to each trace or verbose line that curl
3347 displays.
3348
3349 Added in 7.14.0.
3350
3351 --trace <file>
3352 Enables a full trace dump of all incoming and outgoing data, in‐
3353 cluding descriptive information, to the given output file. Use
3354 "-" as filename to have the output sent to stdout. Use "%" as
3355 filename to have the output sent to stderr.
3356
3357 If this option is used several times, the last one will be used.
3358
3359 This option overrides -v, --verbose and --trace-ascii.
3360
3361 --unix-socket <path>
3362 (HTTP) Connect through this Unix domain socket, instead of using
3363 the network.
3364
3365 Added in 7.40.0.
3366
3367 -T, --upload-file <file>
3368 This transfers the specified local file to the remote URL. If
3369 there is no file part in the specified URL, curl will append the
3370 local file name. NOTE that you must use a trailing / on the last
3371 directory to really prove to Curl that there is no file name or
3372 curl will think that your last directory name is the remote file
3373 name to use. That will most likely cause the upload operation to
3374 fail. If this is used on an HTTP(S) server, the PUT command will
3375 be used.
3376
3377 Use the file name "-" (a single dash) to use stdin instead of a
3378 given file. Alternately, the file name "." (a single period)
3379 may be specified instead of "-" to use stdin in non-blocking
3380 mode to allow reading server output while stdin is being up‐
3381 loaded.
3382
3383 You can specify one -T, --upload-file for each URL on the com‐
3384 mand line. Each -T, --upload-file + URL pair specifies what to
3385 upload and to where. curl also supports "globbing" of the -T,
3386 --upload-file argument, meaning that you can upload multiple
3387 files to a single URL by using the same URL globbing style sup‐
3388 ported in the URL, like this:
3389
3390 curl --upload-file "{file1,file2}" http://www.example.com
3391
3392 or even
3393
3394 curl -T "img[1-1000].png" ftp://ftp.example.com/upload/
3395
3396 When uploading to an SMTP server: the uploaded data is assumed
3397 to be RFC 5322 formatted. It has to feature the necessary set of
3398 headers and mail body formatted correctly by the user as curl
3399 will not transcode nor encode it further in any way.
3400
3401 --url <url>
3402 Specify a URL to fetch. This option is mostly handy when you
3403 want to specify URL(s) in a config file.
3404
3405 If the given URL is missing a scheme name (such as "http://" or
3406 "ftp://" etc) then curl will make a guess based on the host. If
3407 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
3408 POP3 or SMTP then that protocol will be used, otherwise HTTP
3409 will be used. Since 7.45.0 guessing can be disabled by setting a
3410 default protocol, see --proto-default for details.
3411
3412 This option may be used any number of times. To control where
3413 this URL is written, use the -o, --output or the -O, --remote-
3414 name options.
3415
3416 Warning: On Windows, particular file:// accesses can be con‐
3417 verted to network accesses by the operating system. Beware!
3418
3419 -B, --use-ascii
3420 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be en‐
3421 forced by using a URL that ends with ";type=A". This option
3422 causes data sent to stdout to be in text mode for win32 systems.
3423
3424 -A, --user-agent <name>
3425 (HTTP) Specify the User-Agent string to send to the HTTP server.
3426 To encode blanks in the string, surround the string with single
3427 quote marks. This header can also be set with the -H, --header
3428 or the --proxy-header options.
3429
3430 If you give an empty argument to -A, --user-agent (""), it will
3431 remove the header completely from the request. If you prefer a
3432 blank header, you can set it to a single space (" ").
3433
3434 If this option is used several times, the last one will be used.
3435
3436 -u, --user <user:password>
3437 Specify the user name and password to use for server authentica‐
3438 tion. Overrides -n, --netrc and --netrc-optional.
3439
3440 If you simply specify the user name, curl will prompt for a
3441 password.
3442
3443 The user name and passwords are split up on the first colon,
3444 which makes it impossible to use a colon in the user name with
3445 this option. The password can, still.
3446
3447 On systems where it works, curl will hide the given option argu‐
3448 ment from process listings. This is not enough to protect cre‐
3449 dentials from possibly getting seen by other users on the same
3450 system as they will still be visible for a brief moment before
3451 cleared. Such sensitive data should be retrieved from a file in‐
3452 stead or similar and never used in clear text in a command line.
3453
3454 When using Kerberos V5 with a Windows based server you should
3455 include the Windows domain name in the user name, in order for
3456 the server to successfully obtain a Kerberos Ticket. If you
3457 don't then the initial authentication handshake may fail.
3458
3459 When using NTLM, the user name can be specified simply as the
3460 user name, without the domain, if there is a single domain and
3461 forest in your setup for example.
3462
3463 To specify the domain name use either Down-Level Logon Name or
3464 UPN (User Principal Name) formats. For example, EXAMPLE\user and
3465 user@example.com respectively.
3466
3467 If you use a Windows SSPI-enabled curl binary and perform Ker‐
3468 beros V5, Negotiate, NTLM or Digest authentication then you can
3469 tell curl to select the user name and password from your envi‐
3470 ronment by specifying a single colon with this option: "-u :".
3471
3472 If this option is used several times, the last one will be used.
3473
3474 -v, --verbose
3475 Makes curl verbose during the operation. Useful for debugging
3476 and seeing what's going on "under the hood". A line starting
3477 with '>' means "header data" sent by curl, '<' means "header
3478 data" received by curl that is hidden in normal cases, and a
3479 line starting with '*' means additional info provided by curl.
3480
3481 If you only want HTTP headers in the output, -i, --include might
3482 be the option you're looking for.
3483
3484 If you think this option still doesn't give you enough details,
3485 consider using --trace or --trace-ascii instead.
3486
3487 Use -s, --silent to make curl really quiet.
3488
3489 See also -i, --include. This option overrides --trace and
3490 --trace-ascii.
3491
3492 -V, --version
3493 Displays information about curl and the libcurl version it uses.
3494
3495 The first line includes the full version of curl, libcurl and
3496 other 3rd party libraries linked with the executable.
3497
3498 The second line (starts with "Protocols:") shows all protocols
3499 that libcurl reports to support.
3500
3501 The third line (starts with "Features:") shows specific features
3502 libcurl reports to offer. Available features include:
3503
3504 alt-svc
3505 Support for the Alt-Svc: header is provided.
3506
3507 AsynchDNS
3508 This curl uses asynchronous name resolves. Asynchronous
3509 name resolves can be done using either the c-ares or the
3510 threaded resolver backends.
3511
3512 brotli Support for automatic brotli compression over HTTP(S).
3513
3514 CharConv
3515 curl was built with support for character set conversions
3516 (like EBCDIC)
3517
3518 Debug This curl uses a libcurl built with Debug. This enables
3519 more error-tracking and memory debugging etc. For curl-
3520 developers only!
3521
3522 gsasl The built-in SASL authentication includes extensions to
3523 support SCRAM because libcurl was built with libgsasl.
3524
3525 GSS-API
3526 GSS-API is supported.
3527
3528 HSTS HSTS support is present.
3529
3530 HTTP2 HTTP/2 support has been built-in.
3531
3532 HTTP3 HTTP/3 support has been built-in.
3533
3534 HTTPS-proxy
3535 This curl is built to support HTTPS proxy.
3536
3537 IDN This curl supports IDN - international domain names.
3538
3539 IPv6 You can use IPv6 with this.
3540
3541 Kerberos
3542 Kerberos V5 authentication is supported.
3543
3544 Largefile
3545 This curl supports transfers of large files, files larger
3546 than 2GB.
3547
3548 libz Automatic decompression (via gzip, deflate) of compressed
3549 files over HTTP is supported.
3550
3551 Metalink
3552 This curl supports Metalink.
3553
3554 MultiSSL
3555 This curl supports multiple TLS backends.
3556
3557 NTLM NTLM authentication is supported.
3558
3559 NTLM_WB
3560 NTLM delegation to winbind helper is supported.
3561
3562 PSL PSL is short for Public Suffix List and means that this
3563 curl has been built with knowledge about "public suf‐
3564 fixes".
3565
3566 SPNEGO SPNEGO authentication is supported.
3567
3568 SSL SSL versions of various protocols are supported, such as
3569 HTTPS, FTPS, POP3S and so on.
3570
3571 SSPI SSPI is supported.
3572
3573 TLS-SRP
3574 SRP (Secure Remote Password) authentication is supported
3575 for TLS.
3576
3577 TrackMemory
3578 Debug memory tracking is supported.
3579
3580 Unicode
3581 Unicode support on Windows.
3582
3583 UnixSockets
3584 Unix sockets support is provided.
3585
3586 zstd Automatic decompression (via zstd) of compressed files
3587 over HTTP is supported.
3588
3589 -w, --write-out <format>
3590 Make curl display information on stdout after a completed trans‐
3591 fer. The format is a string that may contain plain text mixed
3592 with any number of variables. The format can be specified as a
3593 literal "string", or you can have curl read the format from a
3594 file with "@filename" and to tell curl to read the format from
3595 stdin you write "@-".
3596
3597 The variables present in the output format will be substituted
3598 by the value or text that curl thinks fit, as described below.
3599 All variables are specified as %{variable_name} and to output a
3600 normal % you just write them as %%. You can output a newline by
3601 using \n, a carriage return with \r and a tab space with \t.
3602
3603 The output will be written to standard output, but this can be
3604 switched to standard error by using %{stderr}.
3605
3606 NOTE: The %-symbol is a special symbol in the win32-environment,
3607 where all occurrences of % must be doubled when using this op‐
3608 tion.
3609
3610 The variables available are:
3611
3612 content_type The Content-Type of the requested document, if
3613 there was any.
3614
3615 errormsg The error message. (Added in 7.75.0)
3616
3617 exitcode The numerical exitcode of the transfer. (Added in
3618 7.75.0)
3619
3620 filename_effective
3621 The ultimate filename that curl writes out to.
3622 This is only meaningful if curl is told to write
3623 to a file with the -O, --remote-name or -o,
3624 --output option. It's most useful in combination
3625 with the -J, --remote-header-name option. (Added
3626 in 7.26.0)
3627
3628 ftp_entry_path The initial path curl ended up in when logging on
3629 to the remote FTP server. (Added in 7.15.4)
3630
3631 http_code The numerical response code that was found in the
3632 last retrieved HTTP(S) or FTP(s) transfer. In
3633 7.18.2 the alias response_code was added to show
3634 the same info.
3635
3636 http_connect The numerical code that was found in the last re‐
3637 sponse (from a proxy) to a curl CONNECT request.
3638 (Added in 7.12.4)
3639
3640 http_version The http version that was effectively used.
3641 (Added in 7.50.0)
3642
3643 json A JSON object with all available keys.
3644
3645 local_ip The IP address of the local end of the most re‐
3646 cently done connection - can be either IPv4 or
3647 IPv6 (Added in 7.29.0)
3648
3649 local_port The local port number of the most recently done
3650 connection (Added in 7.29.0)
3651
3652 method The http method used in the most recent HTTP re‐
3653 quest (Added in 7.72.0)
3654
3655 num_connects Number of new connects made in the recent trans‐
3656 fer. (Added in 7.12.3)
3657
3658 num_headers The number of response headers in the most recent
3659 request (restarted at each
3660 redirect). Note that the status line IS NOT a
3661 header. (Added in 7.73.0)
3662
3663 num_redirects Number of redirects that were followed in the re‐
3664 quest. (Added in 7.12.3)
3665
3666 onerror The rest of the output is only shown if the
3667 transfer returned a non-zero error (Added in
3668 7.75.0)
3669
3670 proxy_ssl_verify_result
3671 The result of the HTTPS proxy's SSL peer certifi‐
3672 cate verification that was requested. 0 means the
3673 verification was successful. (Added in 7.52.0)
3674
3675 redirect_url When an HTTP request was made without -L, --loca‐
3676 tion to follow redirects (or when --max-redir is
3677 met), this variable will show the actual URL a
3678 redirect would have gone to. (Added in 7.18.2)
3679
3680 referer The Referer: header, if there was any. (Added in
3681 7.76.0)
3682
3683 remote_ip The remote IP address of the most recently done
3684 connection - can be either IPv4 or IPv6 (Added in
3685 7.29.0)
3686
3687 remote_port The remote port number of the most recently done
3688 connection (Added in 7.29.0)
3689
3690 response_code The numerical response code that was found in the
3691 last transfer (formerly known as "http_code").
3692 (Added in 7.18.2)
3693
3694 scheme The URL scheme (sometimes called protocol) that
3695 was effectively used (Added in 7.52.0)
3696
3697 size_download The total amount of bytes that were downloaded.
3698
3699 size_header The total amount of bytes of the downloaded head‐
3700 ers.
3701
3702 size_request The total amount of bytes that were sent in the
3703 HTTP request.
3704
3705 size_upload The total amount of bytes that were uploaded.
3706
3707 speed_download The average download speed that curl measured for
3708 the complete download. Bytes per second.
3709
3710 speed_upload The average upload speed that curl measured for
3711 the complete upload. Bytes per second.
3712
3713 ssl_verify_result
3714 The result of the SSL peer certificate verifica‐
3715 tion that was requested. 0 means the verification
3716 was successful. (Added in 7.19.0)
3717
3718 stderr From this point on, the -w, --write-out output
3719 will be written to standard error. (Added in
3720 7.63.0)
3721
3722 stdout From this point on, the -w, --write-out output
3723 will be written to standard output. This is the
3724 default, but can be used to switch back after
3725 switching to stderr. (Added in 7.63.0)
3726
3727 time_appconnect
3728 The time, in seconds, it took from the start un‐
3729 til the SSL/SSH/etc connect/handshake to the re‐
3730 mote host was completed. (Added in 7.19.0)
3731
3732 time_connect The time, in seconds, it took from the start un‐
3733 til the TCP connect to the remote host (or proxy)
3734 was completed.
3735
3736 time_namelookup
3737 The time, in seconds, it took from the start un‐
3738 til the name resolving was completed.
3739
3740 time_pretransfer
3741 The time, in seconds, it took from the start un‐
3742 til the file transfer was just about to begin.
3743 This includes all pre-transfer commands and nego‐
3744 tiations that are specific to the particular pro‐
3745 tocol(s) involved.
3746
3747 time_redirect The time, in seconds, it took for all redirection
3748 steps including name lookup, connect, pretransfer
3749 and transfer before the final transaction was
3750 started. time_redirect shows the complete execu‐
3751 tion time for multiple redirections. (Added in
3752 7.12.3)
3753
3754 time_starttransfer
3755 The time, in seconds, it took from the start un‐
3756 til the first byte was just about to be trans‐
3757 ferred. This includes time_pretransfer and also
3758 the time the server needed to calculate the re‐
3759 sult.
3760
3761 time_total The total time, in seconds, that the full opera‐
3762 tion lasted.
3763
3764 url The URL that was fetched. (Added in 7.75.0)
3765
3766 urlnum The URL index number of this transfer, 0-indexed.
3767 (Added in 7.75.0)
3768
3769 url_effective The URL that was fetched last. This is most mean‐
3770 ingful if you've told curl to follow location:
3771 headers.
3772
3773 If this option is used several times, the last one will be used.
3774
3775 --xattr
3776 When saving output to a file, this option tells curl to store
3777 certain file metadata in extended file attributes. Currently,
3778 the URL is stored in the xdg.origin.url attribute and, for HTTP,
3779 the content type is stored in the mime_type attribute. If the
3780 file system does not support extended attributes, a warning is
3781 issued.
3782
3784 ~/.curlrc
3785 Default config file, see -K, --config for details.
3786
3788 The environment variables can be specified in lower case or upper case.
3789 The lower case version has precedence. http_proxy is an exception as it
3790 is only available in lower case.
3791
3792 Using an environment variable to set the proxy has the same effect as
3793 using the -x, --proxy option.
3794
3795
3796 http_proxy [protocol://]<host>[:port]
3797 Sets the proxy server to use for HTTP.
3798
3799 HTTPS_PROXY [protocol://]<host>[:port]
3800 Sets the proxy server to use for HTTPS.
3801
3802 [url-protocol]_PROXY [protocol://]<host>[:port]
3803 Sets the proxy server to use for [url-protocol], where the pro‐
3804 tocol is a protocol that curl supports and as specified in a
3805 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
3806
3807 ALL_PROXY [protocol://]<host>[:port]
3808 Sets the proxy server to use if no protocol-specific proxy is
3809 set.
3810
3811 NO_PROXY <comma-separated list of hosts/domains>
3812 list of host names that shouldn't go through any proxy. If set
3813 to an asterisk '*' only, it matches all hosts. Each name in this
3814 list is matched as either a domain name which contains the host‐
3815 name, or the hostname itself.
3816
3817 This environment variable disables use of the proxy even when
3818 specified with the -x, --proxy option. That is NO_PROXY=di‐
3819 rect.example.com curl -x http://proxy.example.com http://di‐
3820 rect.example.com accesses the target URL directly, and
3821 NO_PROXY=direct.example.com curl -x http://proxy.example.com
3822 http://somewhere.example.com accesses the target URL through the
3823 proxy.
3824
3825 The list of host names can also be include numerical IP ad‐
3826 dresses, and IPv6 versions should then be given without enclos‐
3827 ing brackets.
3828
3829 IPv6 numerical addresses are compared as strings, so they will
3830 only match if the representations are the same: "::1" is the
3831 same as "::0:1" but they don't match.
3832
3833 CURL_SSL_BACKEND <TLS backend>
3834 If curl was built with support for "MultiSSL", meaning that it
3835 has built-in support for more than one TLS backend, this envi‐
3836 ronment variable can be set to the case insensitive name of the
3837 particular backend to use when curl is invoked. Setting a name
3838 that isn't a built-in alternative will make curl stay with the
3839 default.
3840
3841 SSL backend names (case-insensitive): bearssl, gnutls, gskit,
3842 mbedtls, mesalink, nss, openssl, rustls, schannel, secure-trans‐
3843 port, wolfssl
3844
3845 QLOGDIR <directory name>
3846 If curl was built with HTTP/3 support, setting this environment
3847 variable to a local directory will make curl produce qlogs in
3848 that directory, using file names named after the destination
3849 connection id (in hex). Do note that these files can become
3850 rather large. Works with both QUIC backends.
3851
3852 SSLKEYLOGFILE <file name>
3853 If you set this environment variable to a file name, curl will
3854 store TLS secrets from its connections in that file when invoked
3855 to enable you to analyze the TLS traffic in real time using net‐
3856 work analyzing tools such as Wireshark. This works with the fol‐
3857 lowing TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS, NSS
3858 and wolfSSL.
3859
3861 Since curl version 7.21.7, the proxy string may be specified with a
3862 protocol:// prefix to specify alternative proxy protocols.
3863
3864 If no protocol is specified in the proxy string or if the string
3865 doesn't match a supported one, the proxy will be treated as an HTTP
3866 proxy.
3867
3868 The supported proxy protocol prefixes are as follows:
3869
3870 http://
3871 Makes it use it as an HTTP proxy. The default if no scheme pre‐
3872 fix is used.
3873
3874 https://
3875 Makes it treated as an HTTPS proxy.
3876
3877 socks4://
3878 Makes it the equivalent of --socks4
3879
3880 socks4a://
3881 Makes it the equivalent of --socks4a
3882
3883 socks5://
3884 Makes it the equivalent of --socks5
3885
3886 socks5h://
3887 Makes it the equivalent of --socks5-hostname
3888
3890 There are a bunch of different error codes and their corresponding er‐
3891 ror messages that may appear during bad conditions. At the time of this
3892 writing, the exit codes are:
3893
3894 1 Unsupported protocol. This build of curl has no support for this
3895 protocol.
3896
3897 2 Failed to initialize.
3898
3899 3 URL malformed. The syntax was not correct.
3900
3901 4 A feature or option that was needed to perform the desired re‐
3902 quest was not enabled or was explicitly disabled at build-time.
3903 To make curl able to do this, you probably need another build of
3904 libcurl!
3905
3906 5 Couldn't resolve proxy. The given proxy host could not be re‐
3907 solved.
3908
3909 6 Couldn't resolve host. The given remote host was not resolved.
3910
3911 7 Failed to connect to host.
3912
3913 8 Weird server reply. The server sent data curl couldn't parse.
3914
3915 9 FTP access denied. The server denied login or denied access to
3916 the particular resource or directory you wanted to reach. Most
3917 often you tried to change to a directory that doesn't exist on
3918 the server.
3919
3920 10 FTP accept failed. While waiting for the server to connect back
3921 when an active FTP session is used, an error code was sent over
3922 the control connection or similar.
3923
3924 11 FTP weird PASS reply. Curl couldn't parse the reply sent to the
3925 PASS request.
3926
3927 12 During an active FTP session while waiting for the server to
3928 connect back to curl, the timeout expired.
3929
3930 13 FTP weird PASV reply, Curl couldn't parse the reply sent to the
3931 PASV request.
3932
3933 14 FTP weird 227 format. Curl couldn't parse the 227-line the
3934 server sent.
3935
3936 15 FTP can't get host. Couldn't resolve the host IP we got in the
3937 227-line.
3938
3939 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
3940 This is somewhat generic and can be one out of several problems,
3941 see the error message for details.
3942
3943 17 FTP couldn't set binary. Couldn't change transfer method to bi‐
3944 nary.
3945
3946 18 Partial file. Only a part of the file was transferred.
3947
3948 19 FTP couldn't download/access the given file, the RETR (or simi‐
3949 lar) command failed.
3950
3951 21 FTP quote error. A quote command returned error from the server.
3952
3953 22 HTTP page not retrieved. The requested url was not found or re‐
3954 turned another error with the HTTP error code being 400 or
3955 above. This return code only appears if -f, --fail is used.
3956
3957 23 Write error. Curl couldn't write data to a local filesystem or
3958 similar.
3959
3960 25 FTP couldn't STOR file. The server denied the STOR operation,
3961 used for FTP uploading.
3962
3963 26 Read error. Various reading problems.
3964
3965 27 Out of memory. A memory allocation request failed.
3966
3967 28 Operation timeout. The specified time-out period was reached ac‐
3968 cording to the conditions.
3969
3970 30 FTP PORT failed. The PORT command failed. Not all FTP servers
3971 support the PORT command, try doing a transfer using PASV in‐
3972 stead!
3973
3974 31 FTP couldn't use REST. The REST command failed. This command is
3975 used for resumed FTP transfers.
3976
3977 33 HTTP range error. The range "command" didn't work.
3978
3979 34 HTTP post error. Internal post-request generation error.
3980
3981 35 SSL connect error. The SSL handshaking failed.
3982
3983 36 Bad download resume. Couldn't continue an earlier aborted down‐
3984 load.
3985
3986 37 FILE couldn't read file. Failed to open the file. Permissions?
3987
3988 38 LDAP cannot bind. LDAP bind operation failed.
3989
3990 39 LDAP search failed.
3991
3992 41 Function not found. A required LDAP function was not found.
3993
3994 42 Aborted by callback. An application told curl to abort the oper‐
3995 ation.
3996
3997 43 Internal error. A function was called with a bad parameter.
3998
3999 45 Interface error. A specified outgoing interface could not be
4000 used.
4001
4002 47 Too many redirects. When following redirects, curl hit the maxi‐
4003 mum amount.
4004
4005 48 Unknown option specified to libcurl. This indicates that you
4006 passed a weird option to curl that was passed on to libcurl and
4007 rejected. Read up in the manual!
4008
4009 49 Malformed telnet option.
4010
4011 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
4012
4013 52 The server didn't reply anything, which here is considered an
4014 error.
4015
4016 53 SSL crypto engine not found.
4017
4018 54 Cannot set SSL crypto engine as default.
4019
4020 55 Failed sending network data.
4021
4022 56 Failure in receiving network data.
4023
4024 58 Problem with the local certificate.
4025
4026 59 Couldn't use specified SSL cipher.
4027
4028 60 Peer certificate cannot be authenticated with known CA certifi‐
4029 cates.
4030
4031 61 Unrecognized transfer encoding.
4032
4033 62 Invalid LDAP URL.
4034
4035 63 Maximum file size exceeded.
4036
4037 64 Requested FTP SSL level failed.
4038
4039 65 Sending the data requires a rewind that failed.
4040
4041 66 Failed to initialise SSL Engine.
4042
4043 67 The user name, password, or similar was not accepted and curl
4044 failed to log in.
4045
4046 68 File not found on TFTP server.
4047
4048 69 Permission problem on TFTP server.
4049
4050 70 Out of disk space on TFTP server.
4051
4052 71 Illegal TFTP operation.
4053
4054 72 Unknown TFTP transfer ID.
4055
4056 73 File already exists (TFTP).
4057
4058 74 No such user (TFTP).
4059
4060 75 Character conversion failed.
4061
4062 76 Character conversion functions required.
4063
4064 77 Problem with reading the SSL CA cert (path? access rights?).
4065
4066 78 The resource referenced in the URL does not exist.
4067
4068 79 An unspecified error occurred during the SSH session.
4069
4070 80 Failed to shut down the SSL connection.
4071
4072 82 Could not load CRL file, missing or wrong format (added in
4073 7.19.0).
4074
4075 83 Issuer check failed (added in 7.19.0).
4076
4077 84 The FTP PRET command failed
4078
4079 85 RTSP: mismatch of CSeq numbers
4080
4081 86 RTSP: mismatch of Session Identifiers
4082
4083 87 unable to parse FTP file list
4084
4085 88 FTP chunk callback reported error
4086
4087 89 No connection available, the session will be queued
4088
4089 90 SSL public key does not matched pinned public key
4090
4091 91 Invalid SSL certificate status.
4092
4093 92 Stream error in HTTP/2 framing layer.
4094
4095 93 An API function was called from inside a callback.
4096
4097 94 An authentication function returned an error.
4098
4099 95 A problem was detected in the HTTP/3 layer. This is somewhat
4100 generic and can be one out of several problems, see the error
4101 message for details.
4102
4103 96 QUIC connection error. This error may be caused by an SSL li‐
4104 brary error. QUIC is the protocol used for HTTP/3 transfers.
4105
4106 XX More error codes will appear here in future releases. The exist‐
4107 ing ones are meant to never change.
4108
4110 Daniel Stenberg is the main author, but the whole list of contributors
4111 is found in the separate THANKS file.
4112
4114 https://curl.se
4115
4117 ftp(1), wget(1)
4118
4119
4120
4121Curl 7.76.1 November 16, 2016 curl(1)