1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
|
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
FAQ
1. Problems connecting to SSL servers.
It took a very long time before I could sort out why curl had problems
to connect to certain SSL servers when using SSLeay or OpenSSL v0.9+.
The error sometimes showed up similar to:
16570:error:1407D071:SSL routines:SSL2_READ:bad mac decode:s2_pkt.c:233:
It turned out to be because many older SSL servers don't deal with SSLv3
requests properly. To correct this problem, tell curl to select SSLv2 from
the command line (-2/--sslv2).
I have also seen examples where the remote server didn't like the SSLv2
request and instead you had to force curl to use SSLv3 with -3/--sslv3.
2. curl: (1) SSL is disabled, https: not supported
If you get this output when trying to get anything from a https:// server,
it means that the configure script couldn't find all libs and include files
it requires for SSL to work. If the configure script fails to find them,
curl is simply built without SSL support.
To get the https:// support into a curl that was previously built but that
reports that https:// is not supported, you should dig through the document
and logs and check out why the configure script doesn't find the SSL libs
and/or include files.
Also, check out the other paragraph in this FAQ labeled "configure doesn't
find OpenSSL even when it is installed".
3. Does curl support resume?
Yes. Both ways on FTP, download ways on HTTP.
Try the -c and -C options.
4. Is libcurl thread safe?
As version seven is slowly marching in as the libcurl version to use, we
have made a serious attempt to address all places in the code where we could
forsee problems for multi-threaded programs. If your system has them, curl
will attempt to use threadsafe functions instead of non-safe ones.
I am very interested in once and for all getting some kind of report or
README file from those who have used libcurl in a threaded environment,
since I haven't and I get this question more and more frequently!
5. Why doesn't my posting using -F work?
You can't simply use -F or -d at your choice. The web server that will
receive your post assumes one of the formats. If the form you're trying to
"fake" sets the type to 'multipart/form-data', than and only then you must
use the -F type. In all the most common cases, you should use -d which then
causes a posting with the type 'application/x-www-form-urlencoded'.
I have described this in some detail in the README.curl file, and if you
don't understand it the first time, read it again before you post questions
about this to the mailing list. I would also suggest that you read through
the mailing list archives for old postings and questions regarding this.
6. Does curl support custom FTP commands?
Yes it does, you can tell curl to perform optional commands both before
and/or after a file transfer. Study the -Q/--quote option.
Since curl is used for file transfers, you don't use curl to just perform
ftp commands without transfering anything. Therefore you must always specify
a URL to transfer to/from even when doing custom FTP commands.
7. Does curl work with other SSL libraries?
Curl has been written to use OpenSSL, although I doubt there would be much
problems using a different library. I just don't know any other free one and
that has limited my possibilities to develop against anything else.
If anyone does "port" curl to use a commercial SSL library, I am of course
very interested in getting the patch!
8. configure doesn't find OpenSSL even when it is installed
This may be because of several reasons.
8.1. native linker doesn't find openssl
Platforms: Solaris (native cc compiler) and HPUX (native cc compiler)
When configuring curl, I specify --with-ssl. OpenSSL is installed in
/usr/local/ssl Configure reports SSL in /usr/local/ssl, but fails to find
CRYPTO_lock in -lcrypto
Cause: The cc for this test places the -L/usr/local/ssl/lib AFTER
-lcrypto, so ld can't find the library. This is due to a bug in the GNU
autoconf tool.
Workaround: Specifying "LDFLAGS=-L/usr/local/ssl/lib" in front of
./configure places the -L/usr/local/ssl/lib early enough in the command
line to make things work
Submitted by: Bob Allison <allisonb@users.sourceforge.net>
8.2. only the libssl lib is missing
If all include files and the libcrypto lib is present, with only the
libssl being missing according to configure, this is mostly likely because
a few functions are left out from the libssl.
If the function names missing include RSA or RSAREF you can be certain
that this is because libssl requires the RSA and RSASEF libs to build.
See the INSTALL file section that explains how to add those libs to
configure. Make sure that you remove the config.cache file before you
rerun configure with the new flags.
9. Why do I get problems when I use & in the URL?
In general unix shells, the & letter is treated special and when used it
runs the specified command in the background. To safely send the & as a
part of a URL, you should qoute the entire URL by using single (') or
double (") quotes round it.
An example that would invoke a remote CGI that uses &-letters could be:
# curl "http://www.altavista.com/cgi-bin/query?text=yes&q=curl"
10. How can I use {, }, [ or ] to specify multiple URLs?
Because those letters have a special meaning to the shell, and to be used
in a URL specified to curl you must quote them.
An example that downloads two URLs (sequentially) would do:
# curl '{curl,www}.haxx.se'
11. Where can I find a copy of LIBEAY32.DLL?
That is an OpenSSL binary built for Windows.
Curl uses OpenSSL to do the SSL stuff. The LIBEAY32.DLL is what curl needs
on a windows machine to do https://. Check out the curl web page to find
accurate and up-to-date pointers to recent OpenSSL DDLs and other binary
packages.
12. Why do I get downloaded data even though the web page doesn't exist?
Curl asks remote servers for the page you specify. If the page doesn't
exist at the server, the HTTP protocol defines how the server should
respond and that means that headers and a "page" will be returned. That's
simply how HTTP works.
By using the --fail option you can tell curl explicitly to not get any data
if the HTTP return code doesn't say success.
13. Why do I get "HTTP/1.1 403 Forbidden" from a http server?
RFC2616 clearly explains this return code:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the
reason for the refusal in the entity. If the server does not wish to
make this information available to the client, the status code 404
(Not Found) can be used instead.
14. How can I disable the Pragma: nocache header?
You can change all internally generated headers by adding a replacement
with the -H/--header option. By adding a header with empty contents you
safelt disables the headers. Use -H "Pragma:" to disable that specific
header.
15. Can you tell me what error code 142 means?
All error codes that are larger than the highest documented error code
means that curl has existed due to a timeout. There is currentl no nice way
for curl to abort from such a condition and that's why it gets this
undocumented error. This is planned to change in a future release.
16. How do I keep usernames and passwords secret in Curl command lines?
I see this problem as two parts:
The first part is to avoid having clear-text passwords in the command line
so that they don't appear in 'ps' outputs and similar. That is easily
avoided by using the "-K" option that tells curl to read parameters from a
file or stdin to which you can pass the secret info.
To keep the passwords in your account secret from the rest of the world is
not a task that curl addresses. You could of course encrypt them somehow to
at least hide them from being read by human eyes, but that is not what
anyone would call security.
17. Does curl support javascript, ASP, XML, XHTML or HTML version Y?
To curl, all contents are alike. It doesn't matter how the page was
generated. It may be ASP, PHP, perl, shell-script, SSI or plain
HTML-files. There's no difference to curl and it doesn't even know what
kind of language that generated the page.
Javascript is slightly different since that is code embedded in the HTML
that is sent for the client to interpret and curl has no javascript
interpreter.
18. Does cURL support Socks (RFC 1928) ?
No. Nobody has wanted it that badly yet. I would appriciate patches that
brings this functionality.
19. Can I use curl to delete/rename a file through FTP?
Yes. You specify custom ftp commands with -Q/--quote.
One example would be to delete a file after you have downloaded it:
# curl -O ftp://download.com/coolfile -Q "-DELE coolfile"
|