moooofly
commented
5 years ago 证书相关
--cert-type <type>
(SSL) 告知 curl 当前提供的 certificate 位于何种 certificate type 之中;PEM, DER 和 ENG 是可识别的类型;若未指定,则默认当做 PEM ;
该选项若指定多次,则最后一个设置值被使用;
--cacert <CA certificate>
(SSL) 让 curl 使用指定的 certificate 文件来验证 peer 端;该文件中可能同时包含多个 CA certificates ;certificate(s) 必须是 PEM 格式;通常情况下,curl 会在指定路径(/etc/ssl/certs)下查找默认的 CA 文件来进行验证;
curl 能够识别名为 'CURL_CA_BUNDLE' 的环境变量,并使用其值(路径)作为定位 CA cert bundle 的位置;--cacert 的设置能够覆盖环境变量值;
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module (libnsspem.so) needs to be available for this option to work properly.
该选项若指定多次,则最后一个设置被使用;
--capath <CA certificate directory>
(SSL) 让 curl 使用指定的 certificate directory 来查找用于验证 peer 的证书;可以通过 ":" 分隔多个 paths 值 (e.g. "path1:path2:path3"). certificates 必须是 PEM 格式;
if curl is built against OpenSSL, the directory must have been processed using the c_rehash utility supplied with OpenSSL.
与使用 --cacert 进行证书指定,并且所指定文件中包含许多 CA certificates 相比,使用 --capath 可以令 OpenSSL-powered curl 创建 SSL-connections 时更加高效;
If this option is set, the default capath value will be ignored, and if it is used several times, the last one will be used.
相关:
authentication 相关
-u, --user <user:password>Specify the user name and password to use for server authentication.
If you simply specify the user name, curl will prompt for a password.
The user name and passwords are split up on the first colon, which makes it impossible to use a colon in the user name with this option. The password can, still.
If this option is used several times, the last one will be used.
产生类似
Authorization: Basic Zm9vOmJhcg==的 header-U, --proxy-user <user:password>Specify the user name and password to use for proxy authentication.
产生类似
Proxy-Authorization: Basic Zm9vOmJhcg==的 header--basic(HTTP) Tells curl to use HTTP Basic authentication with the remote host. This is the default and this option is usually pointless, unless you use it to override a previously set option that sets a different authentication method (such as
--ntlm,--digest, or--negotiate).这个设置通常没用,因为默认就是 HTTP Basic authentication 方式;
Used together with
-u, --userand-x, --proxy.See also
--proxy-basic.--proxy-basicTells curl to use HTTP Basic authentication when communicating with the given proxy. Use
--basicfor enabling HTTP Basic with a remote host. Basic is the default authentication method curl uses with proxies.--proxy-digestTells curl to use HTTP Digest authentication when communicating with the given proxy. Use
--digestfor enabling HTTP Digest with a remote host.Header 设置相关
-H, --header <header>(HTTP) Extra header to include in the request when sending HTTP to a server. You may specify any number of extra headers.
Starting in 7.37.0, you need
--proxy-headerto send custom headers intended for a proxy.--proxy-header <header>(HTTP) Extra header to include in the request when sending HTTP to a proxy. You may specify any number of extra headers. This is the equivalent option to
-H, --headerbut is for proxy communication only like inCONNECTrequests when you want a separate header sent to the proxy to what is sent to the actual remote host.该 header 仅包含在于 proxy 的通信中;例如作为
CONNECT方法的 header 传给 proxy ,而不会传给真正的 remote host ;Headers specified with this option will not be included in requests that curl knows will not be sent to a proxy.
This option can be used multiple times to add/replace/remove multiple headers.
(Added in 7.37.0)
代理设置相关
--noproxy <no-proxy-list>Comma-separated list of hosts which do not use a proxy, if one is specified. The only wildcard is a single * character, which matches all hosts, and effectively disables the proxy. Each name in this list is matched as either a domain which contains the hostname, or the hostname itself. For example,
local.comwould matchlocal.com,local.com:80, andwww.local.com, but notwww.notlocal.com. (Added in 7.19.4).-p, --proxytunnelWhen an HTTP proxy is used (
-x, --proxy), this option will cause non-HTTP protocols to attempt to tunnel through the proxy instead of merely using it to do HTTP-like operations. The tunnel approach is made with the HTTP proxy CONNECT request and requires that the proxy allows direct connect to the remote port number curl wants to tunnel through to.--proxy-anyauthTells curl to pick a suitable authentication method when communicating with the given proxy. This might cause an extra request/response round-trip. (Added in 7.13.2)
-x, --proxy <[protocol://][user:password@]proxyhost[:port]>Use the specified proxy.
The proxy string can be specified with a
protocol://prefix to specify alternative proxy protocols. Usesocks4://,socks4a://,socks5://orsocks5h://to request the specific SOCKS version to be used. No protocol specified,http://and all others will be treated as HTTP proxies. (The protocol support was added in curl 7.21.7)If the port number is not specified in the proxy string, it is assumed to be 1080.
This option overrides existing environment variables that set the proxy to use. If there's an environment variable setting a proxy, you can set proxy to "" to override it.
All operations that are performed over an HTTP proxy will transparently be converted to HTTP. It means that certain protocol specific operations might not be available. This is not the case if you can tunnel through the proxy, as one with the
-p, --proxytunneloption.User and password that might be provided in the proxy string are URL decoded by curl. This allows you to pass in special characters such as @ by using %40 or pass in a colon with %3a.
The proxy host can be specified the exact same way as the proxy environment variables, including the protocol prefix (
http://) and the embedded user + password.If this option is used several times, the last one will be used.
代理相关环境变量
The environment variables can be specified in lower case or upper case. The lower case version has precedence.
http_proxyis an exception as it is only available in lower case.Using an environment variable to set the proxy has the same effect as using the
--proxyoption.http_proxy [protocol://]<host>[:port]Sets the proxy server to use for HTTP.
HTTPS_PROXY [protocol://]<host>[:port]Sets the proxy server to use for HTTPS.
[url-protocol]_PROXY [protocol://]<host>[:port]Sets the proxy server to use for [url-protocol], where the protocol is a protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, SMTP, LDAP etc.
ALL_PROXY [protocol://]<host>[:port]Sets the proxy server to use if no protocol-specific proxy is set.
NO_PROXY <comma-separated list of hosts>list of host names that shouldn't go through any proxy. If set to a asterisk '*' only, it matches all hosts.