From Fedora Project Wiki
Emaldonado (talk | contribs) (curl test) |
Emaldonado (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction. | curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction. | ||
1. Set SSL_DIR environment variable to path of your NSS database. If the variable is not set, "/etc/pki/nssdb" is used. | 1. Set SSL_DIR environment variable to path of your NSS database. | ||
If the variable is not set, "/etc/pki/nssdb" is used. | |||
2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL. The SSL connection is usually initiated by accessing a "https://" URL. | 2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL. | ||
The SSL connection is usually initiated by accessing a "https://" URL. | |||
3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format. You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s). | 3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format. You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s). | ||
4. You can also access https URLs protected by a client certificate. If you don't specify the certificate manually, NSS tries to select the right one | 4. You can also access https URLs protected by a client certificate. | ||
If you don't specify the certificate manually, NSS tries to select the right one | |||
from the NSS database) automatically. You can specify it's nickname by curl's | |||
option --cert. | |||
* NOTE: You can try to set SSL_DIR to another database to search the certificates in, | |||
e.g. the database used by Firefox. | |||
5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert. | 5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert. | ||
6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass. | 6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass. | ||
Revision as of 15:04, 7 October 2009
curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). The command is designed to work without user interaction.
1. Set SSL_DIR environment variable to path of your NSS database.
If the variable is not set, "/etc/pki/nssdb" is used.
2. You don't need to turn on NSS support explicitly, curl always uses NSS for SSL.
The SSL connection is usually initiated by accessing a "https://" URL.
3. Root CA certificates are read by default from "/etc/pki/tls/certs/ca-bundle.crt" in the PEM format. You can specify another CA certificate (or bundle) by curl's option --cacert. The mandatory argument is then a PEM file containing CA certificate(s).
4. You can also access https URLs protected by a client certificate.
If you don't specify the certificate manually, NSS tries to select the right one from the NSS database) automatically. You can specify it's nickname by curl's option --cert.
- NOTE: You can try to set SSL_DIR to another database to search the certificates in,
e.g. the database used by Firefox.
5. By the curl's option --cert you can also specify a PEM file containing the client certificate. This should be sufficient if the key is embedded in the cert.
6. To specify a bare key use curl's option --key. The mandatory argument is a PEM file containing the key. If the key is protected by a pass-phrase, you can give it by curl's option --pass.