1curl(1) curl Manual curl(1)
2
6 curl - transfer a URL
7
9 curl [options / URLs]
10
12 curl is a tool for transferring data from or to a server. It supports
13 these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS,
14 IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP,
15 SFTP, SMB, SMBS, SMTP, SMTPS, TELNET or TFTP. The command is designed
16 to work without user interaction.
17 curl offers a busload of useful tricks like proxy support, user authen‐
19 tication, FTP upload, HTTP post, SSL connections, cookies, file trans‐
20 fer resume and more. As you will see below, the number of features will
21 make your head spin.
22 curl is powered by libcurl for all transfer-related features. See
24 libcurl(3) for details.
25
27 The URL syntax is protocol-dependent. You find a detailed description
28 in RFC 3986.
29 You can specify multiple URLs or parts of URLs by writing part sets
31 within braces and quoting the URL as in:
32 "http://site.{one,two,three}.com"
34 or you can get sequences of alphanumeric series by using [] as in:
36 "ftp://ftp.example.com/file[1-100].txt"
38 "ftp://ftp.example.com/file[001-100].txt" (with leading zeros)
40 "ftp://ftp.example.com/file[a-z].txt"
42 Nested sequences are not supported, but you can use several ones next
44 to each other:
45 "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html"
47 You can specify any amount of URLs on the command line. They will be
49 fetched in a sequential manner in the specified order. You can specify
50 command line options and URLs mixed and in any order on the command
51 line.
52 You can specify a step counter for the ranges to get every Nth number
54 or letter:
55 "http://example.com/file[1-100:10].txt"
57 "http://example.com/file[a-z:2].txt"
59 When using [] or {} sequences when invoked from a command line prompt,
61 you probably have to put the full URL within double quotes to avoid the
62 shell from interfering with it. This also goes for other characters
63 treated special, like for example '&', '?' and '*'.
64 Provide the IPv6 zone index in the URL with an escaped percentage sign
66 and the interface name. Like in
67 "http://[fe80::3%25eth0]/"
69 If you specify URL without protocol:// prefix, curl will attempt to
71 guess what protocol you might want. It will then default to HTTP but
72 try other protocols based on often-used host name prefixes. For exam‐
73 ple, for host names starting with "ftp." curl will assume you want to
74 speak FTP.
75 curl will do its best to use what you pass to it as a URL. It is not
77 trying to validate it as a syntactically correct URL by any means but
78 is fairly liberal with what it accepts.
79 curl will attempt to re-use connections for multiple file transfers, so
81 that getting many files from the same server will not do multiple con‐
82 nects / handshakes. This improves speed. Of course this is only done on
83 files specified on a single command line and cannot be used between
84 separate curl invocations.
85
87 If not told otherwise, curl writes the received data to stdout. It can
88 be instructed to instead save that data into a local file, using the
89 --output or --remote-name options. If curl is given multiple URLs to
90 transfer on the command line, it similarly needs multiple options for
91 where to save them.
92 curl does not parse or otherwise "understand" the content it gets or
94 writes as output. It does no encoding or decoding, unless explicitly
95 asked to with dedicated command line options.
96
98 curl supports numerous protocols, or put in URL terms: schemes. Your
99 particular build may not support them all.
100 DICT Lets you lookup words using online dictionaries.
102 FILE Read or write local files. curl does not support accessing
104 file:// URL remotely, but when running on Microsoft Windows us‐
105 ing the native UNC approach will work.
106 FTP(S) curl supports the File Transfer Protocol with a lot of tweaks
108 and levers. With or without using TLS.
109 GOPHER(S)
111 Retrieve files.
112 HTTP(S)
114 curl supports HTTP with numerous options and variations. It can
115 speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op‐
116 tions and the correct command line options.
117 IMAP(S)
119 Using the mail reading protocol, curl can "download" emails for
120 you. With or without using TLS.
121 LDAP(S)
123 curl can do directory lookups for you, with or without TLS.
124 MQTT curl supports MQTT version 3. Downloading over MQTT equals "sub‐
126 scribe" to a topic while uploading/posting equals "publish" on a
127 topic. MQTT over TLS is not supported (yet).
128 POP3(S)
130 Downloading from a pop3 server means getting a mail. With or
131 without using TLS.
132 RTMP(S)
134 The Realtime Messaging Protocol is primarily used to server
135 streaming media and curl can download it.
136 RTSP curl supports RTSP 1.0 downloads.
138 SCP curl supports SSH version 2 scp transfers.
140 SFTP curl supports SFTP (draft 5) done over SSH version 2.
142 SMB(S) curl supports SMB version 1 for upload and download.
144 SMTP(S)
146 Uploading contents to an SMTP server means sending an email.
147 With or without TLS.
148 TELNET Telling curl to fetch a telnet URL starts an interactive session
150 where it sends what it reads on stdin and outputs what the
151 server sends it.
152 TFTP curl can do TFTP downloads and uploads.
154
156 curl normally displays a progress meter during operations, indicating
157 the amount of transferred data, transfer speeds and estimated time
158 left, etc. The progress meter displays number of bytes and the speeds
159 are in bytes per second. The suffixes (k, M, G, T, P) are 1024 based.
160 For example 1k is 1024 bytes. 1M is 1048576 bytes.
161 curl displays this data to the terminal by default, so if you invoke
163 curl to do an operation and it is about to write data to the terminal,
164 it disables the progress meter as otherwise it would mess up the output
165 mixing progress meter and response data.
166 If you want a progress meter for HTTP POST or PUT requests, you need to
168 redirect the response output to a file, using shell redirect (>),
169 --output or similar.
170 This does not apply to FTP upload as that operation does not spit out
172 any response data to the terminal.
173 If you prefer a progress "bar" instead of the regular meter,
175 --progress-bar is your friend. You can also disable the progress meter
176 completely with the --silent option.
177
179 Options start with one or two dashes. Many of the options require an
180 additional value next to them.
181 The short "single-dash" form of the options, -d for example, may be
183 used with or without a space between it and its value, although a space
184 is a recommended separator. The long "double-dash" form, --data for ex‐
185 ample, requires a space between it and its value.
186 Short version options that do not need any additional values can be
188 used immediately next to each other, like for example you can specify
189 all the options -O, -L and -v at once as -OLv.
190 In general, all boolean options are enabled with --option and yet again
192 disabled with --no-option. That is, you use the same option name but
193 prefix it with "no-". However, in this list we mostly only list and
194 show the --option version of them.
195 --abstract-unix-socket <path>
197 (HTTP) Connect through an abstract Unix domain socket, instead
198 of using the network. Note: netstat shows the path of an ab‐
199 stract socket prefixed with '@', however the <path> argument
200 should not have this leading character.
201 Example:
203 curl --abstract-unix-socket socketpath https://example.com
204 See also --unix-socket. Added in 7.53.0.
206 --alt-svc <file name>
208 (HTTPS) This option enables the alt-svc parser in curl. If the
209 file name points to an existing alt-svc cache file, that will be
210 used. After a completed transfer, the cache will be saved to the
211 file name again if it has been modified.
212 Specify a "" file name (zero length) to avoid loading/saving and
214 make curl just handle the cache in memory.
215 If this option is used several times, curl will load contents
217 from all the files but the last one will be used for saving.
218 Example:
220 curl --alt-svc svc.txt https://example.com
221 See also --resolve and --connect-to. Added in 7.64.1.
223 --anyauth
225 (HTTP) Tells curl to figure out authentication method by itself,
226 and use the most secure one the remote site claims to support.
227 This is done by first doing a request and checking the response-
228 headers, thus possibly inducing an extra network round-trip.
229 This is used instead of setting a specific authentication
230 method, which you can do with --basic, --digest, --ntlm, and
231 --negotiate.
232 Using --anyauth is not recommended if you do uploads from stdin,
234 since it may require data to be sent twice and then the client
235 must be able to rewind. If the need should arise when uploading
236 from stdin, the upload operation will fail.
237 Used together with -u, --user.
239 Example:
241 curl --anyauth --user me:pwd https://example.com
242 See also --proxy-anyauth, --basic and --digest.
244 -a, --append
246 (FTP SFTP) When used in an upload, this makes curl append to the
247 target file instead of overwriting it. If the remote file does
248 not exist, it will be created. Note that this flag is ignored by
249 some SFTP servers (including OpenSSH).
250 Example:
252 curl --upload-file local --append ftp://example.com/
253 See also -r, --range and -C, --continue-at.
255 --aws-sigv4 <provider1[:provider2[:region[:service]]]>
257 Use AWS V4 signature authentication in the transfer.
258 The provider argument is a string that is used by the algorithm
260 when creating outgoing authentication headers.
261 The region argument is a string that points to a geographic area
263 of a resources collection (region-code) when the region name is
264 omitted from the endpoint.
265 The service argument is a string that points to a function pro‐
267 vided by a cloud (service-code) when the service name is omitted
268 from the endpoint.
269 Example:
271 curl --aws-sigv4 "aws:amz:east-2:es" --user "key:secret" https://example.com
272 See also --basic and -u, --user. Added in 7.75.0.
274 --basic
276 (HTTP) Tells curl to use HTTP Basic authentication with the re‐
277 mote host. This is the default and this option is usually point‐
278 less, unless you use it to override a previously set option that
279 sets a different authentication method (such as --ntlm, --di‐
280 gest, or --negotiate).
281 Used together with -u, --user.
283 Example:
285 curl -u name:password --basic https://example.com
286 See also --proxy-basic.
288 --cacert <file>
290 (TLS) Tells curl to use the specified certificate file to verify
291 the peer. The file may contain multiple CA certificates. The
292 certificate(s) must be in PEM format. Normally curl is built to
293 use a default file for this, so this option is typically used to
294 alter that default file.
295 curl recognizes the environment variable named 'CURL_CA_BUNDLE'
297 if it is set, and uses the given path as a path to a CA cert
298 bundle. This option overrides that variable.
299 The windows version of curl will automatically look for a CA
301 certs file named 'curl-ca-bundle.crt', either in the same direc‐
302 tory as curl.exe, or in the Current Working Directory, or in any
303 folder along your PATH.
304 If curl is built against the NSS SSL library, the NSS PEM
306 PKCS#11 module (libnsspem.so) needs to be available for this op‐
307 tion to work properly.
308 (iOS and macOS only) If curl is built against Secure Transport,
310 then this option is supported for backward compatibility with
311 other SSL engines, but it should not be set. If the option is
312 not set, then curl will use the certificates in the system and
313 user Keychain to verify the peer, which is the preferred method
314 of verifying the peer's certificate chain.
315 (Schannel only) This option is supported for Schannel in Windows
317 7 or later with libcurl 7.60 or later. This option is supported
318 for backward compatibility with other SSL engines; instead it is
319 recommended to use Windows' store of root certificates (the de‐
320 fault for Schannel).
321 If this option is used several times, the last one will be used.
323 Example:
325 curl --cacert CA-file.txt https://example.com
326 See also --capath and -k, --insecure.
328 --capath <dir>
330 (TLS) Tells curl to use the specified certificate directory to
331 verify the peer. Multiple paths can be provided by separating
332 them with ":" (e.g. "path1:path2:path3"). The certificates must
333 be in PEM format, and if curl is built against OpenSSL, the di‐
334 rectory must have been processed using the c_rehash utility sup‐
335 plied with OpenSSL. Using --capath can allow OpenSSL-powered
336 curl to make SSL-connections much more efficiently than using
337 --cacert if the --cacert file contains many CA certificates.
338 If this option is set, the default capath value will be ignored,
340 and if it is used several times, the last one will be used.
341 Example:
343 curl --capath /local/directory https://example.com
344 See also --cacert and -k, --insecure.
346 --cert-status
348 (TLS) Tells curl to verify the status of the server certificate
349 by using the Certificate Status Request (aka. OCSP stapling) TLS
350 extension.
351 If this option is enabled and the server sends an invalid (e.g.
353 expired) response, if the response suggests that the server cer‐
354 tificate has been revoked, or no response at all is received,
355 the verification fails.
356 This is currently only implemented in the OpenSSL, GnuTLS and
358 NSS backends.
359 Example:
361 curl --cert-status https://example.com
362 See also --pinnedpubkey. Added in 7.41.0.
364 --cert-type <type>
366 (TLS) Tells curl what type the provided client certificate is
367 using. PEM, DER, ENG and P12 are recognized types. If not speci‐
368 fied, PEM is assumed.
369 If this option is used several times, the last one will be used.
371 Example:
373 curl --cert-type PEM --cert file https://example.com
374 See also -E, --cert, --key and --key-type.
376 -E, --cert <certificate[:password]>
378 (TLS) Tells curl to use the specified client certificate file
379 when getting a file with HTTPS, FTPS or another SSL-based proto‐
380 col. The certificate must be in PKCS#12 format if using Secure
381 Transport, or PEM format if using any other engine. If the op‐
382 tional password is not specified, it will be queried for on the
383 terminal. Note that this option assumes a "certificate" file
384 that is the private key and the client certificate concatenated!
385 See --cert and --key to specify them independently.
386 If curl is built against the NSS SSL library then this option
388 can tell curl the nickname of the certificate to use within the
389 NSS database defined by the environment variable SSL_DIR (or by
390 default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib‐
391 nsspem.so) is available then PEM files may be loaded. If you
392 want to use a file from the current directory, please precede it
393 with "./" prefix, in order to avoid confusion with a nickname.
394 If the nickname contains ":", it needs to be preceded by "\" so
395 that it is not recognized as password delimiter. If the nickname
396 contains "\", it needs to be escaped as "\\" so that it is not
397 recognized as an escape character.
398 If curl is built against OpenSSL library, and the engine pkcs11
400 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
401 ify a certificate located in a PKCS#11 device. A string begin‐
402 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
403 PKCS#11 URI is provided, then the --engine option will be set as
404 "pkcs11" if none was provided and the --cert-type option will be
405 set as "ENG" if none was provided.
406 (iOS and macOS only) If curl is built against Secure Transport,
408 then the certificate string can either be the name of a certifi‐
409 cate/private key in the system or user keychain, or the path to
410 a PKCS#12-encoded certificate and private key. If you want to
411 use a file from the current directory, please precede it with
412 "./" prefix, in order to avoid confusion with a nickname.
413 (Schannel only) Client certificates must be specified by a path
415 expression to a certificate store. (Loading PFX is not sup‐
416 ported; you can import it to a store first). You can use "<store
417 location>\<store name>\<thumbprint>" to refer to a certificate
418 in the system certificates store, for example, "Curren‐
419 tUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint
420 is usually a SHA-1 hex string which you can see in certificate
421 details. Following store locations are supported: CurrentUser,
422 LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,
423 LocalMachineGroupPolicy, LocalMachineEnterprise.
424 If this option is used several times, the last one will be used.
426 Example:
428 curl --cert certfile --key keyfile https://example.com
429 See also --cert-type, --key and --key-type.
431 --ciphers <list of ciphers>
433 (TLS) Specifies which ciphers to use in the connection. The list
434 of ciphers must specify valid ciphers. Read up on SSL cipher
435 list details on this URL:
436 https://curl.se/docs/ssl-ciphers.html
438 If this option is used several times, the last one will be used.
440 Example:
442 curl --ciphers ECDHE-ECDSA-AES256-CCM8 https://example.com
443 See also --tlsv1.3.
445 --compressed-ssh
447 (SCP SFTP) Enables built-in SSH compression. This is a request,
448 not an order; the server may or may not do it.
449 Example:
451 curl --compressed-ssh sftp://example.com/
452 See also --compressed. Added in 7.56.0.
454 --compressed
456 (HTTP) Request a compressed response using one of the algorithms
457 curl supports, and automatically decompress the content. Headers
458 are not modified.
459 If this option is used and the server sends an unsupported en‐
461 coding, curl will report an error. This is a request, not an or‐
462 der; the server may or may not deliver data compressed.
463 Example:
465 curl --compressed https://example.com
466 See also --compressed-ssh.
468 -K, --config <file>
470 Specify a text file to read curl arguments from. The command
471 line arguments found in the text file will be used as if they
472 were provided on the command line.
473 Options and their parameters must be specified on the same line
475 in the file, separated by whitespace, colon, or the equals sign.
476 Long option names can optionally be given in the config file
477 without the initial double dashes and if so, the colon or equals
478 characters can be used as separators. If the option is specified
479 with one or two dashes, there can be no colon or equals charac‐
480 ter between the option and its parameter.
481 If the parameter contains whitespace (or starts with : or =),
483 the parameter must be enclosed within quotes. Within double
484 quotes, the following escape sequences are available: \\, \",
485 \t, \n, \r and \v. A backslash preceding any other letter is ig‐
486 nored.
487 If the first column of a config line is a '#' character, the
489 rest of the line will be treated as a comment.
490 Only write one option per physical line in the config file.
492 Specify the filename to --config as '-' to make curl read the
494 file from stdin.
495 Note that to be able to specify a URL in the config file, you
497 need to specify it using the --url option, and not by simply
498 writing the URL on its own line. So, it could look similar to
499 this:
500 url = "https://curl.se/docs/"
502 # --- Example file ---
504 # this is a comment
505 url = "example.com"
506 output = "curlhere.html"
507 user-agent = "superagent/1.0"
508 # and fetch another URL too
510 url = "example.com/docs/manpage.html"
511 -O
512 referer = "http://nowhereatall.example.com/"
513 # --- End of example file ---
514 When curl is invoked, it (unless --disable is used) checks for a
516 default config file and uses it if found, even when --config is
517 used. The default config file is checked for in the following
518 places in this order:
519 1) "$CURL_HOME/.curlrc"
521 2) "$XDG_CONFIG_HOME/.curlrc" (Added in 7.73.0)
523 3) "$HOME/.curlrc"
525 4) Windows: "%USERPROFILE%\.curlrc"
527 5) Windows: "%APPDATA%\.curlrc"
529 6) Windows: "%USERPROFILE%\Application Data\.curlrc"
531 7) Non-Windows: use getpwuid to find the home directory
533 8) On Windows, if it finds no .curlrc file in the sequence de‐
535 scribed above, it checks for one in the same dir the curl exe‐
536 cutable is placed.
537 On Windows two filenames are checked per location: .curlrc and
539 _curlrc, preferring the former. Older versions on Windows
540 checked for _curlrc only.
541 This option can be used multiple times to load multiple config
543 files.
544 Example:
546 curl --config file.txt https://example.com
547 See also -q, --disable.
549 --connect-timeout <fractional seconds>
551 Maximum time in seconds that you allow curl's connection to
552 take. This only limits the connection phase, so if curl con‐
553 nects within the given period it will continue - if not it will
554 exit. Since version 7.32.0, this option accepts decimal values.
555 If this option is used several times, the last one will be used.
557 Examples:
559 curl --connect-timeout 20 https://example.com
560 curl --connect-timeout 3.14 https://example.com
561 See also -m, --max-time.
563 --connect-to <HOST1:PORT1:HOST2:PORT2>
565 For a request to the given HOST1:PORT1 pair, connect to
567 HOST2:PORT2 instead. This option is suitable to direct requests
568 at a specific server, e.g. at a specific cluster node in a clus‐
569 ter of servers. This option is only used to establish the net‐
570 work connection. It does NOT affect the hostname/port that is
571 used for TLS/SSL (e.g. SNI, certificate verification) or for the
572 application protocols. "HOST1" and "PORT1" may be the empty
573 string, meaning "any host/port". "HOST2" and "PORT2" may also be
574 the empty string, meaning "use the request's original
575 host/port".
576 A "host" specified to this option is compared as a string, so it
578 needs to match the name used in request URL. It can be either
579 numerical such as "127.0.0.1" or the full host name such as "ex‐
580 ample.org".
581 This option can be used many times to add many connect rules.
583 Example:
585 curl --connect-to example.com:443:example.net:8443 https://example.com
586 See also --resolve and -H, --header. Added in 7.49.0.
588 -C, --continue-at <offset>
590 Continue/Resume a previous file transfer at the given offset.
591 The given offset is the exact number of bytes that will be
592 skipped, counting from the beginning of the source file before
593 it is transferred to the destination. If used with uploads, the
594 FTP server command SIZE will not be used by curl.
595 Use "-C -" to tell curl to automatically find out where/how to
597 resume the transfer. It then uses the given output/input files
598 to figure that out.
599 If this option is used several times, the last one will be used.
601 Examples:
603 curl -C - https://example.com
604 curl -C 400 https://example.com
605 See also -r, --range.
607 -c, --cookie-jar <filename>
609 (HTTP) Specify to which file you want curl to write all cookies
610 after a completed operation. Curl writes all cookies from its
611 in-memory cookie storage to the given file at the end of opera‐
612 tions. If no cookies are known, no data will be written. The
613 file will be written using the Netscape cookie file format. If
614 you set the file name to a single dash, "-", the cookies will be
615 written to stdout.
616 This command line option will activate the cookie engine that
618 makes curl record and use cookies. Another way to activate it is
619 to use the --cookie option.
620 If the cookie jar cannot be created or written to, the whole
622 curl operation will not fail or even report an error clearly.
623 Using --verbose will get a warning displayed, but that is the
624 only visible feedback you get about this possibly lethal situa‐
625 tion.
626 If this option is used several times, the last specified file
628 name will be used.
629 Examples:
631 curl -c store-here.txt https://example.com
632 curl -c store-here.txt -b read-these https://example.com
633 See also -b, --cookie.
635 -b, --cookie <data|filename>
637 (HTTP) Pass the data to the HTTP server in the Cookie header. It
638 is supposedly the data previously received from the server in a
639 "Set-Cookie:" line. The data should be in the format
640 "NAME1=VALUE1; NAME2=VALUE2".
641 If no '=' symbol is used in the argument, it is instead treated
643 as a filename to read previously stored cookie from. This option
644 also activates the cookie engine which will make curl record in‐
645 coming cookies, which may be handy if you are using this in com‐
646 bination with the --location option or do multiple URL transfers
647 on the same invoke. If the file name is exactly a minus ("-"),
648 curl will instead read the contents from stdin.
649 The file format of the file to read cookies from should be plain
651 HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie
652 file format.
653 The file specified with --cookie is only used as input. No cook‐
655 ies will be written to the file. To store cookies, use the
656 --cookie-jar option.
657 If you use the Set-Cookie file format and do not specify a do‐
659 main then the cookie is not sent since the domain will never
660 match. To address this, set a domain in Set-Cookie line (doing
661 that will include sub-domains) or preferably: use the Netscape
662 format.
663 This option can be used multiple times.
665 Users often want to both read cookies from a file and write up‐
667 dated cookies back to a file, so using both --cookie and
668 --cookie-jar in the same command line is common.
669 Examples:
671 curl -b cookiefile https://example.com
672 curl -b cookiefile -c cookiefile https://example.com
673 See also -c, --cookie-jar and -j, --junk-session-cookies.
675 --create-dirs
677 When used in conjunction with the --output option, curl will
678 create the necessary local directory hierarchy as needed. This
679 option creates the directories mentioned with the --output op‐
680 tion, nothing else. If the --output file name uses no directory,
681 or if the directories it mentions already exist, no directories
682 will be created.
683 Created dirs are made with mode 0750 on unix style file systems.
685 To create remote directories when using FTP or SFTP, try --ftp-
687 create-dirs.
688 Example:
690 curl --create-dirs --output local/dir/file https://example.com
691 See also --ftp-create-dirs and --output-dir.
693 --create-file-mode <mode>
695 (SFTP SCP FILE) When curl is used to create files remotely using
696 one of the supported protocols, this option allows the user to
697 set which 'mode' to set on the file at creation time, instead of
698 the default 0644.
699 This option takes an octal number as argument.
701 If this option is used several times, the last one will be used.
703 Example:
705 curl --create-file-mode 0777 -T localfile sftp://example.com/new
706 See also --ftp-create-dirs. Added in 7.75.0.
708 --crlf (FTP SMTP) Convert LF to CRLF in upload. Useful for MVS
710 (OS/390).
711 (SMTP added in 7.40.0)
713 Example:
715 curl --crlf -T file ftp://example.com/
716 See also -B, --use-ascii.
718 --crlfile <file>
720 (TLS) Provide a file using PEM format with a Certificate Revoca‐
721 tion List that may specify peer certificates that are to be con‐
722 sidered revoked.
723 If this option is used several times, the last one will be used.
725 Example:
727 curl --crlfile rejects.txt https://example.com
728 See also --cacert and --capath.
730 --curves <algorithm list>
732 (TLS) Tells curl to request specific curves to use during SSL
733 session establishment according to RFC 8422, 5.1. Multiple al‐
734 gorithms can be provided by separating them with ":" (e.g.
735 "X25519:P-521"). The parameter is available identically in the
736 "openssl s_client/s_server" utilities.
737 --curves allows a OpenSSL powered curl to make SSL-connections
739 with exactly the (EC) curve requested by the client, avoiding
740 nontransparent client/server negotiations.
741 If this option is set, the default curves list built into
743 openssl will be ignored.
744 Example:
746 curl --curves X25519 https://example.com
747 See also --ciphers. Added in 7.73.0.
749 --data-ascii <data>
751 (HTTP) This is just an alias for -d, --data.
752 Example:
754 curl --data-ascii @file https://example.com
755 See also --data-binary, --data-raw and --data-urlencode.
757 --data-binary <data>
759 (HTTP) This posts data exactly as specified with no extra pro‐
760 cessing whatsoever.
761 If you start the data with the letter @, the rest should be a
763 filename. Data is posted in a similar manner as --data does, ex‐
764 cept that newlines and carriage returns are preserved and con‐
765 versions are never done.
766 Like --data the default content-type sent to the server is ap‐
768 plication/x-www-form-urlencoded. If you want the data to be
769 treated as arbitrary binary data by the server then set the con‐
770 tent-type to octet-stream: -H "Content-Type: application/octet-
771 stream".
772 If this option is used several times, the ones following the
774 first will append data as described in -d, --data.
775 Example:
777 curl --data-binary @filename https://example.com
778 See also --data-ascii.
780 --data-raw <data>
782 (HTTP) This posts data similarly to --data but without the spe‐
783 cial interpretation of the @ character.
784 Examples:
786 curl --data-raw "hello" https://example.com
787 curl --data-raw "@at@at@" https://example.com
788 See also -d, --data. Added in 7.43.0.
790 --data-urlencode <data>
792 (HTTP) This posts data, similar to the other --data options with
793 the exception that this performs URL-encoding.
794 To be CGI-compliant, the <data> part should begin with a name
796 followed by a separator and a content specification. The <data>
797 part can be passed to curl using one of the following syntaxes:
798 content
800 This will make curl URL-encode the content and pass that
801 on. Just be careful so that the content does not contain
802 any = or @ symbols, as that will then make the syntax
803 match one of the other cases below!
804 =content
806 This will make curl URL-encode the content and pass that
807 on. The preceding = symbol is not included in the data.
808 name=content
810 This will make curl URL-encode the content part and pass
811 that on. Note that the name part is expected to be URL-
812 encoded already.
813 @filename
815 This will make curl load data from the given file (in‐
816 cluding any newlines), URL-encode that data and pass it
817 on in the POST.
818 name@filename
820 This will make curl load data from the given file (in‐
821 cluding any newlines), URL-encode that data and pass it
822 on in the POST. The name part gets an equal sign ap‐
823 pended, resulting in name=urlencoded-file-content. Note
824 that the name is expected to be URL-encoded already.
825 Examples:
827 curl --data-urlencode name=val https://example.com
828 curl --data-urlencode =encodethis https://example.com
829 curl --data-urlencode name@file https://example.com
830 curl --data-urlencode @fileonly https://example.com
831 See also -d, --data and --data-raw.
833 -d, --data <data>
835 (HTTP MQTT) Sends the specified data in a POST request to the
836 HTTP server, in the same way that a browser does when a user has
837 filled in an HTML form and presses the submit button. This will
838 cause curl to pass the data to the server using the content-type
839 application/x-www-form-urlencoded. Compare to -F, --form.
840 --data-raw is almost the same but does not have a special inter‐
842 pretation of the @ character. To post data purely binary, you
843 should instead use the --data-binary option. To URL-encode the
844 value of a form field you may use --data-urlencode.
845 If any of these options is used more than once on the same com‐
847 mand line, the data pieces specified will be merged with a sepa‐
848 rating &-symbol. Thus, using '-d name=daniel -d skill=lousy'
849 would generate a post chunk that looks like
850 'name=daniel&skill=lousy'.
851 If you start the data with the letter @, the rest should be a
853 file name to read the data from, or - if you want curl to read
854 the data from stdin. Posting data from a file named 'foobar'
855 would thus be done with -d, --data @foobar. When --data is told
856 to read from a file like that, carriage returns and newlines
857 will be stripped out. If you do not want the @ character to have
858 a special interpretation use --data-raw instead.
859 Examples:
861 curl -d "name=curl" https://example.com
862 curl -d "name=curl" -d "tool=cmdline" https://example.com
863 curl -d @filename https://example.com
864 See also --data-binary, --data-urlencode and --data-raw. This
866 option overrides -F, --form and -I, --head and -T, --upload-
867 file.
868 --delegation <LEVEL>
870 (GSS/kerberos) Set LEVEL to tell the server what it is allowed
871 to delegate when it comes to user credentials.
872 none Do not allow any delegation.
874 policy Delegates if and only if the OK-AS-DELEGATE flag is set
876 in the Kerberos service ticket, which is a matter of
877 realm policy.
878 always Unconditionally allow the server to delegate.
880 If this option is used several times, the last one will be used.
882 Example:
884 curl --delegation "none" https://example.com
885 See also -k, --insecure and --ssl.
887 --digest
889 (HTTP) Enables HTTP Digest authentication. This is an authenti‐
890 cation scheme that prevents the password from being sent over
891 the wire in clear text. Use this in combination with the normal
892 --user option to set user name and password.
893 If this option is used several times, only the first one is
895 used.
896 Example:
898 curl -u name:password --digest https://example.com
899 See also -u, --user, --proxy-digest and --anyauth. This option
901 overrides --basic and --ntlm and --negotiate.
902 --disable-eprt
904 (FTP) Tell curl to disable the use of the EPRT and LPRT commands
905 when doing active FTP transfers. Curl will normally always first
906 attempt to use EPRT, then LPRT before using PORT, but with this
907 option, it will use PORT right away. EPRT and LPRT are exten‐
908 sions to the original FTP protocol, and may not work on all
909 servers, but they enable more functionality in a better way than
910 the traditional PORT command.
911 --eprt can be used to explicitly enable EPRT again and --no-eprt
913 is an alias for --disable-eprt.
914 If the server is accessed using IPv6, this option will have no
916 effect as EPRT is necessary then.
917 Disabling EPRT only changes the active behavior. If you want to
919 switch to passive mode you need to not use --ftp-port or force
920 it with --ftp-pasv.
921 Example:
923 curl --disable-eprt ftp://example.com/
924 See also --disable-epsv and -P, --ftp-port.
926 --disable-epsv
928 (FTP) Tell curl to disable the use of the EPSV command when do‐
929 ing passive FTP transfers. Curl will normally always first at‐
930 tempt to use EPSV before PASV, but with this option, it will not
931 try using EPSV.
932 --epsv can be used to explicitly enable EPSV again and --no-epsv
934 is an alias for --disable-epsv.
935 If the server is an IPv6 host, this option will have no effect
937 as EPSV is necessary then.
938 Disabling EPSV only changes the passive behavior. If you want to
940 switch to active mode you need to use -P, --ftp-port.
941 Example:
943 curl --disable-epsv ftp://example.com/
944 See also --disable-eprt and -P, --ftp-port.
946 -q, --disable
948 If used as the first parameter on the command line, the curlrc
949 config file will not be read and used. See the --config for de‐
950 tails on the default config file search path.
951 Example:
953 curl -q https://example.com
954 See also -K, --config.
956 --disallow-username-in-url
958 (HTTP) This tells curl to exit if passed a url containing a
959 username. This is probably most useful when the URL is being
960 provided at run-time or similar.
961 Example:
963 curl --disallow-username-in-url https://example.com
964 See also --proto. Added in 7.61.0.
966 --dns-interface <interface>
968 (DNS) Tell curl to send outgoing DNS requests through <inter‐
969 face>. This option is a counterpart to --interface (which does
970 not affect DNS). The supplied string must be an interface name
971 (not an address).
972 Example:
974 curl --dns-interface eth0 https://example.com
975 See also --dns-ipv4-addr and --dns-ipv6-addr. --dns-interface
977 requires that the underlying libcurl was built to support c-
978 ares. Added in 7.33.0.
979 --dns-ipv4-addr <address>
981 (DNS) Tell curl to bind to <ip-address> when making IPv4 DNS re‐
982 quests, so that the DNS requests originate from this address.
983 The argument should be a single IPv4 address.
984 If this option is used several times, the last one will be used.
986 Example:
988 curl --dns-ipv4-addr 10.1.2.3 https://example.com
989 See also --dns-interface and --dns-ipv6-addr. --dns-ipv4-addr
991 requires that the underlying libcurl was built to support c-
992 ares. Added in 7.33.0.
993 --dns-ipv6-addr <address>
995 (DNS) Tell curl to bind to <ip-address> when making IPv6 DNS re‐
996 quests, so that the DNS requests originate from this address.
997 The argument should be a single IPv6 address.
998 If this option is used several times, the last one will be used.
1000 Example:
1002 curl --dns-ipv6-addr 2a04:4e42::561 https://example.com
1003 See also --dns-interface and --dns-ipv4-addr. --dns-ipv6-addr
1005 requires that the underlying libcurl was built to support c-
1006 ares. Added in 7.33.0.
1007 --dns-servers <addresses>
1009 Set the list of DNS servers to be used instead of the system de‐
1010 fault. The list of IP addresses should be separated with com‐
1011 mas. Port numbers may also optionally be given as :<port-number>
1012 after each IP address.
1013 If this option is used several times, the last one will be used.
1015 Example:
1017 curl --dns-servers 192.168.0.1,192.168.0.2 https://example.com
1018 See also --dns-interface and --dns-ipv4-addr. --dns-servers re‐
1020 quires that the underlying libcurl was built to support c-ares.
1021 Added in 7.33.0.
1022 --doh-cert-status
1024 Same as --cert-status but used for DoH (DNS-over-HTTPS).
1025 Example:
1027 curl --doh-cert-status --doh-url https://doh.example https://example.com
1028 See also --doh-insecure. Added in 7.76.0.
1030 --doh-insecure
1032 Same as --insecure but used for DoH (DNS-over-HTTPS).
1033 Example:
1035 curl --doh-insecure --doh-url https://doh.example https://example.com
1036 See also --doh-url. Added in 7.76.0.
1038 --doh-url <URL>
1040 Specifies which DNS-over-HTTPS (DoH) server to use to resolve
1041 hostnames, instead of using the default name resolver mechanism.
1042 The URL must be HTTPS.
1043 Some SSL options that you set for your transfer will apply to
1045 DoH since the name lookups take place over SSL. However, the
1046 certificate verification settings are not inherited and can be
1047 controlled separately via --doh-insecure and --doh-cert-status.
1048 If this option is used several times, the last one will be used.
1050 Example:
1052 curl --doh-url https://doh.example https://example.com
1053 See also --doh-insecure. Added in 7.62.0.
1055 -D, --dump-header <filename>
1057 (HTTP FTP) Write the received protocol headers to the specified
1058 file. If no headers are received, the use of this option will
1059 create an empty file.
1060 When used in FTP, the FTP server response lines are considered
1062 being "headers" and thus are saved there.
1063 If this option is used several times, the last one will be used.
1065 Example:
1067 curl --dump-header store.txt https://example.com
1068 See also -o, --output.
1070 --egd-file <file>
1072 (TLS) Specify the path name to the Entropy Gathering Daemon
1073 socket. The socket is used to seed the random engine for SSL
1074 connections.
1075 Example:
1077 curl --egd-file /random/here https://example.com
1078 See also --random-file.
1080 --engine <name>
1082 (TLS) Select the OpenSSL crypto engine to use for cipher opera‐
1083 tions. Use --engine list to print a list of build-time supported
1084 engines. Note that not all (and possibly none) of the engines
1085 may be available at run-time.
1086 Example:
1088 curl --engine flavor https://example.com
1089 See also --ciphers and --curves.
1091 --etag-compare <file>
1093 (HTTP) This option makes a conditional HTTP request for the spe‐
1094 cific ETag read from the given file by sending a custom If-None-
1095 Match header using the stored ETag.
1096 For correct results, make sure that the specified file contains
1098 only a single line with the desired ETag. An empty file is
1099 parsed as an empty ETag.
1100 Use the option --etag-save to first save the ETag from a re‐
1102 sponse, and then use this option to compare against the saved
1103 ETag in a subsequent request.
1104 Example:
1106 curl --etag-compare etag.txt https://example.com
1107 See also --etag-save and -z, --time-cond. Added in 7.68.0.
1109 --etag-save <file>
1111 (HTTP) This option saves an HTTP ETag to the specified file. An
1112 ETag is a caching related header, usually returned in a re‐
1113 sponse.
1114 If no ETag is sent by the server, an empty file is created.
1116 Example:
1118 curl --etag-save storetag.txt https://example.com
1119 See also --etag-compare. Added in 7.68.0.
1121 --expect100-timeout <seconds>
1123 (HTTP) Maximum time in seconds that you allow curl to wait for a
1124 100-continue response when curl emits an Expects: 100-continue
1125 header in its request. By default curl will wait one second.
1126 This option accepts decimal values! When curl stops waiting, it
1127 will continue as if the response has been received.
1128 Example:
1130 curl --expect100-timeout 2.5 -T file https://example.com
1131 See also --connect-timeout. Added in 7.47.0.
1133 --fail-early
1135 Fail and exit on the first detected transfer error.
1136 When curl is used to do multiple transfers on the command line,
1138 it will attempt to operate on each given URL, one by one. By de‐
1139 fault, it will ignore errors if there are more URLs given and
1140 the last URL's success will determine the error code curl re‐
1141 turns. So early failures will be "hidden" by subsequent success‐
1142 ful transfers.
1143 Using this option, curl will instead return an error on the
1145 first transfer that fails, independent of the amount of URLs
1146 that are given on the command line. This way, no transfer fail‐
1147 ures go undetected by scripts and similar.
1148 This option is global and does not need to be specified for each
1150 use of -:, --next.
1151 This option does not imply -f, --fail, which causes transfers to
1153 fail due to the server's HTTP status code. You can combine the
1154 two options, however note --fail is not global and is therefore
1155 contained by -:, --next.
1156 Example:
1158 curl --fail-early https://example.com https://two.example
1159 See also -f, --fail and --fail-with-body. Added in 7.52.0.
1161 --fail-with-body
1163 (HTTP) Return an error on server errors where the HTTP response
1164 code is 400 or greater). In normal cases when an HTTP server
1165 fails to deliver a document, it returns an HTML document stating
1166 so (which often also describes why and more). This flag will
1167 still allow curl to output and save that content but also to re‐
1168 turn error 22.
1169 This is an alternative option to --fail which makes curl fail
1171 for the same circumstances but without saving the content.
1172 Example:
1174 curl --fail-with-body https://example.com
1175 See also -f, --fail. Added in 7.76.0.
1177 -f, --fail
1179 (HTTP) Fail silently (no output at all) on server errors. This
1180 is mostly done to enable scripts etc to better deal with failed
1181 attempts. In normal cases when an HTTP server fails to deliver a
1182 document, it returns an HTML document stating so (which often
1183 also describes why and more). This flag will prevent curl from
1184 outputting that and return error 22.
1185 This method is not fail-safe and there are occasions where non-
1187 successful response codes will slip through, especially when au‐
1188 thentication is involved (response codes 401 and 407).
1189 Example:
1191 curl --fail https://example.com
1192 See also --fail-with-body.
1194 --false-start
1196 (TLS) Tells curl to use false start during the TLS handshake.
1197 False start is a mode where a TLS client will start sending ap‐
1198 plication data before verifying the server's Finished message,
1199 thus saving a round trip when performing a full handshake.
1200 This is currently only implemented in the NSS and Secure Trans‐
1202 port (on iOS 7.0 or later, or OS X 10.9 or later) backends.
1203 Example:
1205 curl --false-start https://example.com
1206 See also --tcp-fastopen. Added in 7.42.0.
1208 --form-escape
1210 (HTTP) Tells curl to pass on names of multipart form fields and
1211 files using backslash-escaping instead of percent-encoding.
1212 Example:
1214 curl --form-escape --form 'field\name=curl' 'file=@load"this' https://example.com
1215 See also -F, --form. Added in 7.81.0.
1217 --form-string <name=string>
1219 (HTTP SMTP IMAP) Similar to --form except that the value string
1220 for the named parameter is used literally. Leading '@' and '<'
1221 characters, and the ';type=' string in the value have no special
1222 meaning. Use this in preference to --form if there's any possi‐
1223 bility that the string value may accidentally trigger the '@' or
1224 '<' features of -F, --form.
1225 Example:
1227 curl --form-string "data" https://example.com
1228 See also -F, --form.
1230 -F, --form <name=content>
1232 (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu‐
1233 late a filled-in form in which a user has pressed the submit
1234 button. This causes curl to POST data using the Content-Type
1235 multipart/form-data according to RFC 2388.
1236 For SMTP and IMAP protocols, this is the means to compose a mul‐
1238 tipart mail message to transmit.
1239 This enables uploading of binary files etc. To force the 'con‐
1241 tent' part to be a file, prefix the file name with an @ sign. To
1242 just get the content part from a file, prefix the file name with
1243 the symbol <. The difference between @ and < is then that @
1244 makes a file get attached in the post as a file upload, while
1245 the < makes a text field and just get the contents for that text
1246 field from a file.
1247 Tell curl to read content from stdin instead of a file by using
1249 - as filename. This goes for both @ and < constructs. When stdin
1250 is used, the contents is buffered in memory first by curl to de‐
1251 termine its size and allow a possible resend. Defining a part's
1252 data from a named non-regular file (such as a named pipe or sim‐
1253 ilar) is unfortunately not subject to buffering and will be ef‐
1254 fectively read at transmission time; since the full size is un‐
1255 known before the transfer starts, such data is sent as chunks by
1256 HTTP and rejected by IMAP.
1257 Example: send an image to an HTTP server, where 'profile' is the
1259 name of the form-field to which the file portrait.jpg will be
1260 the input:
1261 curl -F profile=@portrait.jpg https://example.com/upload.cgi
1263 Example: send your name and shoe size in two text fields to the
1265 server:
1266 curl -F name=John -F shoesize=11 https://example.com/
1268 Example: send your essay in a text field to the server. Send it
1270 as a plain text field, but get the contents for it from a local
1271 file:
1272 curl -F "story=<hugefile.txt" https://example.com/
1274 You can also tell curl what Content-Type to use by using
1276 'type=', in a manner similar to:
1277 curl -F "web=@index.html;type=text/html" example.com
1279 or
1281 curl -F "name=daniel;type=text/foo" example.com
1283 You can also explicitly change the name field of a file upload
1285 part by setting filename=, like this:
1286 curl -F "file=@localfile;filename=nameinpost" example.com
1288 If filename/path contains ',' or ';', it must be quoted by dou‐
1290 ble-quotes like:
1291 curl -F "file=@\"local,file\";filename=\"name;in;post\"" example.com
1293 or
1295 curl -F 'file=@"local,file";filename="name;in;post"' example.com
1297 Note that if a filename/path is quoted by double-quotes, any
1299 double-quote or backslash within the filename must be escaped by
1300 backslash.
1301 Quoting must also be applied to non-file data if it contains
1303 semicolons, leading/trailing spaces or leading double quotes:
1304 curl -F 'colors="red; green; blue";type=text/x-myapp' example.com
1306 You can add custom headers to the field by setting headers=,
1308 like
1309 curl -F "submit=OK;headers=\"X-submit-type: OK\"" example.com
1311 or
1313 curl -F "submit=OK;headers=@headerfile" example.com
1315 The headers= keyword may appear more that once and above notes
1317 about quoting apply. When headers are read from a file, Empty
1318 lines and lines starting with '#' are comments and ignored; each
1319 header can be folded by splitting between two words and starting
1320 the continuation line with a space; embedded carriage-returns
1321 and trailing spaces are stripped. Here is an example of a
1322 header file contents:
1323 # This file contain two headers.
1325 X-header-1: this is a header
1326 # The following header is folded.
1328 X-header-2: this is
1329 another header
1330 To support sending multipart mail messages, the syntax is ex‐
1332 tended as follows:
1333 - name can be omitted: the equal sign is the first character of
1334 the argument,
1335 - if data starts with '(', this signals to start a new multi‐
1336 part: it can be followed by a content type specification.
1337 - a multipart can be terminated with a '=)' argument.
1338 Example: the following command sends an SMTP mime email consist‐
1340 ing in an inline part in two alternative formats: plain text and
1341 HTML. It attaches a text file:
1342 curl -F '=(;type=multipart/alternative' \
1344 -F '=plain text message' \
1345 -F '= <body>HTML message</body>;type=text/html' \
1346 -F '=)' -F '=@textfile.txt' ... smtp://example.com
1347 Data can be encoded for transfer using encoder=. Available en‐
1349 codings are binary and 8bit that do nothing else than adding the
1350 corresponding Content-Transfer-Encoding header, 7bit that only
1351 rejects 8-bit characters with a transfer error, quoted-printable
1352 and base64 that encodes data according to the corresponding
1353 schemes, limiting lines length to 76 characters.
1354 Example: send multipart mail with a quoted-printable text mes‐
1356 sage and a base64 attached file:
1357 curl -F '=text message;encoder=quoted-printable' \
1359 -F '=@localfile;encoder=base64' ... smtp://example.com
1360 See further examples and details in the MANUAL.
1362 This option can be used multiple times.
1364 Example:
1366 curl --form "name=curl" --form "file=@loadthis" https://example.com
1367 See also -d, --data, --form-string and --form-escape. This op‐
1369 tion overrides -d, --data and -I, --head and -T, --upload-file.
1370 --ftp-account <data>
1372 (FTP) When an FTP server asks for "account data" after user name
1373 and password has been provided, this data is sent off using the
1374 ACCT command.
1375 If this option is used several times, the last one will be used.
1377 Example:
1379 curl --ftp-account "mr.robot" ftp://example.com/
1380 See also -u, --user.
1382 --ftp-alternative-to-user <command>
1384 (FTP) If authenticating with the USER and PASS commands fails,
1385 send this command. When connecting to Tumbleweed's Secure
1386 Transport server over FTPS using a client certificate, using
1387 "SITE AUTH" will tell the server to retrieve the username from
1388 the certificate.
1389 Example:
1391 curl --ftp-alternative-to-user "U53r" ftp://example.com
1392 See also --ftp-account and -u, --user.
1394 --ftp-create-dirs
1396 (FTP SFTP) When an FTP or SFTP URL/operation uses a path that
1397 does not currently exist on the server, the standard behavior of
1398 curl is to fail. Using this option, curl will instead attempt to
1399 create missing directories.
1400 Example:
1402 curl --ftp-create-dirs -T file ftp://example.com/remote/path/file
1403 See also --create-dirs.
1405 --ftp-method <method>
1407 (FTP) Control what method curl should use to reach a file on an
1408 FTP(S) server. The method argument should be one of the follow‐
1409 ing alternatives:
1410 multicwd
1412 curl does a single CWD operation for each path part in
1413 the given URL. For deep hierarchies this means many com‐
1414 mands. This is how RFC 1738 says it should be done. This
1415 is the default but the slowest behavior.
1416 nocwd curl does no CWD at all. curl will do SIZE, RETR, STOR
1418 etc and give a full path to the server for all these com‐
1419 mands. This is the fastest behavior.
1420 singlecwd
1422 curl does one CWD with the full target directory and then
1423 operates on the file "normally" (like in the multicwd
1424 case). This is somewhat more standards compliant than
1425 'nocwd' but without the full penalty of 'multicwd'.
1426 Examples:
1428 curl --ftp-method multicwd ftp://example.com/dir1/dir2/file
1429 curl --ftp-method nocwd ftp://example.com/dir1/dir2/file
1430 curl --ftp-method singlecwd ftp://example.com/dir1/dir2/file
1431 See also -l, --list-only.
1433 --ftp-pasv
1435 (FTP) Use passive mode for the data connection. Passive is the
1436 internal default behavior, but using this option can be used to
1437 override a previous --ftp-port option.
1438 If this option is used several times, only the first one is
1440 used. Undoing an enforced passive really is not doable but you
1441 must then instead enforce the correct --ftp-port again.
1442 Passive mode means that curl will try the EPSV command first and
1444 then PASV, unless --disable-epsv is used.
1445 Example:
1447 curl --ftp-pasv ftp://example.com/
1448 See also --disable-epsv.
1450 -P, --ftp-port <address>
1452 (FTP) Reverses the default initiator/listener roles when con‐
1453 necting with FTP. This option makes curl use active mode. curl
1454 then tells the server to connect back to the client's specified
1455 address and port, while passive mode asks the server to setup an
1456 IP address and port for it to connect to. <address> should be
1457 one of:
1458 interface
1460 e.g. "eth0" to specify which interface's IP address you
1461 want to use (Unix only)
1462 IP address
1464 e.g. "192.168.10.1" to specify the exact IP address
1465 host name
1467 e.g. "my.host.domain" to specify the machine
1468 - make curl pick the same IP address that is already used
1470 for the control connection
1471 If this option is used several times, the last one will be used. Dis‐
1473 able the use of PORT with --ftp-pasv. Disable the attempt to use the
1474 EPRT command instead of PORT by using --disable-eprt. EPRT is really
1475 PORT++.
1476 You can also append ":[start]-[end]" to the right of the address, to
1478 tell curl what TCP port range to use. That means you specify a port
1479 range, from a lower to a higher number. A single number works as well,
1480 but do note that it increases the risk of failure since the port may
1481 not be available.
1482 Examples:
1485 curl -P - ftp:/example.com
1486 curl -P eth0 ftp:/example.com
1487 curl -P 192.168.0.2 ftp:/example.com
1488 See also --ftp-pasv and --disable-eprt.
1490 --ftp-pret
1492 (FTP) Tell curl to send a PRET command before PASV (and EPSV).
1493 Certain FTP servers, mainly drftpd, require this non-standard
1494 command for directory listings as well as up and downloads in
1495 PASV mode.
1496 Example:
1498 curl --ftp-pret ftp://example.com/
1499 See also -P, --ftp-port and --ftp-pasv.
1501 --ftp-skip-pasv-ip
1503 (FTP) Tell curl to not use the IP address the server suggests in
1504 its response to curl's PASV command when curl connects the data
1505 connection. Instead curl will re-use the same IP address it al‐
1506 ready uses for the control connection.
1507 Since curl 7.74.0 this option is enabled by default.
1509 This option has no effect if PORT, EPRT or EPSV is used instead
1511 of PASV.
1512 Example:
1514 curl --ftp-skip-pasv-ip ftp://example.com/
1515 See also --ftp-pasv.
1517 --ftp-ssl-ccc-mode <active/passive>
1519 (FTP) Sets the CCC mode. The passive mode will not initiate the
1520 shutdown, but instead wait for the server to do it, and will not
1521 reply to the shutdown from the server. The active mode initiates
1522 the shutdown and waits for a reply from the server.
1523 Example:
1525 curl --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/
1526 See also --ftp-ssl-ccc.
1528 --ftp-ssl-ccc
1530 (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS
1531 layer after authenticating. The rest of the control channel com‐
1532 munication will be unencrypted. This allows NAT routers to fol‐
1533 low the FTP transaction. The default mode is passive.
1534 Example:
1536 curl --ftp-ssl-ccc ftps://example.com/
1537 See also --ssl and --ftp-ssl-ccc-mode.
1539 --ftp-ssl-control
1541 (FTP) Require SSL/TLS for the FTP login, clear for transfer.
1542 Allows secure authentication, but non-encrypted data transfers
1543 for efficiency. Fails the transfer if the server does not sup‐
1544 port SSL/TLS.
1545 Example:
1547 curl --ftp-ssl-control ftp://example.com
1548 See also --ssl.
1550 -G, --get
1552 When used, this option will make all data specified with -d,
1553 --data, --data-binary or --data-urlencode to be used in an HTTP
1554 GET request instead of the POST request that otherwise would be
1555 used. The data will be appended to the URL with a '?' separator.
1556 If used in combination with -I, --head, the POST data will in‐
1558 stead be appended to the URL with a HEAD request.
1559 If this option is used several times, only the first one is
1561 used. This is because undoing a GET does not make sense, but you
1562 should then instead enforce the alternative method you prefer.
1563 Examples:
1565 curl --get https://example.com
1566 curl --get -d "tool=curl" -d "age=old" https://example.com
1567 curl --get -I -d "tool=curl" https://example.com
1568 See also -d, --data and -X, --request.
1570 -g, --globoff
1572 This option switches off the "URL globbing parser". When you set
1573 this option, you can specify URLs that contain the letters {}[]
1574 without having curl itself interpret them. Note that these let‐
1575 ters are not normal legal URL contents but they should be en‐
1576 coded according to the URI standard.
1577 Example:
1579 curl -g "https://example.com/{[]}}}}"
1580 See also -K, --config and -q, --disable.
1582 --happy-eyeballs-timeout-ms <milliseconds>
1584 Happy Eyeballs is an algorithm that attempts to connect to both
1585 IPv4 and IPv6 addresses for dual-stack hosts, giving IPv6 a
1586 head-start of the specified number of milliseconds. If the IPv6
1587 address cannot be connected to within that time, then a connec‐
1588 tion attempt is made to the IPv4 address in parallel. The first
1589 connection to be established is the one that is used.
1590 The range of suggested useful values is limited. Happy Eyeballs
1592 RFC 6555 says "It is RECOMMENDED that connection attempts be
1593 paced 150-250 ms apart to balance human factors against network
1594 load." libcurl currently defaults to 200 ms. Firefox and Chrome
1595 currently default to 300 ms.
1596 If this option is used several times, the last one will be used.
1598 Example:
1600 curl --happy-eyeballs-timeout-ms 500 https://example.com
1601 See also -m, --max-time and --connect-timeout. Added in 7.59.0.
1603 --haproxy-protocol
1605 (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning
1606 of the connection. This is used by some load balancers and re‐
1607 verse proxies to indicate the client's true IP address and port.
1608 This option is primarily useful when sending test requests to a
1610 service that expects this header.
1611 Example:
1613 curl --haproxy-protocol https://example.com
1614 See also -x, --proxy. Added in 7.60.0.
1616 -I, --head
1618 (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the
1619 command HEAD which this uses to get nothing but the header of a
1620 document. When used on an FTP or FILE file, curl displays the
1621 file size and last modification time only.
1622 Example:
1624 curl -I https://example.com
1625 See also -G, --get, -v, --verbose and --trace-ascii.
1627 -H, --header <header/@file>
1629 (HTTP) Extra header to include in the request when sending HTTP
1630 to a server. You may specify any number of extra headers. Note
1631 that if you should add a custom header that has the same name as
1632 one of the internal ones curl would use, your externally set
1633 header will be used instead of the internal one. This allows you
1634 to make even trickier stuff than curl would normally do. You
1635 should not replace internally set headers without knowing per‐
1636 fectly well what you are doing. Remove an internal header by
1637 giving a replacement without content on the right side of the
1638 colon, as in: -H "Host:". If you send the custom header with no-
1639 value then its header must be terminated with a semicolon, such
1640 as -H "X-Custom-Header;" to send "X-Custom-Header:".
1641 curl will make sure that each header you add/replace is sent
1643 with the proper end-of-line marker, you should thus not add that
1644 as a part of the header content: do not add newlines or carriage
1645 returns, they will only mess things up for you.
1646 This option can take an argument in @filename style, which then
1648 adds a header for each line in the input file. Using @- will
1649 make curl read the header file from stdin. Added in 7.55.0.
1650 You need --proxy-header to send custom headers intended for a
1652 HTTP proxy. Added in 7.37.0.
1653 Passing on a "Transfer-Encoding: chunked" header when doing a
1655 HTTP request with a request body, will make curl send the data
1656 using chunked encoding.
1657 WARNING: headers set with this option will be set in all re‐
1659 quests - even after redirects are followed, like when told with
1660 -L, --location. This can lead to the header being sent to other
1661 hosts than the original host, so sensitive headers should be
1662 used with caution combined with following redirects.
1663 This option can be used multiple times to add/replace/remove
1665 multiple headers.
1666 Examples:
1668 curl -H "X-First-Name: Joe" https://example.com
1669 curl -H "User-Agent: yes-please/2000" https://example.com
1670 curl -H "Host:" https://example.com
1671 See also -A, --user-agent and -e, --referer.
1673 -h, --help <category>
1675 Usage help. This lists all commands of the <category>. If no
1676 arg was provided, curl will display the most important command
1677 line arguments. If the argument "all" was provided, curl will
1678 display all options available. If the argument "category" was
1679 provided, curl will display all categories and their meanings.
1680 Example:
1682 curl --help all
1683 See also -v, --verbose.
1685 --hostpubmd5 <md5>
1687 (SFTP SCP) Pass a string containing 32 hexadecimal digits. The
1688 string should be the 128 bit MD5 checksum of the remote host's
1689 public key, curl will refuse the connection with the host unless
1690 the md5sums match.
1691 Example:
1693 curl --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/
1694 See also --hostpubsha256.
1696 --hostpubsha256 <sha256>
1698 (SFTP SCP) Pass a string containing a Base64-encoded SHA256 hash
1699 of the remote host's public key. Curl will refuse the connection
1700 with the host unless the hashes match.
1701 Example:
1703 curl --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/
1704 See also --hostpubmd5. Added in 7.80.0.
1706 --hsts <file name>
1708 (HTTPS) This option enables HSTS for the transfer. If the file
1709 name points to an existing HSTS cache file, that will be used.
1710 After a completed transfer, the cache will be saved to the file
1711 name again if it has been modified.
1712 Specify a "" file name (zero length) to avoid loading/saving and
1714 make curl just handle HSTS in memory.
1715 If this option is used several times, curl will load contents
1717 from all the files but the last one will be used for saving.
1718 Example:
1720 curl --hsts cache.txt https://example.com
1721 See also --proto. Added in 7.74.0.
1723 --http0.9
1725 (HTTP) Tells curl to be fine with HTTP version 0.9 response.
1726 HTTP/0.9 is a completely headerless response and therefore you
1728 can also connect with this to non-HTTP servers and still get a
1729 response since curl will simply transparently downgrade - if al‐
1730 lowed.
1731 Since curl 7.66.0, HTTP/0.9 is disabled by default.
1733 Example:
1735 curl --http0.9 https://example.com
1736 See also --http1.1, --http2 and --http3. Added in 7.64.0.
1738 -0, --http1.0
1740 (HTTP) Tells curl to use HTTP version 1.0 instead of using its
1741 internally preferred HTTP version.
1742 Example:
1744 curl --http1.0 https://example.com
1745 See also --http0.9 and --http1.1. This option overrides
1747 --http1.1 and --http2 and --http2-prior-knowledge and --http3.
1748 --http1.1
1750 (HTTP) Tells curl to use HTTP version 1.1.
1751 Example:
1753 curl --http1.1 https://example.com
1754 See also -0, --http1.0 and --http0.9. This option overrides -0,
1756 --http1.0 and --http2 and --http2-prior-knowledge and --http3.
1757 Added in 7.33.0.
1758 --http2-prior-knowledge
1760 (HTTP) Tells curl to issue its non-TLS HTTP requests using
1761 HTTP/2 without HTTP/1.1 Upgrade. It requires prior knowledge
1762 that the server supports HTTP/2 straight away. HTTPS requests
1763 will still do HTTP/2 the standard way with negotiated protocol
1764 version in the TLS handshake.
1765 Example:
1767 curl --http2-prior-knowledge https://example.com
1768 See also --http2 and --http3. --http2-prior-knowledge requires
1770 that the underlying libcurl was built to support HTTP/2. This
1771 option overrides --http1.1 and -0, --http1.0 and --http2 and
1772 --http3. Added in 7.49.0.
1773 --http2
1775 (HTTP) Tells curl to use HTTP version 2.
1776 For HTTPS, this means curl will attempt to negotiate HTTP/2 in
1778 the TLS handshake. curl does this by default.
1779 For HTTP, this means curl will attempt to upgrade the request to
1781 HTTP/2 using the Upgrade: request header.
1782 When curl uses HTTP/2 over HTTPS, it does not itself insist on
1784 TLS 1.2 or higher even though that is required by the specifica‐
1785 tion. A user can add this version requirement with --tlsv1.2.
1786 Example:
1788 curl --http2 https://example.com
1789 See also --http1.1 and --http3. --http2 requires that the under‐
1791 lying libcurl was built to support HTTP/2. This option overrides
1792 --http1.1 and -0, --http1.0 and --http2-prior-knowledge and
1793 --http3. Added in 7.33.0.
1794 --http3
1796 (HTTP) WARNING: this option is experimental. Do not use in pro‐
1797 duction.
1798 Tells curl to use HTTP version 3 directly to the host and port
1800 number used in the URL. A normal HTTP/3 transaction will be done
1801 to a host and then get redirected via Alt-Svc, but this option
1802 allows a user to circumvent that when you know that the target
1803 speaks HTTP/3 on the given host and port.
1804 This option will make curl fail if a QUIC connection cannot be
1806 established, it cannot fall back to a lower HTTP version on its
1807 own.
1808 Example:
1810 curl --http3 https://example.com
1811 See also --http1.1 and --http2. --http3 requires that the under‐
1813 lying libcurl was built to support HTTP/3. This option overrides
1814 --http1.1 and -0, --http1.0 and --http2 and --http2-prior-knowl‐
1815 edge. Added in 7.66.0.
1816 --ignore-content-length
1818 (FTP HTTP) For HTTP, Ignore the Content-Length header. This is
1819 particularly useful for servers running Apache 1.x, which will
1820 report incorrect Content-Length for files larger than 2 giga‐
1821 bytes.
1822 For FTP (since 7.46.0), skip the RETR command to figure out the
1824 size before downloading a file.
1825 This option does not work for HTTP if libcurl was built to use
1827 hyper.
1828 Example:
1830 curl --ignore-content-length https://example.com
1831 See also --ftp-skip-pasv-ip.
1833 -i, --include
1835 Include the HTTP response headers in the output. The HTTP re‐
1836 sponse headers can include things like server name, cookies,
1837 date of the document, HTTP version and more...
1838 To view the request headers, consider the --verbose option.
1840 Example:
1842 curl -i https://example.com
1843 See also -v, --verbose.
1845 -k, --insecure
1847 (TLS SFTP SCP) By default, every secure connection curl makes is
1848 verified to be secure before the transfer takes place. This op‐
1849 tion makes curl skip the verification step and proceed without
1850 checking.
1851 When this option is not used for protocols using TLS, curl veri‐
1853 fies the server's TLS certificate before it continues: that the
1854 certificate contains the right name which matches the host name
1855 used in the URL and that the certificate has been signed by a CA
1856 certificate present in the cert store. See this online resource
1857 for further details:
1858 https://curl.se/docs/sslcerts.html
1859 For SFTP and SCP, this option makes curl skip the known_hosts
1861 verification. known_hosts is a file normally stored in the
1862 user's home directory in the .ssh subdirectory, which contains
1863 host names and their public keys.
1864 WARNING: using this option makes the transfer insecure.
1866 Example:
1868 curl --insecure https://example.com
1869 See also --proxy-insecure, --cacert and --capath.
1871 --interface <name>
1873 Perform an operation using a specified interface. You can enter
1874 interface name, IP address or host name. An example could look
1875 like:
1876 curl --interface eth0:1 https://www.example.com/
1878 If this option is used several times, the last one will be used.
1880 On Linux it can be used to specify a VRF, but the binary needs
1882 to either have CAP_NET_RAW or to be run as root. More informa‐
1883 tion about Linux VRF: https://www.kernel.org/doc/Documenta‐
1884 tion/networking/vrf.txt
1885 Example:
1887 curl --interface eth0 https://example.com
1888 See also --dns-interface.
1890 -4, --ipv4
1892 This option tells curl to resolve names to IPv4 addresses only,
1893 and not for example try IPv6.
1894 Example:
1896 curl --ipv4 https://example.com
1897 See also --http1.1 and --http2. This option overrides -6,
1899 --ipv6.
1900 -6, --ipv6
1902 This option tells curl to resolve names to IPv6 addresses only,
1903 and not for example try IPv4.
1904 Example:
1906 curl --ipv6 https://example.com
1907 See also --http1.1 and --http2. This option overrides -4,
1909 --ipv4.
1910 --json <data>
1912 (HTTP) Sends the specified JSON data in a POST request to the
1913 HTTP server. --json works as a shortcut for passing on these
1914 three options:
1915 --data [arg]
1917 --header "Content-Type: application/json"
1918 --header "Accept: application/json"
1919 There is no verification that the passed in data is actual JSON
1921 or that the syntax is correct.
1922 If you start the data with the letter @, the rest should be a
1924 file name to read the data from, or a single dash (-) if you
1925 want curl to read the data from stdin. Posting data from a file
1926 named 'foobar' would thus be done with --json @foobar and to in‐
1927 stead read the data from stdin, use --json @-.
1928 If this option is used more than once on the same command line,
1930 the additional data pieces will be concatenated to the previous
1931 before sending.
1932 The headers this option sets can be overriden with --header as
1934 usual.
1935 Examples:
1937 curl --json '{ "drink": "coffe" }' https://example.com
1938 curl --json '{ "drink":' --json ' "coffe" }' https://example.com
1939 curl --json @prepared https://example.com
1940 curl --json @- https://example.com < json.txt
1941 See also --data-binary and --data-raw. This option overrides -F,
1943 --form and -I, --head and -T, --upload-file. Added in 7.82.0.
1944 -j, --junk-session-cookies
1946 (HTTP) When curl is told to read cookies from a given file, this
1947 option will make it discard all "session cookies". This will ba‐
1948 sically have the same effect as if a new session is started.
1949 Typical browsers always discard session cookies when they are
1950 closed down.
1951 Example:
1953 curl --junk-session-cookies -b cookies.txt https://example.com
1954 See also -b, --cookie and -c, --cookie-jar.
1956 --keepalive-time <seconds>
1958 This option sets the time a connection needs to remain idle be‐
1959 fore sending keepalive probes and the time between individual
1960 keepalive probes. It is currently effective on operating systems
1961 offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options
1962 (meaning Linux, recent AIX, HP-UX and more). This option has no
1963 effect if --no-keepalive is used.
1964 If this option is used several times, the last one will be used.
1966 If unspecified, the option defaults to 60 seconds.
1967 Example:
1969 curl --keepalive-time 20 https://example.com
1970 See also --no-keepalive and -m, --max-time.
1972 --key-type <type>
1974 (TLS) Private key file type. Specify which type your --key pro‐
1975 vided private key is. DER, PEM, and ENG are supported. If not
1976 specified, PEM is assumed.
1977 If this option is used several times, the last one will be used.
1979 Example:
1981 curl --key-type DER --key here https://example.com
1982 See also --key.
1984 --key <key>
1986 (TLS SSH) Private key file name. Allows you to provide your pri‐
1987 vate key in this separate file. For SSH, if not specified, curl
1988 tries the following candidates in order: '~/.ssh/id_rsa',
1989 '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
1990 If curl is built against OpenSSL library, and the engine pkcs11
1992 is available, then a PKCS#11 URI (RFC 7512) can be used to spec‐
1993 ify a private key located in a PKCS#11 device. A string begin‐
1994 ning with "pkcs11:" will be interpreted as a PKCS#11 URI. If a
1995 PKCS#11 URI is provided, then the --engine option will be set as
1996 "pkcs11" if none was provided and the --key-type option will be
1997 set as "ENG" if none was provided.
1998 If this option is used several times, the last one will be used.
2000 Example:
2002 curl --cert certificate --key here https://example.com
2003 See also --key-type and -E, --cert.
2005 --krb <level>
2007 (FTP) Enable Kerberos authentication and use. The level must be
2008 entered and should be one of 'clear', 'safe', 'confidential', or
2009 'private'. Should you use a level that is not one of these,
2010 'private' will instead be used.
2011 If this option is used several times, the last one will be used.
2013 Example:
2015 curl --krb clear ftp://example.com/
2016 See also --delegation and --ssl. --krb requires that the under‐
2018 lying libcurl was built to support Kerberos.
2019 --libcurl <file>
2021 Append this option to any ordinary curl command line, and you
2022 will get libcurl-using C source code written to the file that
2023 does the equivalent of what your command-line operation does!
2024 This option is global and does not need to be specified for each
2026 use of -:, --next.
2027 If this option is used several times, the last given file name
2029 will be used.
2030 Example:
2032 curl --libcurl client.c https://example.com
2033 See also -v, --verbose.
2035 --limit-rate <speed>
2037 Specify the maximum transfer rate you want curl to use - for
2038 both downloads and uploads. This feature is useful if you have a
2039 limited pipe and you would like your transfer not to use your
2040 entire bandwidth. To make it slower than it otherwise would be.
2041 The given speed is measured in bytes/second, unless a suffix is
2043 appended. Appending 'k' or 'K' will count the number as kilo‐
2044 bytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it
2045 gigabytes. The suffixes (k, M, G, T, P) are 1024 based. For ex‐
2046 ample 1k is 1024. Examples: 200K, 3m and 1G.
2047 The rate limiting logic works on averaging the transfer speed to
2049 no more than the set threshold over a period of multiple sec‐
2050 onds.
2051 If you also use the --speed-limit option, that option will take
2053 precedence and might cripple the rate-limiting slightly, to help
2054 keeping the speed-limit logic working.
2055 If this option is used several times, the last one will be used.
2057 Examples:
2059 curl --limit-rate 100K https://example.com
2060 curl --limit-rate 1000 https://example.com
2061 curl --limit-rate 10M https://example.com
2062 See also -Y, --speed-limit and -y, --speed-time.
2064 -l, --list-only
2066 (FTP POP3) (FTP) When listing an FTP directory, this switch
2067 forces a name-only view. This is especially useful if the user
2068 wants to machine-parse the contents of an FTP directory since
2069 the normal directory view does not use a standard look or for‐
2070 mat. When used like this, the option causes an NLST command to
2071 be sent to the server instead of LIST.
2072 Note: Some FTP servers list only files in their response to
2074 NLST; they do not include sub-directories and symbolic links.
2075 (POP3) When retrieving a specific email from POP3, this switch
2077 forces a LIST command to be performed instead of RETR. This is
2078 particularly useful if the user wants to see if a specific mes‐
2079 sage-id exists on the server and what size it is.
2080 Note: When combined with -X, --request, this option can be used
2082 to send a UIDL command instead, so the user may use the email's
2083 unique identifier rather than its message-id to make the re‐
2084 quest.
2085 Example:
2087 curl --list-only ftp://example.com/dir/
2088 See also -Q, --quote and -X, --request.
2090 --local-port <num/range>
2092 Set a preferred single number or range (FROM-TO) of local port
2093 numbers to use for the connection(s). Note that port numbers by
2094 nature are a scarce resource that will be busy at times so set‐
2095 ting this range to something too narrow might cause unnecessary
2096 connection setup failures.
2097 Example:
2099 curl --local-port 1000-3000 https://example.com
2100 See also -g, --globoff.
2102 --location-trusted
2104 (HTTP) Like -L, --location, but will allow sending the name +
2105 password to all hosts that the site may redirect to. This may or
2106 may not introduce a security breach if the site redirects you to
2107 a site to which you will send your authentication info (which is
2108 plaintext in the case of HTTP Basic authentication).
2109 Example:
2111 curl --location-trusted -u user:password https://example.com
2112 See also -u, --user.
2114 -L, --location
2116 (HTTP) If the server reports that the requested page has moved
2117 to a different location (indicated with a Location: header and a
2118 3XX response code), this option will make curl redo the request
2119 on the new place. If used together with --include or -I, --head,
2120 headers from all requested pages will be shown. When authentica‐
2121 tion is used, curl only sends its credentials to the initial
2122 host. If a redirect takes curl to a different host, it will not
2123 be able to intercept the user+password. See also --location-
2124 trusted on how to change this. You can limit the amount of redi‐
2125 rects to follow by using the --max-redirs option.
2126 When curl follows a redirect and if the request is a POST, it
2128 will send the following request with a GET if the HTTP response
2129 was 301, 302, or 303. If the response code was any other 3xx
2130 code, curl will re-send the following request using the same un‐
2131 modified method.
2132 You can tell curl to not change POST requests to GET after a 30x
2134 response by using the dedicated options for that: --post301,
2135 --post302 and --post303.
2136 The method set with --request overrides the method curl would
2138 otherwise select to use.
2139 Example:
2141 curl -L https://example.com
2142 See also --resolve and --alt-svc.
2144 --login-options <options>
2146 (IMAP LDAP POP3 SMTP) Specify the login options to use during
2147 server authentication.
2148 You can use login options to specify protocol specific options
2150 that may be used during authentication. At present only IMAP,
2151 POP3 and SMTP support login options. For more information about
2152 login options please see RFC 2384, RFC 5092 and IETF draft
2153 draft-earhart-url-smtp-00.txt
2154 If this option is used several times, the last one will be used.
2156 Example:
2158 curl --login-options 'AUTH=*' imap://example.com
2159 See also -u, --user. Added in 7.34.0.
2161 --mail-auth <address>
2163 (SMTP) Specify a single address. This will be used to specify
2164 the authentication address (identity) of a submitted message
2165 that is being relayed to another server.
2166 Example:
2168 curl --mail-auth user@example.come -T mail smtp://example.com/
2169 See also --mail-rcpt and --mail-from.
2171 --mail-from <address>
2173 (SMTP) Specify a single address that the given mail should get
2174 sent from.
2175 Example:
2177 curl --mail-from user@example.com -T mail smtp://example.com/
2178 See also --mail-rcpt and --mail-auth.
2180 --mail-rcpt-allowfails
2182 (SMTP) When sending data to multiple recipients, by default curl
2183 will abort SMTP conversation if at least one of the recipients
2184 causes RCPT TO command to return an error.
2185 The default behavior can be changed by passing --mail-rcpt-al‐
2187 lowfails command-line option which will make curl ignore errors
2188 and proceed with the remaining valid recipients.
2189 If all recipients trigger RCPT TO failures and this flag is
2191 specified, curl will still abort the SMTP conversation and re‐
2192 turn the error received from to the last RCPT TO command.
2193 Example:
2195 curl --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com
2196 See also --mail-rcpt. Added in 7.69.0.
2198 --mail-rcpt <address>
2200 (SMTP) Specify a single email address, user name or mailing list
2201 name. Repeat this option several times to send to multiple re‐
2202 cipients.
2203 When performing an address verification (VRFY command), the re‐
2205 cipient should be specified as the user name or user name and
2206 domain (as per Section 3.5 of RFC5321). (Added in 7.34.0)
2207 When performing a mailing list expand (EXPN command), the recip‐
2209 ient should be specified using the mailing list name, such as
2210 "Friends" or "London-Office". (Added in 7.34.0)
2211 Example:
2213 curl --mail-rcpt user@example.net smtp://example.com
2214 See also --mail-rcpt-allowfails.
2216 -M, --manual
2218 Manual. Display the huge help text.
2219 Example:
2221 curl --manual
2222 See also -v, --verbose, --libcurl and --trace.
2224 --max-filesize <bytes>
2226 (FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to
2227 download. If the file requested is larger than this value, the
2228 transfer will not start and curl will return with exit code 63.
2229 A size modifier may be used. For example, Appending 'k' or 'K'
2231 will count the number as kilobytes, 'm' or 'M' makes it
2232 megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K,
2233 3m and 1G. (Added in 7.58.0)
2234 NOTE: The file size is not always known prior to download, and
2236 for such files this option has no effect even if the file trans‐
2237 fer ends up being larger than this given limit. Example:
2238 curl --max-filesize 100K https://example.com
2239 See also --limit-rate.
2241 --max-redirs <num>
2243 (HTTP) Set maximum number of redirections to follow. When --lo‐
2244 cation is used, to prevent curl from following too many redi‐
2245 rects, by default, the limit is set to 50 redirects. Set this
2246 option to -1 to make it unlimited.
2247 If this option is used several times, the last one will be used.
2249 Example:
2251 curl --max-redirs 3 --location https://example.com
2252 See also -L, --location.
2254 -m, --max-time <fractional seconds>
2256 Maximum time in seconds that you allow the whole operation to
2257 take. This is useful for preventing your batch jobs from hang‐
2258 ing for hours due to slow networks or links going down. Since
2259 7.32.0, this option accepts decimal values, but the actual time‐
2260 out will decrease in accuracy as the specified timeout increases
2261 in decimal precision.
2262 If this option is used several times, the last one will be used.
2264 Examples:
2266 curl --max-time 10 https://example.com
2267 curl --max-time 2.92 https://example.com
2268 See also --connect-timeout.
2270 --metalink
2272 This option was previously used to specify a metalink resource.
2273 Metalink support has been disabled in curl since 7.78.0 for se‐
2274 curity reasons.
2275 Example:
2277 curl --metalink file https://example.com
2278 See also -Z, --parallel.
2280 --negotiate
2282 (HTTP) Enables Negotiate (SPNEGO) authentication.
2283 This option requires a library built with GSS-API or SSPI sup‐
2285 port. Use --version to see if your curl supports GSS-API/SSPI or
2286 SPNEGO.
2287 When using this option, you must also provide a fake --user op‐
2289 tion to activate the authentication code properly. Sending a '-u
2290 :' is enough as the user name and password from the --user op‐
2291 tion are not actually used.
2292 If this option is used several times, only the first one is
2294 used.
2295 Example:
2297 curl --negotiate -u : https://example.com
2298 See also --basic, --ntlm, --anyauth and --proxy-negotiate.
2300 --netrc-file <filename>
2302 This option is similar to -n, --netrc, except that you provide
2303 the path (absolute or relative) to the netrc file that curl
2304 should use. You can only specify one netrc file per invocation.
2305 If several --netrc-file options are provided, the last one will
2306 be used.
2307 It will abide by --netrc-optional if specified.
2309 Example:
2311 curl --netrc-file netrc https://example.com
2312 See also -n, --netrc, -u, --user and -K, --config. This option
2314 overrides -n, --netrc.
2315 --netrc-optional
2317 Similar to -n, --netrc, but this option makes the .netrc usage
2318 optional and not mandatory as the --netrc option does.
2319 Example:
2321 curl --netrc-optional https://example.com
2322 See also --netrc-file. This option overrides -n, --netrc.
2324 -n, --netrc
2326 Makes curl scan the .netrc (_netrc on Windows) file in the
2327 user's home directory for login name and password. This is typi‐
2328 cally used for FTP on Unix. If used with HTTP, curl will enable
2329 user authentication. See netrc(5) and ftp(1) for details on the
2330 file format. Curl will not complain if that file does not have
2331 the right permissions (it should be neither world- nor group-
2332 readable). The environment variable "HOME" is used to find the
2333 home directory.
2334 A quick and simple example of how to setup a .netrc to allow
2336 curl to FTP to the machine host.domain.com with user name 'my‐
2337 self' and password 'secret' could look similar to:
2338 machine host.domain.com
2340 login myself
2341 password secret"
2342 Example:
2344 curl --netrc https://example.com
2345 See also --netrc-file, -K, --config and -u, --user.
2347 -:, --next
2349 Tells curl to use a separate operation for the following URL and
2350 associated options. This allows you to send several URL re‐
2351 quests, each with their own specific options, for example, such
2352 as different user names or custom requests for each.
2353 --next will reset all local options and only global ones will
2355 have their values survive over to the operation following the
2356 --next instruction. Global options include -v, --verbose,
2357 --trace, --trace-ascii and --fail-early.
2358 For example, you can do both a GET and a POST in a single com‐
2360 mand line:
2361 curl www1.example.com --next -d postthis www2.example.com
2363 Examples:
2365 curl https://example.com --next -d postthis www2.example.com
2366 curl -I https://example.com --next https://example.net/
2367 See also -Z, --parallel and -K, --config. Added in 7.36.0.
2369 --no-alpn
2371 (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by de‐
2372 fault if libcurl was built with an SSL library that supports
2373 ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti‐
2374 ate HTTP/2 support with the server during https sessions.
2375 Example:
2377 curl --no-alpn https://example.com
2378 See also --no-npn and --http2. --no-alpn requires that the un‐
2380 derlying libcurl was built to support TLS. Added in 7.36.0.
2381 -N, --no-buffer
2383 Disables the buffering of the output stream. In normal work sit‐
2384 uations, curl will use a standard buffered output stream that
2385 will have the effect that it will output the data in chunks, not
2386 necessarily exactly when the data arrives. Using this option
2387 will disable that buffering.
2388 Note that this is the negated option name documented. You can
2390 thus use --buffer to enforce the buffering.
2391 Example:
2393 curl --no-buffer https://example.com
2394 See also -#, --progress-bar.
2396 --no-keepalive
2398 Disables the use of keepalive messages on the TCP connection.
2399 curl otherwise enables them by default.
2400 Note that this is the negated option name documented. You can
2402 thus use --keepalive to enforce keepalive.
2403 Example:
2405 curl --no-keepalive https://example.com
2406 See also --keepalive-time.
2408 --no-npn
2410 (HTTPS) Disable the NPN TLS extension. NPN is enabled by default
2411 if libcurl was built with an SSL library that supports NPN. NPN
2412 is used by a libcurl that supports HTTP/2 to negotiate HTTP/2
2413 support with the server during https sessions.
2414 Example:
2416 curl --no-npn https://example.com
2417 See also --no-alpn and --http2. --no-npn requires that the un‐
2419 derlying libcurl was built to support TLS. Added in 7.36.0.
2420 --no-progress-meter
2422 Option to switch off the progress meter output without muting or
2423 otherwise affecting warning and informational messages like
2424 --silent does.
2425 Note that this is the negated option name documented. You can
2427 thus use --progress-meter to enable the progress meter again.
2428 Example:
2430 curl --no-progress-meter -o store https://example.com
2431 See also -v, --verbose and -s, --silent. Added in 7.67.0.
2433 --no-sessionid
2435 (TLS) Disable curl's use of SSL session-ID caching. By default
2436 all transfers are done using the cache. Note that while nothing
2437 should ever get hurt by attempting to reuse SSL session-IDs,
2438 there seem to be broken SSL implementations in the wild that may
2439 require you to disable this in order for you to succeed.
2440 Note that this is the negated option name documented. You can
2442 thus use --sessionid to enforce session-ID caching.
2443 Example:
2445 curl --no-sessionid https://example.com
2446 See also -k, --insecure.
2448 --noproxy <no-proxy-list>
2450 Comma-separated list of hosts for which not to use a proxy, if
2451 one is specified. The only wildcard is a single * character,
2452 which matches all hosts, and effectively disables the proxy.
2453 Each name in this list is matched as either a domain which con‐
2454 tains the hostname, or the hostname itself. For example, lo‐
2455 cal.com would match local.com, local.com:80, and www.local.com,
2456 but not www.notlocal.com.
2457 Since 7.53.0, This option overrides the environment variables
2459 that disable the proxy ('no_proxy' and 'NO_PROXY'). If there's
2460 an environment variable disabling a proxy, you can set the no‐
2461 proxy list to "" to override it.
2462 Example:
2464 curl --noproxy "www.example" https://example.com
2465 See also -x, --proxy.
2467 --ntlm-wb
2469 (HTTP) Enables NTLM much in the style --ntlm does, but hand over
2470 the authentication to the separate binary ntlmauth application
2471 that is executed when needed.
2472 Example:
2474 curl --ntlm-wb -u user:password https://example.com
2475 See also --ntlm and --proxy-ntlm.
2477 --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication
2479 method was designed by Microsoft and is used by IIS web servers.
2480 It is a proprietary protocol, reverse-engineered by clever peo‐
2481 ple and implemented in curl based on their efforts. This kind of
2482 behavior should not be endorsed, you should encourage everyone
2483 who uses NTLM to switch to a public and documented authentica‐
2484 tion method instead, such as Digest.
2485 If you want to enable NTLM for your proxy authentication, then
2487 use --proxy-ntlm.
2488 If this option is used several times, only the first one is
2490 used.
2491 Example:
2493 curl --ntlm -u user:password https://example.com
2494 See also --proxy-ntlm. --ntlm requires that the underlying
2496 libcurl was built to support TLS. This option overrides --basic
2497 and --negotiate and --digest and --anyauth.
2498 --oauth2-bearer <token>
2500 (IMAP LDAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH
2501 2.0 server authentication. The Bearer Token is used in conjunc‐
2502 tion with the user name which can be specified as part of the
2503 --url or --user options.
2504 The Bearer Token and user name are formatted according to RFC
2506 6750.
2507 If this option is used several times, the last one will be used.
2509 Example:
2511 curl --oauth2-bearer "mF_9.B5f-4.1JqM" https://example.com
2512 See also --basic, --ntlm and --digest. Added in 7.33.0.
2514 --output-dir <dir>
2516 This option specifies the directory in which files should be
2518 stored, when --remote-name or --output are used.
2519 The given output directory is used for all URLs and output op‐
2521 tions on the command line, up until the first -:, --next.
2522 If the specified target directory does not exist, the operation
2524 will fail unless --create-dirs is also used.
2525 If this option is used multiple times, the last specified direc‐
2527 tory will be used.
2528 Example:
2530 curl --output-dir "tmp" -O https://example.com
2531 See also -O, --remote-name and -J, --remote-header-name. Added
2533 in 7.73.0.
2534 -o, --output <file>
2536 Write output to <file> instead of stdout. If you are using {} or
2537 [] to fetch multiple documents, you should quote the URL and you
2538 can use '#' followed by a number in the <file> specifier. That
2539 variable will be replaced with the current string for the URL
2540 being fetched. Like in:
2541 curl "http://{one,two}.example.com" -o "file_#1.txt"
2543 or use several variables like:
2545 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2547 You may use this option as many times as the number of URLs you
2549 have. For example, if you specify two URLs on the same command
2550 line, you can use it like this:
2551 curl -o aa example.com -o bb example.net
2553 and the order of the -o options and the URLs does not matter,
2555 just that the first -o is for the first URL and so on, so the
2556 above command line can also be written as
2557 curl example.com example.net -o aa -o bb
2559 See also the --create-dirs option to create the local directo‐
2561 ries dynamically. Specifying the output as '-' (a single dash)
2562 will force the output to be done to stdout.
2563 To suppress response bodies, you can redirect output to
2565 /dev/null:
2566 curl example.com -o /dev/null
2568 Or for Windows use nul:
2570 curl example.com -o nul
2572 Examples:
2574 curl -o file https://example.com
2575 curl "http://{one,two}.example.com" -o "file_#1.txt"
2576 curl "http://{site,host}.host[1-5].com" -o "#1_#2"
2577 curl -o file https://example.com -o file2 https://example.net
2578 See also -O, --remote-name, --remote-name-all and -J, --remote-
2580 header-name.
2581 --parallel-immediate
2583 When doing parallel transfers, this option will instruct curl
2584 that it should rather prefer opening up more connections in par‐
2585 allel at once rather than waiting to see if new transfers can be
2586 added as multiplexed streams on another connection.
2587 This option is global and does not need to be specified for each
2589 use of -:, --next.
2590 Example:
2592 curl --parallel-immediate -Z https://example.com -o file1 https://example.com -o file2
2593 See also -Z, --parallel and --parallel-max. Added in 7.68.0.
2595 --parallel-max <num>
2597 When asked to do parallel transfers, using -Z, --parallel, this
2598 option controls the maximum amount of transfers to do simultane‐
2599 ously.
2600 This option is global and does not need to be specified for each
2602 use of -:, --next.
2603 The default is 50.
2605 Example:
2607 curl --parallel-max 100 -Z https://example.com ftp://example.com/
2608 See also -Z, --parallel. Added in 7.66.0.
2610 -Z, --parallel
2612 Makes curl perform its transfers in parallel as compared to the
2613 regular serial manner.
2614 This option is global and does not need to be specified for each
2616 use of -:, --next.
2617 Example:
2619 curl --parallel https://example.com -o file1 https://example.com -o file2
2620 See also -:, --next and -v, --verbose. Added in 7.66.0.
2622 --pass <phrase>
2624 (SSH TLS) Passphrase for the private key.
2625 If this option is used several times, the last one will be used.
2627 Example:
2629 curl --pass secret --key file https://example.com
2630 See also --key and -u, --user.
2632 --path-as-is
2634 Tell curl to not handle sequences of /../ or /./ in the given
2635 URL path. Normally curl will squash or merge them according to
2636 standards but with this option set you tell it not to do that.
2637 Example:
2639 curl --path-as-is https://example.com/../../etc/passwd
2640 See also --request-target. Added in 7.42.0.
2642 --pinnedpubkey <hashes>
2644 (TLS) Tells curl to use the specified public key file (or
2645 hashes) to verify the peer. This can be a path to a file which
2646 contains a single public key in PEM or DER format, or any number
2647 of base64 encoded sha256 hashes preceded by 'sha256//' and sepa‐
2648 rated by ';'.
2649 When negotiating a TLS or SSL connection, the server sends a
2651 certificate indicating its identity. A public key is extracted
2652 from this certificate and if it does not exactly match the pub‐
2653 lic key provided to this option, curl will abort the connection
2654 before sending or receiving any data.
2655 PEM/DER support:
2657 7.39.0: OpenSSL, GnuTLS and GSKit
2659 7.43.0: NSS and wolfSSL
2661 7.47.0: mbedtls
2663 sha256 support:
2665 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
2667 7.47.0: mbedtls
2669 Other SSL backends not supported.
2671 If this option is used several times, the last one will be used.
2673 Examples:
2675 curl --pinnedpubkey keyfile https://example.com
2676 curl --pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com
2677 See also --hostpubsha256. Added in 7.39.0.
2679 --post301
2681 (HTTP) Tells curl to respect RFC 7231/6.4.2 and not convert POST
2682 requests into GET requests when following a 301 redirection. The
2683 non-RFC behavior is ubiquitous in web browsers, so curl does the
2684 conversion by default to maintain consistency. However, a server
2685 may require a POST to remain a POST after such a redirection.
2686 This option is meaningful only when using -L, --location.
2687 Example:
2689 curl --post301 --location -d "data" https://example.com
2690 See also --post302, --post303 and -L, --location.
2692 --post302
2694 (HTTP) Tells curl to respect RFC 7231/6.4.3 and not convert POST
2695 requests into GET requests when following a 302 redirection. The
2696 non-RFC behavior is ubiquitous in web browsers, so curl does the
2697 conversion by default to maintain consistency. However, a server
2698 may require a POST to remain a POST after such a redirection.
2699 This option is meaningful only when using -L, --location.
2700 Example:
2702 curl --post302 --location -d "data" https://example.com
2703 See also --post301, --post303 and -L, --location.
2705 --post303
2707 (HTTP) Tells curl to violate RFC 7231/6.4.4 and not convert POST
2708 requests into GET requests when following 303 redirections. A
2709 server may require a POST to remain a POST after a 303 redirect‐
2710 ion. This option is meaningful only when using -L, --location.
2711 Example:
2713 curl --post303 --location -d "data" https://example.com
2714 See also --post302, --post301 and -L, --location.
2716 --preproxy [protocol://]host[:port]
2718 Use the specified SOCKS proxy before connecting to an HTTP or
2719 HTTPS -x, --proxy. In such a case curl first connects to the
2720 SOCKS proxy and then connects (through SOCKS) to the HTTP or
2721 HTTPS proxy. Hence pre proxy.
2722 The pre proxy string should be specified with a protocol:// pre‐
2724 fix to specify alternative proxy protocols. Use socks4://,
2725 socks4a://, socks5:// or socks5h:// to request the specific
2726 SOCKS version to be used. No protocol specified will make curl
2727 default to SOCKS4.
2728 If the port number is not specified in the proxy string, it is
2730 assumed to be 1080.
2731 User and password that might be provided in the proxy string are
2733 URL decoded by curl. This allows you to pass in special charac‐
2734 ters such as @ by using %40 or pass in a colon with %3a.
2735 If this option is used several times, the last one will be used.
2737 Example:
2739 curl --preproxy socks5://proxy.example -x http://http.example https://example.com
2740 See also -x, --proxy and --socks5. Added in 7.52.0.
2742 -#, --progress-bar
2744 Make curl display transfer progress as a simple progress bar in‐
2745 stead of the standard, more informational, meter.
2746 This progress bar draws a single line of '#' characters across
2748 the screen and shows a percentage if the transfer size is known.
2749 For transfers without a known size, there will be space ship
2750 (-=o=-) that moves back and forth but only while data is being
2751 transferred, with a set of flying hash sign symbols on top.
2752 This option is global and does not need to be specified for each
2754 use of -:, --next.
2755 Example:
2757 curl -# -O https://example.com
2758 See also --styled-output.
2760 --proto-default <protocol>
2762 Tells curl to use protocol for any URL missing a scheme name.
2763 An unknown or unsupported protocol causes error CURLE_UNSUP‐
2765 PORTED_PROTOCOL (1).
2766 This option does not change the default proxy protocol (http).
2768 Without this option set, curl guesses protocol based on the host
2770 name, see --url for details.
2771 Example:
2773 curl --proto-default https ftp.example.com
2774 See also --proto and --proto-redir. Added in 7.45.0.
2776 --proto-redir <protocols>
2778 Tells curl to limit what protocols it may use on redirect. Pro‐
2779 tocols denied by --proto are not overridden by this option. See
2780 --proto for how protocols are represented.
2781 Example, allow only HTTP and HTTPS on redirect:
2783 curl --proto-redir -all,http,https http://example.com
2785 By default curl will only allow HTTP, HTTPS, FTP and FTPS on re‐
2787 direct (since 7.65.2). Specifying all or +all enables all proto‐
2788 cols on redirects, which is not good for security.
2789 Example:
2791 curl --proto-redir =http,https https://example.com
2792 See also --proto.
2794 --proto <protocols>
2796 Tells curl to limit what protocols it may use for transfers.
2797 Protocols are evaluated left to right, are comma separated, and
2798 are each a protocol name or 'all', optionally prefixed by zero
2799 or more modifiers. Available modifiers are:
2800 + Permit this protocol in addition to protocols already permit‐
2802 ted (this is the default if no modifier is used).
2803 - Deny this protocol, removing it from the list of protocols
2805 already permitted.
2806 = Permit only this protocol (ignoring the list already permit‐
2808 ted), though subject to later modification by subsequent en‐
2809 tries in the comma separated list.
2810 For example:
2812 --proto -ftps uses the default protocols, but disables ftps
2814 --proto -all,https,+http
2816 only enables http and https
2817 --proto =http,https
2819 also only enables http and https
2820 Unknown protocols produce a warning. This allows scripts to
2822 safely rely on being able to disable potentially dangerous pro‐
2823 tocols, without relying upon support for that protocol being
2824 built into curl to avoid an error.
2825 This option can be used multiple times, in which case the effect
2827 is the same as concatenating the protocols into one instance of
2828 the option.
2829 Example:
2831 curl --proto =http,https,sftp https://example.com
2832 See also --proto-redir and --proto-default.
2834 --proxy-anyauth
2836 Tells curl to pick a suitable authentication method when commu‐
2837 nicating with the given HTTP proxy. This might cause an extra
2838 request/response round-trip.
2839 Example:
2841 curl --proxy-anyauth --proxy-user user:passwd -x proxy https://example.com
2842 See also -x, --proxy, --proxy-basic and --proxy-digest.
2844 --proxy-basic
2846 Tells curl to use HTTP Basic authentication when communicating
2847 with the given proxy. Use --basic for enabling HTTP Basic with a
2848 remote host. Basic is the default authentication method curl
2849 uses with proxies.
2850 Example:
2852 curl --proxy-basic --proxy-user user:passwd -x proxy https://example.com
2853 See also -x, --proxy, --proxy-anyauth and --proxy-digest.
2855 --proxy-cacert <file>
2857 Same as --cacert but used in HTTPS proxy context.
2858 Example:
2860 curl --proxy-cacert CA-file.txt -x https://proxy https://example.com
2861 See also --proxy-capath, --cacert, --capath and -x, --proxy.
2863 Added in 7.52.0.
2864 --proxy-capath <dir>
2866 Same as --capath but used in HTTPS proxy context.
2867 Example:
2869 curl --proxy-capath /local/directory -x https://proxy https://example.com
2870 See also --proxy-cacert, -x, --proxy and --capath. Added in
2872 7.52.0.
2873 --proxy-cert-type <type>
2875 Same as --cert-type but used in HTTPS proxy context.
2876 Example:
2878 curl --proxy-cert-type PEM --proxy-cert file -x https://proxy https://example.com
2879 See also --proxy-cert. Added in 7.52.0.
2881 --proxy-cert <cert[:passwd]>
2883 Same as --cert but used in HTTPS proxy context.
2884 Example:
2886 curl --proxy-cert file -x https://proxy https://example.com
2887 See also --proxy-cert-type. Added in 7.52.0.
2889 --proxy-ciphers <list>
2891 Same as --ciphers but used in HTTPS proxy context.
2892 Example:
2894 curl --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://proxy https://example.com
2895 See also --ciphers, --curves and -x, --proxy. Added in 7.52.0.
2897 --proxy-crlfile <file>
2899 Same as --crlfile but used in HTTPS proxy context.
2900 Example:
2902 curl --proxy-crlfile rejects.txt -x https://proxy https://example.com
2903 See also --crlfile and -x, --proxy. Added in 7.52.0.
2905 --proxy-digest
2907 Tells curl to use HTTP Digest authentication when communicating
2908 with the given proxy. Use --digest for enabling HTTP Digest with
2909 a remote host.
2910 Example:
2912 curl --proxy-digest --proxy-user user:passwd -x proxy https://example.com
2913 See also -x, --proxy, --proxy-anyauth and --proxy-basic.
2915 --proxy-header <header/@file>
2917 (HTTP) Extra header to include in the request when sending HTTP
2918 to a proxy. You may specify any number of extra headers. This is
2919 the equivalent option to --header but is for proxy communication
2920 only like in CONNECT requests when you want a separate header
2921 sent to the proxy to what is sent to the actual remote host.
2922 curl will make sure that each header you add/replace is sent
2924 with the proper end-of-line marker, you should thus not add that
2925 as a part of the header content: do not add newlines or carriage
2926 returns, they will only mess things up for you.
2927 Headers specified with this option will not be included in re‐
2929 quests that curl knows will not be sent to a proxy.
2930 Starting in 7.55.0, this option can take an argument in @file‐
2932 name style, which then adds a header for each line in the input
2933 file. Using @- will make curl read the header file from stdin.
2934 This option can be used multiple times to add/replace/remove
2936 multiple headers.
2937 Examples:
2939 curl --proxy-header "X-First-Name: Joe" -x http://proxy https://example.com
2940 curl --proxy-header "User-Agent: surprise" -x http://proxy https://example.com
2941 curl --proxy-header "Host:" -x http://proxy https://example.com
2942 See also -x, --proxy. Added in 7.37.0.
2944 --proxy-insecure
2946 Same as --insecure but used in HTTPS proxy context.
2947 Example:
2949 curl --proxy-insecure -x https://proxy https://example.com
2950 See also -x, --proxy and -k, --insecure. Added in 7.52.0.
2952 --proxy-key-type <type>
2954 Same as --key-type but used in HTTPS proxy context.
2955 Example:
2957 curl --proxy-key-type DER --proxy-key here -x https://proxy https://example.com
2958 See also --proxy-key and -x, --proxy. Added in 7.52.0.
2960 --proxy-key <key>
2962 Same as --key but used in HTTPS proxy context.
2963 Example:
2965 curl --proxy-key here -x https://proxy https://example.com
2966 See also --proxy-key-type and -x, --proxy. Added in 7.52.0.
2968 --proxy-negotiate
2970 Tells curl to use HTTP Negotiate (SPNEGO) authentication when
2971 communicating with the given proxy. Use --negotiate for enabling
2972 HTTP Negotiate (SPNEGO) with a remote host.
2973 Example:
2975 curl --proxy-negotiate --proxy-user user:passwd -x proxy https://example.com
2976 See also --proxy-anyauth and --proxy-basic.
2978 --proxy-ntlm
2980 Tells curl to use HTTP NTLM authentication when communicating
2981 with the given proxy. Use --ntlm for enabling NTLM with a remote
2982 host.
2983 Example:
2985 curl --proxy-ntlm --proxy-user user:passwd -x http://proxy https://example.com
2986 See also --proxy-negotiate and --proxy-anyauth.
2988 --proxy-pass <phrase>
2990 Same as --pass but used in HTTPS proxy context.
2991 Example:
2993 curl --proxy-pass secret --proxy-key here -x https://proxy https://example.com
2994 See also -x, --proxy and --proxy-key. Added in 7.52.0.
2996 --proxy-pinnedpubkey <hashes>
2998 (TLS) Tells curl to use the specified public key file (or
2999 hashes) to verify the proxy. This can be a path to a file which
3000 contains a single public key in PEM or DER format, or any number
3001 of base64 encoded sha256 hashes preceded by 'sha256//' and sepa‐
3002 rated by ';'.
3003 When negotiating a TLS or SSL connection, the server sends a
3005 certificate indicating its identity. A public key is extracted
3006 from this certificate and if it does not exactly match the pub‐
3007 lic key provided to this option, curl will abort the connection
3008 before sending or receiving any data.
3009 If this option is used several times, the last one will be used.
3011 Examples:
3013 curl --proxy-pinnedpubkey keyfile https://example.com
3014 curl --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' https://example.com
3015 See also --pinnedpubkey and -x, --proxy. Added in 7.59.0.
3017 --proxy-service-name <name>
3019 This option allows you to change the service name for proxy ne‐
3020 gotiation.
3021 Example:
3023 curl --proxy-service-name "shrubbery" -x proxy https://example.com
3024 See also --service-name and -x, --proxy. Added in 7.43.0.
3026 --proxy-ssl-allow-beast
3028 Same as --ssl-allow-beast but used in HTTPS proxy context.
3029 Example:
3031 curl --proxy-ssl-allow-beast -x https://proxy https://example.com
3032 See also --ssl-allow-beast and -x, --proxy. Added in 7.52.0.
3034 --proxy-ssl-auto-client-cert
3036 Same as --ssl-auto-client-cert but used in HTTPS proxy context.
3037 Example:
3039 curl --proxy-ssl-auto-client-cert -x https://proxy https://example.com
3040 See also --ssl-auto-client-cert and -x, --proxy. Added in
3042 7.77.0.
3043 --proxy-tls13-ciphers <ciphersuite list>
3045 (TLS) Specifies which cipher suites to use in the connection to
3046 your HTTPS proxy when it negotiates TLS 1.3. The list of ciphers
3047 suites must specify valid ciphers. Read up on TLS 1.3 cipher
3048 suite details on this URL:
3049 https://curl.se/docs/ssl-ciphers.html
3051 This option is currently used only when curl is built to use
3053 OpenSSL 1.1.1 or later. If you are using a different SSL backend
3054 you can try setting TLS 1.3 cipher suites by using the --proxy-
3055 ciphers option.
3056 If this option is used several times, the last one will be used.
3058 Example:
3060 curl --proxy-tls13-ciphers TLS_AES_128_GCM_SHA256 -x proxy https://example.com
3061 See also --tls13-ciphers and --curves. Added in 7.61.0.
3063 --proxy-tlsauthtype <type>
3065 Same as --tlsauthtype but used in HTTPS proxy context.
3066 Example:
3068 curl --proxy-tlsauthtype SRP -x https://proxy https://example.com
3069 See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.
3071 --proxy-tlspassword <string>
3073 Same as --tlspassword but used in HTTPS proxy context.
3074 Example:
3076 curl --proxy-tlspassword passwd -x https://proxy https://example.com
3077 See also -x, --proxy and --proxy-tlsuser. Added in 7.52.0.
3079 --proxy-tlsuser <name>
3081 Same as --tlsuser but used in HTTPS proxy context.
3082 Example:
3084 curl --proxy-tlsuser smith -x https://proxy https://example.com
3085 See also -x, --proxy and --proxy-tlspassword. Added in 7.52.0.
3087 --proxy-tlsv1
3089 Same as --tlsv1 but used in HTTPS proxy context.
3090 Example:
3092 curl --proxy-tlsv1 -x https://proxy https://example.com
3093 See also -x, --proxy. Added in 7.52.0.
3095 -U, --proxy-user <user:password>
3097 Specify the user name and password to use for proxy authentica‐
3098 tion.
3099 If you use a Windows SSPI-enabled curl binary and do either Ne‐
3101 gotiate or NTLM authentication then you can tell curl to select
3102 the user name and password from your environment by specifying a
3103 single colon with this option: "-U :".
3104 On systems where it works, curl will hide the given option argu‐
3106 ment from process listings. This is not enough to protect cre‐
3107 dentials from possibly getting seen by other users on the same
3108 system as they will still be visible for a moment before
3109 cleared. Such sensitive data should be retrieved from a file in‐
3110 stead or similar and never used in clear text in a command line.
3111 If this option is used several times, the last one will be used.
3113 Example:
3115 curl --proxy-user name:pwd -x proxy https://example.com
3116 See also --proxy-pass.
3118 -x, --proxy [protocol://]host[:port]
3120 Use the specified proxy.
3121 The proxy string can be specified with a protocol:// prefix. No
3123 protocol specified or http:// will be treated as HTTP proxy. Use
3124 socks4://, socks4a://, socks5:// or socks5h:// to request a spe‐
3125 cific SOCKS version to be used.
3126 HTTPS proxy support via https:// protocol prefix was added in
3129 7.52.0 for OpenSSL, GnuTLS and NSS.
3130 Unrecognized and unsupported proxy protocols cause an error
3132 since 7.52.0. Prior versions may ignore the protocol and use
3133 http:// instead.
3134 If the port number is not specified in the proxy string, it is
3136 assumed to be 1080.
3137 This option overrides existing environment variables that set
3139 the proxy to use. If there's an environment variable setting a
3140 proxy, you can set proxy to "" to override it.
3141 All operations that are performed over an HTTP proxy will trans‐
3143 parently be converted to HTTP. It means that certain protocol
3144 specific operations might not be available. This is not the case
3145 if you can tunnel through the proxy, as one with the --proxytun‐
3146 nel option.
3147 User and password that might be provided in the proxy string are
3149 URL decoded by curl. This allows you to pass in special charac‐
3150 ters such as @ by using %40 or pass in a colon with %3a.
3151 The proxy host can be specified the same way as the proxy envi‐
3153 ronment variables, including the protocol prefix (http://) and
3154 the embedded user + password.
3155 If this option is used several times, the last one will be used.
3157 Example:
3159 curl --proxy http://proxy.example https://example.com
3160 See also --socks5 and --proxy-basic.
3162 --proxy1.0 <host[:port]>
3164 Use the specified HTTP 1.0 proxy. If the port number is not
3165 specified, it is assumed at port 1080.
3166 The only difference between this and the HTTP proxy option -x,
3168 --proxy, is that attempts to use CONNECT through the proxy will
3169 specify an HTTP 1.0 protocol instead of the default HTTP 1.1.
3170 Example:
3172 curl --proxy1.0 -x http://proxy https://example.com
3173 See also -x, --proxy, --socks5 and --preproxy.
3175 -p, --proxytunnel
3177 When an HTTP proxy is used -x, --proxy, this option will make
3178 curl tunnel through the proxy. The tunnel approach is made with
3179 the HTTP proxy CONNECT request and requires that the proxy al‐
3180 lows direct connect to the remote port number curl wants to tun‐
3181 nel through to.
3182 To suppress proxy CONNECT response headers when curl is set to
3184 output headers use --suppress-connect-headers.
3185 Example:
3187 curl --proxytunnel -x http://proxy https://example.com
3188 See also -x, --proxy.
3190 --pubkey <key>
3192 (SFTP SCP) Public key file name. Allows you to provide your pub‐
3193 lic key in this separate file.
3194 If this option is used several times, the last one will be used.
3196 (As of 7.39.0, curl attempts to automatically extract the public
3198 key from the private key file, so passing this option is gener‐
3199 ally not required. Note that this public key extraction requires
3200 libcurl to be linked against a copy of libssh2 1.2.8 or higher
3201 that is itself linked against OpenSSL.)
3202 Example:
3204 curl --pubkey file.pub sftp://example.com/
3205 See also --pass.
3207 -Q, --quote <command>
3209 (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP
3210 server. Quote commands are sent BEFORE the transfer takes place
3211 (just after the initial PWD command in an FTP transfer, to be
3212 exact). To make commands take place after a successful transfer,
3213 prefix them with a dash '-'. To make commands be sent after curl
3214 has changed the working directory, just before the transfer com‐
3215 mand(s), prefix the command with a '+' (this is only supported
3216 for FTP). You may specify any number of commands.
3217 By default curl will stop at first failure. To make curl con‐
3219 tinue even if the command fails, prefix the command with an as‐
3220 terisk (*). Otherwise, if the server returns failure for one of
3221 the commands, the entire operation will be aborted.
3222 You must send syntactically correct FTP commands as RFC 959 de‐
3224 fines to FTP servers, or one of the commands listed below to
3225 SFTP servers.
3226 This option can be used multiple times.
3228 SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP
3230 quote commands itself before sending them to the server. File
3231 names may be quoted shell-style to embed spaces or special char‐
3232 acters. Following is the list of all supported SFTP quote com‐
3233 mands:
3234 atime date file
3236 The atime command sets the last access time of the file
3237 named by the file operand. The <date expression> can be
3238 all sorts of date strings, see the curl_getdate(3) man
3239 page for date expression details. (Added in 7.73.0)
3240 chgrp group file
3242 The chgrp command sets the group ID of the file named by
3243 the file operand to the group ID specified by the group
3244 operand. The group operand is a decimal integer group ID.
3245 chmod mode file
3247 The chmod command modifies the file mode bits of the
3248 specified file. The mode operand is an octal integer mode
3249 number.
3250 chown user file
3252 The chown command sets the owner of the file named by the
3253 file operand to the user ID specified by the user oper‐
3254 and. The user operand is a decimal integer user ID.
3255 ln source_file target_file
3257 The ln and symlink commands create a symbolic link at the
3258 target_file location pointing to the source_file loca‐
3259 tion.
3260 mkdir directory_name
3262 The mkdir command creates the directory named by the di‐
3263 rectory_name operand.
3264 mtime date file
3266 The mtime command sets the last modification time of the
3267 file named by the file operand. The <date expression> can
3268 be all sorts of date strings, see the curl_getdate(3) man
3269 page for date expression details. (Added in 7.73.0)
3270 pwd The pwd command returns the absolute pathname of the cur‐
3272 rent working directory.
3273 rename source target
3275 The rename command renames the file or directory named by
3276 the source operand to the destination path named by the
3277 target operand.
3278 rm file
3280 The rm command removes the file specified by the file op‐
3281 erand.
3282 rmdir directory
3284 The rmdir command removes the directory entry specified
3285 by the directory operand, provided it is empty.
3286 symlink source_file target_file
3288 See ln.
3289 Example:
3291 curl --quote "DELE file" ftp://example.com/foo
3292 See also -X, --request.
3294 --random-file <file>
3296 Specify the path name to file containing what will be considered
3297 as random data. The data may be used to seed the random engine
3298 for SSL connections. See also the --egd-file option.
3299 Example:
3301 curl --random-file rubbish https://example.com
3302 See also --egd-file.
3304 -r, --range <range>
3306 (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu‐
3307 ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.
3308 Ranges can be specified in a number of ways.
3309 0-499 specifies the first 500 bytes
3311 500-999 specifies the second 500 bytes
3313 -500 specifies the last 500 bytes
3315 9500- specifies the bytes from offset 9500 and forward
3317 0-0,-1 specifies the first and last byte only(*)(HTTP)
3319 100-199,500-599
3321 specifies two separate 100-byte ranges(*) (HTTP)
3322 (*) = NOTE that this will cause the server to reply with a mul‐
3324 tipart response, which will be returned as-is by curl! Parsing
3325 or otherwise transforming this response is the responsibility of
3326 the caller.
3327 Only digit characters (0-9) are valid in the 'start' and 'stop'
3329 fields of the 'start-stop' range syntax. If a non-digit charac‐
3330 ter is given in the range, the server's response will be unspec‐
3331 ified, depending on the server's configuration.
3332 You should also be aware that many HTTP/1.1 servers do not have
3334 this feature enabled, so that when you attempt to get a range,
3335 you will instead get the whole document.
3336 FTP and SFTP range downloads only support the simple 'start-
3338 stop' syntax (optionally with one of the numbers omitted). FTP
3339 use depends on the extended FTP command SIZE.
3340 If this option is used several times, the last one will be used.
3342 Example:
3344 curl --range 22-44 https://example.com
3345 See also -C, --continue-at and -a, --append.
3347 --raw (HTTP) When used, it disables all internal HTTP decoding of con‐
3349 tent or transfer encodings and instead makes them passed on un‐
3350 altered, raw.
3351 Example:
3353 curl --raw https://example.com
3354 See also --tr-encoding.
3356 -e, --referer <URL>
3358 (HTTP) Sends the "Referrer Page" information to the HTTP server.
3359 This can also be set with the --header flag of course. When used
3360 with --location you can append ";auto" to the --referer URL to
3361 make curl automatically set the previous URL when it follows a
3362 Location: header. The ";auto" string can be used alone, even if
3363 you do not set an initial -e, --referer.
3364 If this option is used several times, the last one will be used.
3366 Examples:
3368 curl --referer "https://fake.example" https://example.com
3369 curl --referer "https://fake.example;auto" -L https://example.com
3370 curl --referer ";auto" -L https://example.com
3371 See also -A, --user-agent and -H, --header.
3373 -J, --remote-header-name
3375 (HTTP) This option tells the --remote-name option to use the
3376 server-specified Content-Disposition filename instead of ex‐
3377 tracting a filename from the URL. If the server-provided file
3378 name contains a path, that will be stripped off before the file
3379 name is used.
3380 The file is saved in the current directory, or in the directory
3382 specified with --output-dir.
3383 If the server specifies a file name and a file with that name
3385 already exists in the destination directory, it will not be
3386 overwritten and an error will occur. If the server does not
3387 specify a file name then this option has no effect.
3388 There's no attempt to decode %-sequences (yet) in the provided
3390 file name, so this option may provide you with rather unexpected
3391 file names.
3392 WARNING: Exercise judicious use of this option, especially on
3394 Windows. A rogue server could send you the name of a DLL or
3395 other file that could be loaded automatically by Windows or some
3396 third party software.
3397 Example:
3399 curl -OJ https://example.com/file
3400 See also -O, --remote-name.
3402 --remote-name-all
3404 This option changes the default action for all given URLs to be
3405 dealt with as if --remote-name were used for each one. So if you
3406 want to disable that for a specific URL after --remote-name-all
3407 has been used, you must use "-o -" or --no-remote-name.
3408 Example:
3410 curl --remote-name-all ftp://example.com/file1 ftp://example.com/file2
3411 See also -O, --remote-name.
3413 -O, --remote-name
3415 Write output to a local file named like the remote file we get.
3416 (Only the file part of the remote file is used, the path is cut
3417 off.)
3418 The file will be saved in the current working directory. If you
3420 want the file saved in a different directory, make sure you
3421 change the current working directory before invoking curl with
3422 this option.
3423 The remote file name to use for saving is extracted from the
3425 given URL, nothing else, and if it already exists it will be
3426 overwritten. If you want the server to be able to choose the
3427 file name refer to --remote-header-name which can be used in ad‐
3428 dition to this option. If the server chooses a file name and
3429 that name already exists it will not be overwritten.
3430 There is no URL decoding done on the file name. If it has %20 or
3432 other URL encoded parts of the name, they will end up as-is as
3433 file name.
3434 You may use this option as many times as the number of URLs you
3436 have.
3437 Example:
3439 curl -O https://example.com/filename
3440 See also --remote-name-all.
3442 -R, --remote-time
3444 When used, this will make curl attempt to figure out the time‐
3445 stamp of the remote file, and if that is available make the lo‐
3446 cal file get that same timestamp.
3447 Example:
3449 curl --remote-time -o foo https://example.com
3450 See also -O, --remote-name and -z, --time-cond.
3452 --request-target <path>
3454 (HTTP) Tells curl to use an alternative "target" (path) instead
3455 of using the path as provided in the URL. Particularly useful
3456 when wanting to issue HTTP requests without leading slash or
3457 other data that does not follow the regular URL pattern, like
3458 "OPTIONS *".
3459 Example:
3461 curl --request-target "*" -X OPTIONS https://example.com
3462 See also -X, --request. Added in 7.55.0.
3464 -X, --request <method>
3466 (HTTP) Specifies a custom request method to use when communicat‐
3467 ing with the HTTP server. The specified request method will be
3468 used instead of the method otherwise used (which defaults to
3469 GET). Read the HTTP 1.1 specification for details and explana‐
3470 tions. Common additional HTTP requests include PUT and DELETE,
3471 but related technologies like WebDAV offers PROPFIND, COPY, MOVE
3472 and more.
3473 Normally you do not need this option. All sorts of GET, HEAD,
3475 POST and PUT requests are rather invoked by using dedicated com‐
3476 mand line options.
3477 This option only changes the actual word used in the HTTP re‐
3479 quest, it does not alter the way curl behaves. So for example if
3480 you want to make a proper HEAD request, using -X HEAD will not
3481 suffice. You need to use the --head option.
3482 The method string you set with --request will be used for all
3484 requests, which if you for example use --location may cause un‐
3485 intended side-effects when curl does not change request method
3486 according to the HTTP 30x response codes - and similar.
3487 (FTP) Specifies a custom FTP command to use instead of LIST when
3489 doing file lists with FTP.
3490 (POP3) Specifies a custom POP3 command to use instead of LIST or
3492 RETR.
3493 (IMAP) Specifies a custom IMAP command to use instead of LIST.
3496 (Added in 7.30.0)
3497 (SMTP) Specifies a custom SMTP command to use instead of HELP or
3499 VRFY. (Added in 7.34.0)
3500 If this option is used several times, the last one will be used.
3502 Examples:
3504 curl -X "DELETE" https://example.com
3505 curl -X NLST ftp://example.com/
3506 See also --request-target.
3508 --resolve <[+]host:port:addr[,addr]...>
3510 Provide a custom address for a specific host and port pair. Us‐
3511 ing this, you can make the curl requests(s) use a specified ad‐
3512 dress and prevent the otherwise normally resolved address to be
3513 used. Consider it a sort of /etc/hosts alternative provided on
3514 the command line. The port number should be the number used for
3515 the specific protocol the host will be used for. It means you
3516 need several entries if you want to provide address for the same
3517 host but different ports.
3518 By specifying '*' as host you can tell curl to resolve any host
3520 and specific port pair to the specified address. Wildcard is re‐
3521 solved last so any --resolve with a specific host and port will
3522 be used first.
3523 The provided address set by this option will be used even if
3525 --ipv4 or --ipv6 is set to make curl use another IP version.
3526 By prefixing the host with a '+' you can make the entry time out
3528 after curl's default timeout (1 minute). Note that this will
3529 only make sense for long running parallel transfers with a lot
3530 of files. In such cases, if this option is used curl will try to
3531 resolve the host as it normally would once the timeout has ex‐
3532 pired.
3533 Support for providing the IP address within [brackets] was added
3535 in 7.57.0.
3536 Support for providing multiple IP addresses per entry was added
3538 in 7.59.0.
3539 Support for resolving with wildcard was added in 7.64.0.
3541 Support for the '+' prefix was was added in 7.75.0.
3543 This option can be used many times to add many host names to re‐
3545 solve.
3546 Example:
3548 curl --resolve example.com:443:127.0.0.1 https://example.com
3549 See also --connect-to and --alt-svc.
3551 --retry-all-errors
3553 Retry on any error. This option is used together with --retry.
3554 This option is the "sledgehammer" of retrying. Do not use this
3556 option by default (eg in curlrc), there may be unintended conse‐
3557 quences such as sending or receiving duplicate data. Do not use
3558 with redirected input or output. You'd be much better off han‐
3559 dling your unique problems in shell script. Please read the ex‐
3560 ample below.
3561 WARNING: For server compatibility curl attempts to retry failed
3563 flaky transfers as close as possible to how they were started,
3564 but this is not possible with redirected input or output. For
3565 example, before retrying it removes output data from a failed
3566 partial transfer that was written to an output file. However
3567 this is not true of data redirected to a | pipe or > file, which
3568 are not reset. We strongly suggest you do not parse or record
3569 output via redirect in combination with this option, since you
3570 may receive duplicate data.
3571 By default curl will not error on an HTTP response code that in‐
3573 dicates an HTTP error, if the transfer was successful. For exam‐
3574 ple, if a server replies 404 Not Found and the reply is fully
3575 received then that is not an error. When --retry is used then
3576 curl will retry on some HTTP response codes that indicate tran‐
3577 sient HTTP errors, but that does not include most 4xx response
3578 codes such as 404. If you want to retry on all response codes
3579 that indicate HTTP errors (4xx and 5xx) then combine with -f,
3580 --fail.
3581 Example:
3583 curl --retry 5 --retry-all-errors https://example.com
3584 See also --retry. Added in 7.71.0.
3586 --retry-connrefused
3588 In addition to the other conditions, consider ECONNREFUSED as a
3589 transient error too for --retry. This option is used together
3590 with --retry.
3591 Example:
3593 curl --retry-connrefused --retry https://example.com
3594 See also --retry and --retry-all-errors. Added in 7.52.0.
3596 --retry-delay <seconds>
3598 Make curl sleep this amount of time before each retry when a
3599 transfer has failed with a transient error (it changes the de‐
3600 fault backoff time algorithm between retries). This option is
3601 only interesting if --retry is also used. Setting this delay to
3602 zero will make curl use the default backoff time.
3603 If this option is used several times, the last one will be used.
3605 Example:
3607 curl --retry-delay 5 --retry https://example.com
3608 See also --retry.
3610 --retry-max-time <seconds>
3612 The retry timer is reset before the first transfer attempt. Re‐
3613 tries will be done as usual (see --retry) as long as the timer
3614 has not reached this given limit. Notice that if the timer has
3615 not reached the limit, the request will be made and while per‐
3616 forming, it may take longer than this given time period. To
3617 limit a single request's maximum time, use -m, --max-time. Set
3618 this option to zero to not timeout retries.
3619 If this option is used several times, the last one will be used.
3621 Example:
3623 curl --retry-max-time 30 --retry 10 https://example.com
3624 See also --retry.
3626 --retry <num>
3628 If a transient error is returned when curl tries to perform a
3629 transfer, it will retry this number of times before giving up.
3630 Setting the number to 0 makes curl do no retries (which is the
3631 default). Transient error means either: a timeout, an FTP 4xx
3632 response code or an HTTP 408, 429, 500, 502, 503 or 504 response
3633 code.
3634 When curl is about to retry a transfer, it will first wait one
3636 second and then for all forthcoming retries it will double the
3637 waiting time until it reaches 10 minutes which then will be the
3638 delay between the rest of the retries. By using --retry-delay
3639 you disable this exponential backoff algorithm. See also
3640 --retry-max-time to limit the total time allowed for retries.
3641 Since curl 7.66.0, curl will comply with the Retry-After: re‐
3643 sponse header if one was present to know when to issue the next
3644 retry.
3645 If this option is used several times, the last one will be used.
3647 Example:
3649 curl --retry 7 https://example.com
3650 See also --retry-max-time.
3652 --sasl-authzid <identity>
3654 Use this authorisation identity (authzid), during SASL PLAIN au‐
3655 thentication, in addition to the authentication identity (auth‐
3656 cid) as specified by -u, --user.
3657 If the option is not specified, the server will derive the au‐
3659 thzid from the authcid, but if specified, and depending on the
3660 server implementation, it may be used to access another user's
3661 inbox, that the user has been granted access to, or a shared
3662 mailbox for example.
3663 Example:
3665 curl --sasl-authzid zid imap://example.com/
3666 See also --login-options. Added in 7.66.0.
3668 --sasl-ir
3670 Enable initial response in SASL authentication.
3671 Example:
3673 curl --sasl-ir imap://example.com/
3674 See also --sasl-authzid. Added in 7.31.0.
3676 --service-name <name>
3678 This option allows you to change the service name for SPNEGO.
3679 Examples: --negotiate --service-name sockd would use
3681 sockd/server-name.
3682 Example:
3684 curl --service-name sockd/server https://example.com
3685 See also --negotiate and --proxy-service-name. Added in 7.43.0.
3687 -S, --show-error
3689 When used with -s, --silent, it makes curl show an error message
3690 if it fails.
3691 This option is global and does not need to be specified for each
3693 use of -:, --next.
3694 Example:
3696 curl --show-error --silent https://example.com
3697 See also --no-progress-meter.
3699 -s, --silent
3701 Silent or quiet mode. Do not show progress meter or error mes‐
3702 sages. Makes Curl mute. It will still output the data you ask
3703 for, potentially even to the terminal/stdout unless you redirect
3704 it.
3705 Use --show-error in addition to this option to disable progress
3707 meter but still show error messages.
3708 Example:
3710 curl -s https://example.com
3711 See also -v, --verbose, --stderr and --no-progress-meter.
3713 --socks4 <host[:port]>
3715 Use the specified SOCKS4 proxy. If the port number is not speci‐
3716 fied, it is assumed at port 1080. Using this socket type make
3717 curl resolve the host name and passing the address on to the
3718 proxy.
3719 This option overrides any previous use of -x, --proxy, as they
3721 are mutually exclusive.
3722 This option is superfluous since you can specify a socks4 proxy
3724 with --proxy using a socks4:// protocol prefix.
3725 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3727 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3728 a case curl first connects to the SOCKS proxy and then connects
3729 (through SOCKS) to the HTTP or HTTPS proxy.
3730 If this option is used several times, the last one will be used.
3732 Example:
3734 curl --socks4 hostname:4096 https://example.com
3735 See also --socks4a, --socks5 and --socks5-hostname.
3737 --socks4a <host[:port]>
3739 Use the specified SOCKS4a proxy. If the port number is not spec‐
3740 ified, it is assumed at port 1080. This asks the proxy to re‐
3741 solve the host name.
3742 This option overrides any previous use of -x, --proxy, as they
3744 are mutually exclusive.
3745 This option is superfluous since you can specify a socks4a proxy
3747 with --proxy using a socks4a:// protocol prefix.
3748 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3750 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3751 a case curl first connects to the SOCKS proxy and then connects
3752 (through SOCKS) to the HTTP or HTTPS proxy.
3753 If this option is used several times, the last one will be used.
3755 Example:
3757 curl --socks4a hostname:4096 https://example.com
3758 See also --socks4, --socks5 and --socks5-hostname.
3760 --socks5-basic
3762 Tells curl to use username/password authentication when connect‐
3763 ing to a SOCKS5 proxy. The username/password authentication is
3764 enabled by default. Use --socks5-gssapi to force GSS-API au‐
3765 thentication to SOCKS5 proxies.
3766 Example:
3768 curl --socks5-basic --socks5 hostname:4096 https://example.com
3769 See also --socks5. Added in 7.55.0.
3771 --socks5-gssapi-nec
3773 As part of the GSS-API negotiation a protection mode is negoti‐
3774 ated. RFC 1961 says in section 4.3/4.4 it should be protected,
3775 but the NEC reference implementation does not. The option
3776 --socks5-gssapi-nec allows the unprotected exchange of the pro‐
3777 tection mode negotiation.
3778 Example:
3780 curl --socks5-gssapi-nec --socks5 hostname:4096 https://example.com
3781 See also --socks5.
3783 --socks5-gssapi-service <name>
3785 The default service name for a socks server is rcmd/server-fqdn.
3786 This option allows you to change it.
3787 Examples: --socks5 proxy-name --socks5-gssapi-service sockd
3789 would use sockd/proxy-name --socks5 proxy-name --socks5-gssapi-
3790 service sockd/real-name would use sockd/real-name for cases
3791 where the proxy-name does not match the principal name.
3792 Example:
3794 curl --socks5-gssapi-service sockd --socks5 hostname:4096 https://example.com
3795 See also --socks5.
3797 --socks5-gssapi
3799 Tells curl to use GSS-API authentication when connecting to a
3800 SOCKS5 proxy. The GSS-API authentication is enabled by default
3801 (if curl is compiled with GSS-API support). Use --socks5-basic
3802 to force username/password authentication to SOCKS5 proxies.
3803 Example:
3805 curl --socks5-gssapi --socks5 hostname:4096 https://example.com
3806 See also --socks5. Added in 7.55.0.
3808 --socks5-hostname <host[:port]>
3810 Use the specified SOCKS5 proxy (and let the proxy resolve the
3811 host name). If the port number is not specified, it is assumed
3812 at port 1080.
3813 This option overrides any previous use of -x, --proxy, as they
3815 are mutually exclusive.
3816 This option is superfluous since you can specify a socks5 host‐
3818 name proxy with --proxy using a socks5h:// protocol prefix.
3819 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3821 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3822 a case curl first connects to the SOCKS proxy and then connects
3823 (through SOCKS) to the HTTP or HTTPS proxy.
3824 If this option is used several times, the last one will be used.
3826 Example:
3828 curl --socks5-hostname proxy.example:7000 https://example.com
3829 See also --socks5 and --socks4a.
3831 --socks5 <host[:port]>
3833 Use the specified SOCKS5 proxy - but resolve the host name lo‐
3834 cally. If the port number is not specified, it is assumed at
3835 port 1080.
3836 This option overrides any previous use of -x, --proxy, as they
3838 are mutually exclusive.
3839 This option is superfluous since you can specify a socks5 proxy
3841 with --proxy using a socks5:// protocol prefix.
3842 Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at
3844 the same time --proxy is used with an HTTP/HTTPS proxy. In such
3845 a case curl first connects to the SOCKS proxy and then connects
3846 (through SOCKS) to the HTTP or HTTPS proxy.
3847 If this option is used several times, the last one will be used.
3849 This option (as well as --socks4) does not work with IPV6, FTPS
3851 or LDAP.
3852 Example:
3854 curl --socks5 proxy.example:7000 https://example.com
3855 See also --socks5-hostname and --socks4a.
3857 -Y, --speed-limit <speed>
3859 If a download is slower than this given speed (in bytes per sec‐
3860 ond) for speed-time seconds it gets aborted. speed-time is set
3861 with --speed-time and is 30 if not set.
3862 If this option is used several times, the last one will be used.
3864 Example:
3866 curl --speed-limit 300 --speed-time 10 https://example.com
3867 See also -y, --speed-time, --limit-rate and -m, --max-time.
3869 -y, --speed-time <seconds>
3871 If a download is slower than speed-limit bytes per second during
3872 a speed-time period, the download gets aborted. If speed-time is
3873 used, the default speed-limit will be 1 unless set with -Y,
3874 --speed-limit.
3875 This option controls transfers and thus will not affect slow
3877 connects etc. If this is a concern for you, try the --connect-
3878 timeout option.
3879 If this option is used several times, the last one will be used.
3881 Example:
3883 curl --speed-limit 300 --speed-time 10 https://example.com
3884 See also -Y, --speed-limit and --limit-rate.
3886 --ssl-allow-beast
3888 This option tells curl to not work around a security flaw in the
3889 SSL3 and TLS1.0 protocols known as BEAST. If this option is not
3890 used, the SSL layer may use workarounds known to cause interop‐
3891 erability problems with some older SSL implementations.
3892 WARNING: this option loosens the SSL security, and by using this
3894 flag you ask for exactly that.
3895 Example:
3897 curl --ssl-allow-beast https://example.com
3898 See also --proxy-ssl-allow-beast and -k, --insecure.
3900 --ssl-auto-client-cert
3902 Tell libcurl to automatically locate and use a client certifi‐
3903 cate for authentication, when requested by the server. This op‐
3904 tion is only supported for Schannel (the native Windows SSL li‐
3905 brary). Prior to 7.77.0 this was the default behavior in libcurl
3906 with Schannel. Since the server can request any certificate that
3907 supports client authentication in the OS certificate store it
3908 could be a privacy violation and unexpected.
3909 Example:
3911 curl --ssl-auto-client-cert https://example.com
3912 See also --proxy-ssl-auto-client-cert. Added in 7.77.0.
3914 --ssl-no-revoke
3916 (Schannel) This option tells curl to disable certificate revoca‐
3917 tion checks. WARNING: this option loosens the SSL security, and
3918 by using this flag you ask for exactly that.
3919 Example:
3921 curl --ssl-no-revoke https://example.com
3922 See also --crlfile. Added in 7.44.0.
3924 --ssl-reqd
3926 (FTP IMAP POP3 SMTP LDAP) Require SSL/TLS for the connection.
3927 Terminates the connection if the server does not support
3928 SSL/TLS.
3929 This option is handled in LDAP since version 7.81.0. It is fully
3931 supported by the openldap backend and rejected by the generic
3932 ldap backend if explicit TLS is required.
3933 This option was formerly known as --ftp-ssl-reqd.
3935 Example:
3937 curl --ssl-reqd ftp://example.com
3938 See also --ssl and -k, --insecure.
3940 --ssl-revoke-best-effort
3942 (Schannel) This option tells curl to ignore certificate revoca‐
3943 tion checks when they failed due to missing/offline distribution
3944 points for the revocation check lists.
3945 Example:
3947 curl --ssl-revoke-best-effort https://example.com
3948 See also --crlfile and -k, --insecure. Added in 7.70.0.
3950 --ssl (FTP IMAP POP3 SMTP LDAP) Try to use SSL/TLS for the connection.
3952 Reverts to a non-secure connection if the server does not sup‐
3953 port SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for dif‐
3954 ferent levels of encryption required.
3955 This option is handled in LDAP since version 7.81.0. It is fully
3957 supported by the openldap backend and ignored by the generic
3958 ldap backend.
3959 Please note that a server may close the connection if the nego‐
3961 tiation does not succeed.
3962 This option was formerly known as --ftp-ssl. That option name
3964 can still be used but will be removed in a future version.
3965 Example:
3967 curl --ssl pop3://example.com/
3968 See also -k, --insecure and --ciphers.
3970 -2, --sslv2
3972 (SSL) This option previously asked curl to use SSLv2, but start‐
3973 ing in curl 7.77.0 this instruction is ignored. SSLv2 is widely
3974 considered insecure (see RFC 6176).
3975 Example:
3977 curl --sslv2 https://example.com
3978 See also --http1.1 and --http2. -2, --sslv2 requires that the
3980 underlying libcurl was built to support TLS. This option over‐
3981 rides -3, --sslv3 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3982 -3, --sslv3
3984 (SSL) This option previously asked curl to use SSLv3, but start‐
3985 ing in curl 7.77.0 this instruction is ignored. SSLv3 is widely
3986 considered insecure (see RFC 7568).
3987 Example:
3989 curl --sslv3 https://example.com
3990 See also --http1.1 and --http2. -3, --sslv3 requires that the
3992 underlying libcurl was built to support TLS. This option over‐
3993 rides -2, --sslv2 and -1, --tlsv1 and --tlsv1.1 and --tlsv1.2.
3994 --stderr <file>
3996 Redirect all writes to stderr to the specified file instead. If
3997 the file name is a plain '-', it is instead written to stdout.
3998 This option is global and does not need to be specified for each
4000 use of -:, --next.
4001 If this option is used several times, the last one will be used.
4003 Example:
4005 curl --stderr output.txt https://example.com
4006 See also -v, --verbose and -s, --silent.
4008 --styled-output
4010 Enables the automatic use of bold font styles when writing HTTP
4011 headers to the terminal. Use --no-styled-output to switch them
4012 off.
4013 This option is global and does not need to be specified for each
4015 use of -:, --next.
4016 Example:
4018 curl --styled-output -I https://example.com
4019 See also -I, --head and -v, --verbose. Added in 7.61.0.
4021 --suppress-connect-headers
4023 When --proxytunnel is used and a CONNECT request is made do not
4024 output proxy CONNECT response headers. This option is meant to
4025 be used with --dump-header or --include which are used to show
4026 protocol headers in the output. It has no effect on debug op‐
4027 tions such as --verbose or --trace, or any statistics.
4028 Example:
4030 curl --suppress-connect-headers --include -x proxy https://example.com
4031 See also -D, --dump-header, -i, --include and -p, --proxytunnel.
4033 Added in 7.54.0.
4034 --tcp-fastopen
4036 Enable use of TCP Fast Open (RFC7413).
4037 Example:
4039 curl --tcp-fastopen https://example.com
4040 See also --false-start. Added in 7.49.0.
4042 --tcp-nodelay
4044 Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man
4045 page for details about this option.
4046 Since 7.50.2, curl sets this option by default and you need to
4048 explicitly switch it off if you do not want it on.
4049 Example:
4051 curl --tcp-nodelay https://example.com
4052 See also -N, --no-buffer.
4054 -t, --telnet-option <opt=val>
4056 Pass options to the telnet protocol. Supported options are:
4057 TTYPE=<term> Sets the terminal type.
4059 XDISPLOC=<X display> Sets the X display location.
4061 NEW_ENV=<var,val> Sets an environment variable.
4063 Example:
4065 curl -t TTYPE=vt100 telnet://example.com/
4066 See also -K, --config.
4068 --tftp-blksize <value>
4070 (TFTP) Set TFTP BLKSIZE option (must be >512). This is the block
4071 size that curl will try to use when transferring data to or from
4072 a TFTP server. By default 512 bytes will be used.
4073 If this option is used several times, the last one will be used.
4075 Example:
4077 curl --tftp-blksize 1024 tftp://example.com/file
4078 See also --tftp-no-options.
4080 --tftp-no-options
4082 (TFTP) Tells curl not to send TFTP options requests.
4083 This option improves interop with some legacy servers that do
4085 not acknowledge or properly implement TFTP options. When this
4086 option is used --tftp-blksize is ignored.
4087 Example:
4089 curl --tftp-no-options tftp://192.168.0.1/
4090 See also --tftp-blksize. Added in 7.48.0.
4092 -z, --time-cond <time>
4094 (HTTP FTP) Request a file that has been modified later than the
4095 given time and date, or one that has been modified before that
4096 time. The <date expression> can be all sorts of date strings or
4097 if it does not match any internal ones, it is taken as a file‐
4098 name and tries to get the modification date (mtime) from <file>
4099 instead. See the curl_getdate(3) man pages for date expression
4100 details.
4101 Start the date expression with a dash (-) to make it request for
4103 a document that is older than the given date/time, default is a
4104 document that is newer than the specified date/time.
4105 If this option is used several times, the last one will be used.
4107 Examples:
4109 curl -z "Wed 01 Sep 2021 12:18:00" https://example.com
4110 curl -z "-Wed 01 Sep 2021 12:18:00" https://example.com
4111 curl -z file https://example.com
4112 See also --etag-compare and -R, --remote-time.
4114 --tls-max <VERSION>
4116 (SSL) VERSION defines maximum supported TLS version. The minimum
4117 acceptable version is set by tlsv1.0, tlsv1.1, tlsv1.2 or
4118 tlsv1.3.
4119 If the connection is done without TLS, this option has no ef‐
4121 fect. This includes QUIC-using (HTTP/3) transfers.
4122 default
4125 Use up to recommended TLS version.
4126 1.0 Use up to TLSv1.0.
4128 1.1 Use up to TLSv1.1.
4130 1.2 Use up to TLSv1.2.
4132 1.3 Use up to TLSv1.3.
4134 Examples:
4136 curl --tls-max 1.2 https://example.com
4137 curl --tls-max 1.3 --tlsv1.2 https://example.com
4138 See also --tlsv1.0, --tlsv1.1, --tlsv1.2 and --tlsv1.3. --tls-max re‐
4140 quires that the underlying libcurl was built to support TLS. Added in
4141 7.54.0.
4142 --tls13-ciphers <ciphersuite list>
4144 (TLS) Specifies which cipher suites to use in the connection if
4145 it negotiates TLS 1.3. The list of ciphers suites must specify
4146 valid ciphers. Read up on TLS 1.3 cipher suite details on this
4147 URL:
4148 https://curl.se/docs/ssl-ciphers.html
4150 This option is currently used only when curl is built to use
4152 OpenSSL 1.1.1 or later. If you are using a different SSL backend
4153 you can try setting TLS 1.3 cipher suites by using the --ciphers
4154 option.
4155 If this option is used several times, the last one will be used.
4157 Example:
4159 curl --tls13-ciphers TLS_AES_128_GCM_SHA256 https://example.com
4160 See also --ciphers and --curves. Added in 7.61.0.
4162 --tlsauthtype <type>
4164 Set TLS authentication type. Currently, the only supported op‐
4165 tion is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
4166 --tlspassword are specified but --tlsauthtype is not, then this
4167 option defaults to "SRP". This option works only if the underly‐
4168 ing libcurl is built with TLS-SRP support, which requires
4169 OpenSSL or GnuTLS with TLS-SRP support.
4170 Example:
4172 curl --tlsauthtype SRP https://example.com
4173 See also --tlsuser.
4175 --tlspassword <string>
4177 Set password for use with the TLS authentication method speci‐
4178 fied with --tlsauthtype. Requires that --tlsuser also be set.
4179 This option does not work with TLS 1.3.
4181 Example:
4183 curl --tlspassword pwd --tlsuser user https://example.com
4184 See also --tlsuser.
4186 --tlsuser <name>
4188 Set username for use with the TLS authentication method speci‐
4189 fied with --tlsauthtype. Requires that --tlspassword also is
4190 set.
4191 This option does not work with TLS 1.3.
4193 Example:
4195 curl --tlspassword pwd --tlsuser user https://example.com
4196 See also --tlspassword.
4198 --tlsv1.0
4200 (TLS) Forces curl to use TLS version 1.0 or later when connect‐
4201 ing to a remote TLS server.
4202 In old versions of curl this option was documented to allow
4204 _only_ TLS 1.0. That behavior was inconsistent depending on the
4205 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4206 sion.
4207 Example:
4209 curl --tlsv1.0 https://example.com
4210 See also --tlsv1.3. Added in 7.34.0.
4212 --tlsv1.1
4214 (TLS) Forces curl to use TLS version 1.1 or later when connect‐
4215 ing to a remote TLS server.
4216 In old versions of curl this option was documented to allow
4218 _only_ TLS 1.1. That behavior was inconsistent depending on the
4219 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4220 sion.
4221 Example:
4223 curl --tlsv1.1 https://example.com
4224 See also --tlsv1.3. Added in 7.34.0.
4226 --tlsv1.2
4228 (TLS) Forces curl to use TLS version 1.2 or later when connect‐
4229 ing to a remote TLS server.
4230 In old versions of curl this option was documented to allow
4232 _only_ TLS 1.2. That behavior was inconsistent depending on the
4233 TLS library. Use --tls-max if you want to set a maximum TLS ver‐
4234 sion.
4235 Example:
4237 curl --tlsv1.2 https://example.com
4238 See also --tlsv1.3. Added in 7.34.0.
4240 --tlsv1.3
4242 (TLS) Forces curl to use TLS version 1.3 or later when connect‐
4243 ing to a remote TLS server.
4244 If the connection is done without TLS, this option has no ef‐
4246 fect. This includes QUIC-using (HTTP/3) transfers.
4247 Note that TLS 1.3 is not supported by all TLS backends.
4249 Example:
4251 curl --tlsv1.3 https://example.com
4252 See also --tlsv1.2. Added in 7.52.0.
4254 -1, --tlsv1
4256 (SSL) Tells curl to use at least TLS version 1.x when negotiat‐
4257 ing with a remote TLS server. That means TLS version 1.0 or
4258 higher
4259 Example:
4261 curl --tlsv1 https://example.com
4262 See also --http1.1 and --http2. -1, --tlsv1 requires that the
4264 underlying libcurl was built to support TLS. This option over‐
4265 rides --tlsv1.1 and --tlsv1.2 and --tlsv1.3.
4266 --tr-encoding
4268 (HTTP) Request a compressed Transfer-Encoding response using one
4269 of the algorithms curl supports, and uncompress the data while
4270 receiving it.
4271 Example:
4273 curl --tr-encoding https://example.com
4274 See also --compressed.
4276 --trace-ascii <file>
4278 Enables a full trace dump of all incoming and outgoing data, in‐
4279 cluding descriptive information, to the given output file. Use
4280 "-" as filename to have the output sent to stdout.
4281 This is similar to --trace, but leaves out the hex part and only
4283 shows the ASCII part of the dump. It makes smaller output that
4284 might be easier to read for untrained humans.
4285 This option is global and does not need to be specified for each
4287 use of -:, --next.
4288 If this option is used several times, the last one will be used.
4290 Example:
4292 curl --trace-ascii log.txt https://example.com
4293 See also -v, --verbose and --trace. This option overrides
4295 --trace and -v, --verbose.
4296 --trace-time
4298 Prepends a time stamp to each trace or verbose line that curl
4299 displays.
4300 This option is global and does not need to be specified for each
4302 use of -:, --next.
4303 Example:
4305 curl --trace-time --trace-ascii output https://example.com
4306 See also --trace and -v, --verbose.
4308 --trace <file>
4310 Enables a full trace dump of all incoming and outgoing data, in‐
4311 cluding descriptive information, to the given output file. Use
4312 "-" as filename to have the output sent to stdout. Use "%" as
4313 filename to have the output sent to stderr.
4314 This option is global and does not need to be specified for each
4316 use of -:, --next.
4317 If this option is used several times, the last one will be used.
4319 Example:
4321 curl --trace log.txt https://example.com
4322 See also --trace-ascii and --trace-time. This option overrides
4324 -v, --verbose and --trace-ascii.
4325 --unix-socket <path>
4327 (HTTP) Connect through this Unix domain socket, instead of using
4328 the network.
4329 Example:
4331 curl --unix-socket socket-path https://example.com
4332 See also --abstract-unix-socket. Added in 7.40.0.
4334 -T, --upload-file <file>
4336 This transfers the specified local file to the remote URL. If
4337 there is no file part in the specified URL, curl will append the
4338 local file name. NOTE that you must use a trailing / on the last
4339 directory to really prove to Curl that there is no file name or
4340 curl will think that your last directory name is the remote file
4341 name to use. That will most likely cause the upload operation to
4342 fail. If this is used on an HTTP(S) server, the PUT command will
4343 be used.
4344 Use the file name "-" (a single dash) to use stdin instead of a
4346 given file. Alternately, the file name "." (a single period)
4347 may be specified instead of "-" to use stdin in non-blocking
4348 mode to allow reading server output while stdin is being up‐
4349 loaded.
4350 You can specify one --upload-file for each URL on the command
4352 line. Each -T, --upload-file + URL pair specifies what to upload
4353 and to where. curl also supports "globbing" of the --upload-file
4354 argument, meaning that you can upload multiple files to a single
4355 URL by using the same URL globbing style supported in the URL.
4356 When uploading to an SMTP server: the uploaded data is assumed
4358 to be RFC 5322 formatted. It has to feature the necessary set of
4359 headers and mail body formatted correctly by the user as curl
4360 will not transcode nor encode it further in any way.
4361 Examples:
4363 curl -T file https://example.com
4364 curl -T "img[1-1000].png" ftp://ftp.example.com/
4365 curl --upload-file "{file1,file2}" https://example.com
4366 See also -G, --get and -I, --head.
4368 --url <url>
4370 Specify a URL to fetch. This option is mostly handy when you
4371 want to specify URL(s) in a config file.
4372 If the given URL is missing a scheme name (such as "http://" or
4374 "ftp://" etc) then curl will make a guess based on the host. If
4375 the outermost sub-domain name matches DICT, FTP, IMAP, LDAP,
4376 POP3 or SMTP then that protocol will be used, otherwise HTTP
4377 will be used. Since 7.45.0 guessing can be disabled by setting a
4378 default protocol, see --proto-default for details.
4379 This option may be used any number of times. To control where
4381 this URL is written, use the --output or the --remote-name op‐
4382 tions.
4383 WARNING: On Windows, particular file:// accesses can be con‐
4385 verted to network accesses by the operating system. Beware!
4386 Example:
4388 curl --url https://example.com
4389 See also -:, --next and -K, --config.
4391 -B, --use-ascii
4393 (FTP LDAP) Enable ASCII transfer. For FTP, this can also be en‐
4394 forced by using a URL that ends with ";type=A". This option
4395 causes data sent to stdout to be in text mode for win32 systems.
4396 Example:
4398 curl -B ftp://example.com/README
4399 See also --crlf and --data-ascii.
4401 -A, --user-agent <name>
4403 (HTTP) Specify the User-Agent string to send to the HTTP server.
4404 To encode blanks in the string, surround the string with single
4405 quote marks. This header can also be set with the --header or
4406 the --proxy-header options.
4407 If you give an empty argument to -A, --user-agent (""), it will
4409 remove the header completely from the request. If you prefer a
4410 blank header, you can set it to a single space (" ").
4411 If this option is used several times, the last one will be used.
4413 Example:
4415 curl -A "Agent 007" https://example.com
4416 See also -H, --header and --proxy-header.
4418 -u, --user <user:password>
4420 Specify the user name and password to use for server authentica‐
4421 tion. Overrides --netrc and --netrc-optional.
4422 If you simply specify the user name, curl will prompt for a
4424 password.
4425 The user name and passwords are split up on the first colon,
4427 which makes it impossible to use a colon in the user name with
4428 this option. The password can, still.
4429 On systems where it works, curl will hide the given option argu‐
4431 ment from process listings. This is not enough to protect cre‐
4432 dentials from possibly getting seen by other users on the same
4433 system as they will still be visible for a moment before
4434 cleared. Such sensitive data should be retrieved from a file in‐
4435 stead or similar and never used in clear text in a command line.
4436 When using Kerberos V5 with a Windows based server you should
4438 include the Windows domain name in the user name, in order for
4439 the server to successfully obtain a Kerberos Ticket. If you do
4440 not, then the initial authentication handshake may fail.
4441 When using NTLM, the user name can be specified simply as the
4443 user name, without the domain, if there is a single domain and
4444 forest in your setup for example.
4445 To specify the domain name use either Down-Level Logon Name or
4447 UPN (User Principal Name) formats. For example, EXAMPLE\user and
4448 user@example.com respectively.
4449 If you use a Windows SSPI-enabled curl binary and perform Ker‐
4451 beros V5, Negotiate, NTLM or Digest authentication then you can
4452 tell curl to select the user name and password from your envi‐
4453 ronment by specifying a single colon with this option: "-u :".
4454 If this option is used several times, the last one will be used.
4456 Example:
4458 curl -u user:secret https://example.com
4459 See also -n, --netrc and -K, --config.
4461 -v, --verbose
4463 Makes curl verbose during the operation. Useful for debugging
4464 and seeing what's going on "under the hood". A line starting
4465 with '>' means "header data" sent by curl, '<' means "header
4466 data" received by curl that is hidden in normal cases, and a
4467 line starting with '*' means additional info provided by curl.
4468 If you only want HTTP headers in the output, --include might be
4470 the option you are looking for.
4471 If you think this option still does not give you enough details,
4473 consider using --trace or --trace-ascii instead.
4474 This option is global and does not need to be specified for each
4476 use of -:, --next.
4477 Use --silent to make curl really quiet.
4479 Example:
4481 curl --verbose https://example.com
4482 See also -i, --include. This option overrides --trace and
4484 --trace-ascii.
4485 -V, --version
4487 Displays information about curl and the libcurl version it uses.
4488 The first line includes the full version of curl, libcurl and
4490 other 3rd party libraries linked with the executable.
4491 The second line (starts with "Protocols:") shows all protocols
4493 that libcurl reports to support.
4494 The third line (starts with "Features:") shows specific features
4496 libcurl reports to offer. Available features include:
4497 alt-svc
4499 Support for the Alt-Svc: header is provided.
4500 AsynchDNS
4502 This curl uses asynchronous name resolves. Asynchronous
4503 name resolves can be done using either the c-ares or the
4504 threaded resolver backends.
4505 brotli Support for automatic brotli compression over HTTP(S).
4507 CharConv
4509 curl was built with support for character set conversions
4510 (like EBCDIC)
4511 Debug This curl uses a libcurl built with Debug. This enables
4513 more error-tracking and memory debugging etc. For curl-
4514 developers only!
4515 gsasl The built-in SASL authentication includes extensions to
4517 support SCRAM because libcurl was built with libgsasl.
4518 GSS-API
4520 GSS-API is supported.
4521 HSTS HSTS support is present.
4523 HTTP2 HTTP/2 support has been built-in.
4525 HTTP3 HTTP/3 support has been built-in.
4527 HTTPS-proxy
4529 This curl is built to support HTTPS proxy.
4530 IDN This curl supports IDN - international domain names.
4532 IPv6 You can use IPv6 with this.
4534 Kerberos
4536 Kerberos V5 authentication is supported.
4537 Largefile
4539 This curl supports transfers of large files, files larger
4540 than 2GB.
4541 libz Automatic decompression (via gzip, deflate) of compressed
4543 files over HTTP is supported.
4544 MultiSSL
4546 This curl supports multiple TLS backends.
4547 NTLM NTLM authentication is supported.
4549 NTLM_WB
4551 NTLM delegation to winbind helper is supported.
4552 PSL PSL is short for Public Suffix List and means that this
4554 curl has been built with knowledge about "public suf‐
4555 fixes".
4556 SPNEGO SPNEGO authentication is supported.
4558 SSL SSL versions of various protocols are supported, such as
4560 HTTPS, FTPS, POP3S and so on.
4561 SSPI SSPI is supported.
4563 TLS-SRP
4565 SRP (Secure Remote Password) authentication is supported
4566 for TLS.
4567 TrackMemory
4569 Debug memory tracking is supported.
4570 Unicode
4572 Unicode support on Windows.
4573 UnixSockets
4575 Unix sockets support is provided.
4576 zstd Automatic decompression (via zstd) of compressed files
4578 over HTTP is supported.
4579 Example:
4581 curl --version
4582 See also -h, --help and -M, --manual.
4584 -w, --write-out <format>
4586 Make curl display information on stdout after a completed trans‐
4587 fer. The format is a string that may contain plain text mixed
4588 with any number of variables. The format can be specified as a
4589 literal "string", or you can have curl read the format from a
4590 file with "@filename" and to tell curl to read the format from
4591 stdin you write "@-".
4592 The variables present in the output format will be substituted
4594 by the value or text that curl thinks fit, as described below.
4595 All variables are specified as %{variable_name} and to output a
4596 normal % you just write them as %%. You can output a newline by
4597 using \n, a carriage return with \r and a tab space with \t.
4598 The output will be written to standard output, but this can be
4600 switched to standard error by using %{stderr}.
4601 NOTE: The %-symbol is a special symbol in the win32-environment,
4603 where all occurrences of % must be doubled when using this op‐
4604 tion.
4605 The variables available are:
4607 content_type The Content-Type of the requested document, if
4609 there was any.
4610 errormsg The error message. (Added in 7.75.0)
4612 exitcode The numerical exitcode of the transfer. (Added in
4614 7.75.0)
4615 filename_effective
4617 The ultimate filename that curl writes out to.
4618 This is only meaningful if curl is told to write
4619 to a file with the --remote-name or --output op‐
4620 tion. It's most useful in combination with the
4621 --remote-header-name option.
4622 ftp_entry_path The initial path curl ended up in when logging on
4624 to the remote FTP server.
4625 http_code The numerical response code that was found in the
4627 last retrieved HTTP(S) or FTP(s) transfer.
4628 http_connect The numerical code that was found in the last re‐
4630 sponse (from a proxy) to a curl CONNECT request.
4631 http_version The http version that was effectively used.
4633 (Added in 7.50.0)
4634 json A JSON object with all available keys.
4636 local_ip The IP address of the local end of the most re‐
4638 cently done connection - can be either IPv4 or
4639 IPv6.
4640 local_port The local port number of the most recently done
4642 connection.
4643 method The http method used in the most recent HTTP re‐
4645 quest. (Added in 7.72.0)
4646 num_connects Number of new connects made in the recent trans‐
4648 fer.
4649 num_headers The number of response headers in the most recent
4651 request (restarted at each redirect). Note that
4652 the status line IS NOT a header. (Added in
4653 7.73.0)
4654 num_redirects Number of redirects that were followed in the re‐
4656 quest.
4657 onerror The rest of the output is only shown if the
4659 transfer returned a non-zero error (Added in
4660 7.75.0)
4661 proxy_ssl_verify_result
4663 The result of the HTTPS proxy's SSL peer certifi‐
4664 cate verification that was requested. 0 means the
4665 verification was successful. (Added in 7.52.0)
4666 redirect_url When an HTTP request was made without --location
4668 to follow redirects (or when --max-redirs is
4669 met), this variable will show the actual URL a
4670 redirect would have gone to.
4671 referer The Referer: header, if there was any. (Added in
4673 7.76.0)
4674 remote_ip The remote IP address of the most recently done
4676 connection - can be either IPv4 or IPv6.
4677 remote_port The remote port number of the most recently done
4679 connection.
4680 response_code The numerical response code that was found in the
4682 last transfer (formerly known as "http_code").
4683 scheme The URL scheme (sometimes called protocol) that
4685 was effectively used. (Added in 7.52.0)
4686 size_download The total amount of bytes that were downloaded.
4688 This is the size of the body/data that was trans‐
4689 ferred, excluding headers.
4690 size_header The total amount of bytes of the downloaded head‐
4692 ers.
4693 size_request The total amount of bytes that were sent in the
4695 HTTP request.
4696 size_upload The total amount of bytes that were uploaded.
4698 This is the size of the body/data that was trans‐
4699 ferred, excluding headers.
4700 speed_download The average download speed that curl measured for
4702 the complete download. Bytes per second.
4703 speed_upload The average upload speed that curl measured for
4705 the complete upload. Bytes per second.
4706 ssl_verify_result
4708 The result of the SSL peer certificate verifica‐
4709 tion that was requested. 0 means the verification
4710 was successful.
4711 stderr From this point on, the --write-out output will
4713 be written to standard error. (Added in 7.63.0)
4714 stdout From this point on, the --write-out output will
4716 be written to standard output. This is the de‐
4717 fault, but can be used to switch back after
4718 switching to stderr. (Added in 7.63.0)
4719 time_appconnect
4721 The time, in seconds, it took from the start un‐
4722 til the SSL/SSH/etc connect/handshake to the re‐
4723 mote host was completed.
4724 time_connect The time, in seconds, it took from the start un‐
4726 til the TCP connect to the remote host (or proxy)
4727 was completed.
4728 time_namelookup
4730 The time, in seconds, it took from the start un‐
4731 til the name resolving was completed.
4732 time_pretransfer
4734 The time, in seconds, it took from the start un‐
4735 til the file transfer was just about to begin.
4736 This includes all pre-transfer commands and nego‐
4737 tiations that are specific to the particular pro‐
4738 tocol(s) involved.
4739 time_redirect The time, in seconds, it took for all redirection
4741 steps including name lookup, connect, pretransfer
4742 and transfer before the final transaction was
4743 started. time_redirect shows the complete execu‐
4744 tion time for multiple redirections.
4745 time_starttransfer
4747 The time, in seconds, it took from the start un‐
4748 til the first byte was just about to be trans‐
4749 ferred. This includes time_pretransfer and also
4750 the time the server needed to calculate the re‐
4751 sult.
4752 time_total The total time, in seconds, that the full opera‐
4754 tion lasted.
4755 url The URL that was fetched. (Added in 7.75.0)
4757 urlnum The URL index number of this transfer, 0-indexed.
4759 De-globbed URLs share the same index number as
4760 the origin globbed URL. (Added in 7.75.0)
4761 url_effective The URL that was fetched last. This is most mean‐
4763 ingful if you have told curl to follow location:
4764 headers.
4765 If this option is used several times, the last one will be used.
4767 Example:
4769 curl -w '%{http_code}\n' https://example.com
4770 See also -v, --verbose and -I, --head.
4772 --xattr
4774 When saving output to a file, this option tells curl to store
4775 certain file metadata in extended file attributes. Currently,
4776 the URL is stored in the xdg.origin.url attribute and, for HTTP,
4777 the content type is stored in the mime_type attribute. If the
4778 file system does not support extended attributes, a warning is
4779 issued.
4780 Example:
4782 curl --xattr -o storage https://example.com
4783 See also -R, --remote-time, -w, --write-out and -v, --verbose.
4785
4787 ~/.curlrc
4788 Default config file, see --config for details.
4789
4791 The environment variables can be specified in lower case or upper case.
4792 The lower case version has precedence. http_proxy is an exception as it
4793 is only available in lower case.
4794 Using an environment variable to set the proxy has the same effect as
4796 using the --proxy option.
4797 http_proxy [protocol://]<host>[:port]
4800 Sets the proxy server to use for HTTP.
4801 HTTPS_PROXY [protocol://]<host>[:port]
4803 Sets the proxy server to use for HTTPS.
4804 [url-protocol]_PROXY [protocol://]<host>[:port]
4806 Sets the proxy server to use for [url-protocol], where the pro‐
4807 tocol is a protocol that curl supports and as specified in a
4808 URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP, etc.
4809 ALL_PROXY [protocol://]<host>[:port]
4811 Sets the proxy server to use if no protocol-specific proxy is
4812 set.
4813 NO_PROXY <comma-separated list of hosts/domains>
4815 list of host names that should not go through any proxy. If set
4816 to an asterisk '*' only, it matches all hosts. Each name in this
4817 list is matched as either a domain name which contains the host‐
4818 name, or the hostname itself.
4819 This environment variable disables use of the proxy even when
4821 specified with the --proxy option. That is NO_PROXY=direct.exam‐
4822 ple.com curl -x http://proxy.example.com http://direct.exam‐
4823 ple.com accesses the target URL directly, and NO_PROXY=di‐
4824 rect.example.com curl -x http://proxy.example.com http://some‐
4825 where.example.com accesses the target URL through the proxy.
4826 The list of host names can also be include numerical IP ad‐
4828 dresses, and IPv6 versions should then be given without enclos‐
4829 ing brackets.
4830 IPv6 numerical addresses are compared as strings, so they will
4832 only match if the representations are the same: "::1" is the
4833 same as "::0:1" but they do not match.
4834 APPDATA <dir>
4836 On Windows, this variable is used when trying to find the home
4837 directory. If the primary home variable are all unset.
4838 COLUMNS <terminal width>
4840 If set, the specified number of characters will be used as the
4841 terminal width when the alternative progress-bar is shown. If
4842 not set, curl will try to figure it out using other ways.
4843 CURL_CA_BUNDLE <file>
4845 If set, will be used as the --cacert value.
4846 CURL_HOME <dir>
4848 If set, is the first variable curl checks when trying to find
4849 its home directory. If not set, it continues to check XDG_CON‐
4850 FIG_HOME.
4851 CURL_SSL_BACKEND <TLS backend>
4853 If curl was built with support for "MultiSSL", meaning that it
4854 has built-in support for more than one TLS backend, this envi‐
4855 ronment variable can be set to the case insensitive name of the
4856 particular backend to use when curl is invoked. Setting a name
4857 that is not a built-in alternative will make curl stay with the
4858 default.
4859 SSL backend names (case-insensitive): bearssl, gnutls, gskit,
4861 mbedtls, nss, openssl, rustls, schannel, secure-transport, wolf‐
4862 ssl
4863 HOME <dir>
4865 If set, this is used to find the home directory when that is
4866 needed. Like when looking for the default .curlrc. CURL_HOME and
4867 XDG_CONFIG_HOME have preference.
4868 QLOGDIR <directory name>
4870 If curl was built with HTTP/3 support, setting this environment
4871 variable to a local directory will make curl produce qlogs in
4872 that directory, using file names named after the destination
4873 connection id (in hex). Do note that these files can become
4874 rather large. Works with both QUIC backends.
4875 SHELL Used on VMS when trying to detect if using a DCL or a "unix"
4877 shell.
4878 SSL_CERT_DIR <dir>
4880 If set, will be used as the --capath value.
4881 SSL_CERT_FILE <path>
4883 If set, will be used as the --cacert value.
4884 SSLKEYLOGFILE <file name>
4886 If you set this environment variable to a file name, curl will
4887 store TLS secrets from its connections in that file when invoked
4888 to enable you to analyze the TLS traffic in real time using net‐
4889 work analyzing tools such as Wireshark. This works with the fol‐
4890 lowing TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS, NSS
4891 and wolfSSL.
4892 USERPROFILE <dir>
4894 On Windows, this variable is used when trying to find the home
4895 directory. If the other, primary, variable are all unset. If
4896 set, curl will use the path "$USERPROFILE\Application Data".
4897 XDG_CONFIG_HOME <dir>
4899 If CURL_HOME is not set, this variable is checked when looking
4900 for a default .curlrc file.
4901
4903 The proxy string may be specified with a protocol:// prefix to specify
4904 alternative proxy protocols.
4905 If no protocol is specified in the proxy string or if the string does
4907 not match a supported one, the proxy will be treated as an HTTP proxy.
4908 The supported proxy protocol prefixes are as follows:
4910 http://
4912 Makes it use it as an HTTP proxy. The default if no scheme pre‐
4913 fix is used.
4914 https://
4916 Makes it treated as an HTTPS proxy.
4917 socks4://
4919 Makes it the equivalent of --socks4
4920 socks4a://
4922 Makes it the equivalent of --socks4a
4923 socks5://
4925 Makes it the equivalent of --socks5
4926 socks5h://
4928 Makes it the equivalent of --socks5-hostname
4929
4931 There are a bunch of different error codes and their corresponding er‐
4932 ror messages that may appear under error conditions. At the time of
4933 this writing, the exit codes are:
4934 1 Unsupported protocol. This build of curl has no support for this
4936 protocol.
4937 2 Failed to initialize.
4939 3 URL malformed. The syntax was not correct.
4941 4 A feature or option that was needed to perform the desired re‐
4943 quest was not enabled or was explicitly disabled at build-time.
4944 To make curl able to do this, you probably need another build of
4945 libcurl.
4946 5 Could not resolve proxy. The given proxy host could not be re‐
4948 solved.
4949 6 Could not resolve host. The given remote host could not be re‐
4951 solved.
4952 7 Failed to connect to host.
4954 8 Weird server reply. The server sent data curl could not parse.
4956 9 FTP access denied. The server denied login or denied access to
4958 the particular resource or directory you wanted to reach. Most
4959 often you tried to change to a directory that does not exist on
4960 the server.
4961 10 FTP accept failed. While waiting for the server to connect back
4963 when an active FTP session is used, an error code was sent over
4964 the control connection or similar.
4965 11 FTP weird PASS reply. Curl could not parse the reply sent to the
4967 PASS request.
4968 12 During an active FTP session while waiting for the server to
4970 connect back to curl, the timeout expired.
4971 13 FTP weird PASV reply, Curl could not parse the reply sent to the
4973 PASV request.
4974 14 FTP weird 227 format. Curl could not parse the 227-line the
4976 server sent.
4977 15 FTP cannot use host. Could not resolve the host IP we got in the
4979 227-line.
4980 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer.
4982 This is somewhat generic and can be one out of several problems,
4983 see the error message for details.
4984 17 FTP could not set binary. Could not change transfer method to
4986 binary.
4987 18 Partial file. Only a part of the file was transferred.
4989 19 FTP could not download/access the given file, the RETR (or simi‐
4991 lar) command failed.
4992 21 FTP quote error. A quote command returned error from the server.
4994 22 HTTP page not retrieved. The requested url was not found or re‐
4996 turned another error with the HTTP error code being 400 or
4997 above. This return code only appears if --fail is used.
4998 23 Write error. Curl could not write data to a local filesystem or
5000 similar.
5001 25 FTP could not STOR file. The server denied the STOR operation,
5003 used for FTP uploading.
5004 26 Read error. Various reading problems.
5006 27 Out of memory. A memory allocation request failed.
5008 28 Operation timeout. The specified time-out period was reached ac‐
5010 cording to the conditions.
5011 30 FTP PORT failed. The PORT command failed. Not all FTP servers
5013 support the PORT command, try doing a transfer using PASV in‐
5014 stead!
5015 31 FTP could not use REST. The REST command failed. This command is
5017 used for resumed FTP transfers.
5018 33 HTTP range error. The range "command" did not work.
5020 34 HTTP post error. Internal post-request generation error.
5022 35 SSL connect error. The SSL handshaking failed.
5024 36 Bad download resume. Could not continue an earlier aborted down‐
5026 load.
5027 37 FILE could not read file. Failed to open the file. Permissions?
5029 38 LDAP cannot bind. LDAP bind operation failed.
5031 39 LDAP search failed.
5033 41 Function not found. A required LDAP function was not found.
5035 42 Aborted by callback. An application told curl to abort the oper‐
5037 ation.
5038 43 Internal error. A function was called with a bad parameter.
5040 45 Interface error. A specified outgoing interface could not be
5042 used.
5043 47 Too many redirects. When following redirects, curl hit the maxi‐
5045 mum amount.
5046 48 Unknown option specified to libcurl. This indicates that you
5048 passed a weird option to curl that was passed on to libcurl and
5049 rejected. Read up in the manual!
5050 49 Malformed telnet option.
5052 51 The peer's SSL certificate or SSH MD5 fingerprint was not OK.
5054 52 The server did not reply anything, which here is considered an
5056 error.
5057 53 SSL crypto engine not found.
5059 54 Cannot set SSL crypto engine as default.
5061 55 Failed sending network data.
5063 56 Failure in receiving network data.
5065 58 Problem with the local certificate.
5067 59 Could not use specified SSL cipher.
5069 60 Peer certificate cannot be authenticated with known CA certifi‐
5071 cates.
5072 61 Unrecognized transfer encoding.
5074 62 Invalid LDAP URL.
5076 63 Maximum file size exceeded.
5078 64 Requested FTP SSL level failed.
5080 65 Sending the data requires a rewind that failed.
5082 66 Failed to initialise SSL Engine.
5084 67 The user name, password, or similar was not accepted and curl
5086 failed to log in.
5087 68 File not found on TFTP server.
5089 69 Permission problem on TFTP server.
5091 70 Out of disk space on TFTP server.
5093 71 Illegal TFTP operation.
5095 72 Unknown TFTP transfer ID.
5097 73 File already exists (TFTP).
5099 74 No such user (TFTP).
5101 75 Character conversion failed.
5103 76 Character conversion functions required.
5105 77 Problem reading the SSL CA cert (path? access rights?).
5107 78 The resource referenced in the URL does not exist.
5109 79 An unspecified error occurred during the SSH session.
5111 80 Failed to shut down the SSL connection.
5113 82 Could not load CRL file, missing or wrong format.
5115 83 Issuer check failed.
5117 84 The FTP PRET command failed.
5119 85 Mismatch of RTSP CSeq numbers.
5121 86 Mismatch of RTSP Session Identifiers.
5123 87 Unable to parse FTP file list.
5125 88 FTP chunk callback reported error.
5127 89 No connection available, the session will be queued.
5129 90 SSL public key does not matched pinned public key.
5131 91 Invalid SSL certificate status.
5133 92 Stream error in HTTP/2 framing layer.
5135 93 An API function was called from inside a callback.
5137 94 An authentication function returned an error.
5139 95 A problem was detected in the HTTP/3 layer. This is somewhat
5141 generic and can be one out of several problems, see the error
5142 message for details.
5143 96 QUIC connection error. This error may be caused by an SSL li‐
5145 brary error. QUIC is the protocol used for HTTP/3 transfers.
5146 XX More error codes will appear here in future releases. The exist‐
5148 ing ones are meant to never change.
5149
5151 If you experience any problems with curl, submit an issue in the
5152 project's bug tracker on GitHub: https://github.com/curl/curl/issues
5153
5155 Daniel Stenberg is the main author, but the whole list of contributors
5156 is found in the separate THANKS file.
5157
5159 https://curl.se
5160
5162 ftp(1), wget(1)
5163curl 7.82.0 March 05 2022 curl(1)