From Fedora Project Wiki

(curl test)
 
No edit summary
Line 1: Line 1:
curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.
curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.


  1. Set SSL_DIR environment variable to path of your NSS database. If the variable is not set, "/etc/pki/nssdb" is used.
  1. Set SSL_DIR environment variable to path of your NSS database.
If the variable is not set, "/etc/pki/nssdb" is used.


  2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL. The SSL connection is usually initiated by accessing a "https://" URL.
  2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL.  
The SSL connection is usually initiated by accessing a "https://" URL.


  3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format.  You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s).
  3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format.  You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s).


  4. You can also access https URLs protected by a client certificate. If you don't specify the certificate manually, NSS tries to select the right one (from the NSS database) automatically. You can specify it's nickname by curl's option --cert.
  4. You can also access https URLs protected by a client certificate.  
    * NOTE: You can try to set SSL_DIR to another database to search the certificates in, e.g. the database used by Firefox.
If you don't specify the certificate manually, NSS tries to select the right one  
from the NSS database) automatically. You can specify it's nickname by curl's  
option --cert.
* NOTE: You can try to set SSL_DIR to another database to search the certificates in,  
  e.g. the database used by Firefox.


  5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert.
  5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert.


  6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass.
  6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass.

Revision as of 15:04, 7 October 2009

curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.

1. Set SSL_DIR environment variable to path of your NSS database.

If the variable is not set, "/etc/pki/nssdb" is used.

2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL. 

The SSL connection is usually initiated by accessing a "https://" URL.

3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format.  You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s).
4. You can also access https URLs protected by a client certificate. 

If you don't specify the certificate manually, NSS tries to select the right one from the NSS database) automatically. You can specify it's nickname by curl's option --cert.

  • NOTE: You can try to set SSL_DIR to another database to search the certificates in,
  e.g. the database used by Firefox.
5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert.
6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass.