Tech Bolek via curl-users | 17 Jul 02:51 2015
Picon

SHA2 support

Hello, as of which version does curl support SHA2? Our client is runing curl-7.16.4 and we would like to know if this one has SHA2 support. Thanks.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Hector Chan | 13 Jul 20:54 2015
Picon

curl and dual stack mode IPv4 and IPv6

Hi,

How does curl work with a domain with dual stack IPv4 and IPv6?  Without messing with the -4 and -6 options, which address would curl pick ?  Does curl pick the first address or IPv6 over IPv4, etc ?

Thanks,
Hector
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
David Niklas | 13 Jul 17:22 2015
Picon

Curl downloads file that is way too big

Hello,
I was trying to download this file from archive.org see here:
https://archive.org/download/wpa-tables-renderman/
and then suddenly, I got a message that the file size limit on my
system was exceeded, yet the file's size, according to the server and
the html page where I got the link from states it a MUCH smaller.
All output is in the attachment.
My curl version is 7.42.1.

Thanks
-rw-r----- 1 me me 1073741824 Jul 13 11:13 33gb_set.tar
curl -O -D - -C - https://ia801900.us.archive.org/28/items/wpa-tables-renderman/33gb_set.tar

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  
Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 13 Jul 2015 14:32:17 GMT
Content-Type: application/x-tar
Content-Length: 41814036480
Last-Modified: Tue, 15 Oct 2013 00:27:09 GMT
Connection: keep-alive
ETag: "525c8bdd-9bc4f9000"
Expires: Mon, 13 Jul 2015 20:32:17 GMT
Cache-Control: max-age=21600
Accept-Ranges: bytes

  2 38.9G    2 1023M    0     0   427k      0 26:31:01  0:40:51 25:50:10  415kFile size limit exceeded
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Oceanet - Cédric BASSAGET | 10 Jul 09:44 2015

"alert unknown ca" using -k option

Hello,

I'm facing an issue where curl says :
curl: (56) SSL read: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 
alert unknown ca, errno 0

Looking in the man page, I found that option --insecure should fix the 
problem, but it does not :

[root <at> sar-s1 cert]# sudo -u ftp_assur curl -i 
https://xxx.fr/routmedassur/services/portailsso.wsdl -v --key 
/etc/pki/tls/private/assur.com.key --cert 
/home/sites/www.assur.com/web/cert/dev.assur.com.crt --insecure
*   Trying 80.124.164.150...
* Connected to xxx.fr (80.124.x.x) port 443 (#0)
* Cipher selection: 
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4: <at> STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
   CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS change cipher, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* Server certificate:
*      subject: O=ARKEA; OU=ARKEA TEST ENVIRONMENT; CN=xxx
*      start date: 2010-02-01 08:50:15 GMT
*      expire date: 2020-01-30 08:50:15 GMT
*      issuer: C=FR; ST=FR-29; L=city; O=Federal Service; 
OU=Certification Authority; CN=Federal Service CA; emailAddress=mail <at> mail.fr
*      SSL certificate verify result: unable to get local issuer 
certificate (20), continuing anyway.
 > GET /routmedassur/services/portailsso.wsdl HTTP/1.1
 > Host: xxx.fr
 > User-Agent: curl/7.43.0
 > Accept: */*
 >
* TLSv1.0 (IN), TLS handshake, Hello request (0):
* TLSv1.0 (OUT), TLS handshake, Client hello (1):
* TLSv1.0 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Request CERT (13):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Certificate (11):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS handshake, CERT verify (15):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS alert, Server hello (2):
* SSL read: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert 
unknown ca, errno 0
* Closing connection 0
curl: (56) SSL read: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 
alert unknown ca, errno 0

Isn't -k option made for allowing unknown CAs ?
As the company does not want to give me it's CA, what can I do ?

ftp_assur has correct permissions on key and cert files.

Regards,
Cédric
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Oceanet - Cédric BASSAGET | 8 Jul 10:24 2015

cURL / unable to set private key file

Hello,
I have a problem since I updated curl 7.19 to 7.43.

I'm trying to query a ssl distant website, with the following command line :
curl -ivk https://website/portailsso.wsdl \
     --key /etc/pki/tls/private/private.key \
     --cert /home/sites/xxx/web/cert/cert.crt \
     [ --cacert /etc/pki/tls/certs/cacert.pem ]

And I always get the following error :
*   Trying x.x.x.x...
* Connected to hml-xxx.fr (x.x.x.x) port 443 (#0)
* unable to set private key file: '/etc/pki/tls/private/private.key' 
type PEM
* Closing connection 0
curl: (58) unable to set private key file: 
'/etc/pki/tls/private/private.key' type PEM

I've tried to convert my private key to rsa key : same error
tried to add a passphrase to private key : same error.

I've ask on IRC channel (#curl <at> freenode) but everybody seems to sleep 
there ;)

Thanks in advance for your help.
Regards,
Cédric
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Yaron Illouz | 30 Jun 19:37 2015

write different files to disk from an multipart/x-mixed-replace; boundary=END

Hi

 

Hi am trying to get multiple files from a http post reponse.

I know how to write the response as one file but I don't know how to write it as different files to disk.

How do I write the file that arrive in the answer as different files?


For now the output is written to screen as one part (with the --END)

The request is sent from c++ code using curl

    CURL *curl;

    FILE *fp;

    CURLcode res;

 

    curl = curl_easy_init();

    if(curl)

    {

            //fp = fopen(pi_sRequests.c_str(),"wb");

            struct curl_slist *headers=NULL;

 

//headers = curl_slist_append(headers, "Content-Type: multipart/x-mixed-replace;boundary=END");

            curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers );

 

            curl_easy_setopt(curl, CURLOPT_URL, "http://172.16.5.178:8080/module/FileServlet");

            curl_easy_setopt(curl, CURLOPT_POSTFIELDS,pi_sRequests.c_str());

            //curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_to_file);

            //curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);

            res = curl_easy_perform(curl);

 

            /* always cleanup */

            curl_easy_cleanup(curl);

            //fclose(fp);

    }

The response arrive from code writen in java. I took code from Can i attach multiple attachments in one HttpServletResponse

response.setContentType("multipart/x-mixed-replace;boundary=END");

ServletOutputStream out = response.getOutputStream();

out.println("--END");

for(File f:files){

      FileInputStream fis = new FileInputStream(file);

      BufferedInputStream fif = new BufferedInputStream(fis);

      int data = 0;

      out.println("--END");

      while ((data = fif.read()) != -1) {

        out.write(data);

      }

      fif.close();

      out.println("--END");

      out.flush();

}

out.flush();

out.println("--END--");

out.close();

 

 

My question is also on stackoverflow http://stackoverflow.com/questions/31144560/write-multiple-file-from-a-post-reponse-with-curl

 

 

 

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Aaron Couts | 23 Jun 17:59 2015
Picon

command-line tool / SFTP / 644 permissions

I recently ran into an issue while attempting to download a file from my SFTP server using the curl command-line tool.

$ curl sftp://<user>:<password> <at> <server>/<file> -o <file>
curl: (9) Could not open remote file for reading: Permission denied

The remote file has 664 permissions, so there shouldn't be a permissions issue.  My SFTP server logs show that curl is attempting to change the permissions on the file:

Jun 23 15:16:05 mod_sftp/0.9.7[15657]: error changing permissions of '/<file>' to 0100644: Operation not permitted

My SFTP user is not the owner of the file, which is why the chmod command fails.  When I change the permissions from 664 to 644, I can download the file with curl, and my SFTP logs don't show any attempt to change the permissions.

Is there any way to suppress the chmod command that curl is running?  I haven't been able to find anything about this in the documentation, the curl-users archive, or on google.  Hopefully I'm not missing something obvious.

My SFTP server is ProFTPD 1.3.3g with mod_sftp.  I've tested this issue with curl 7.43.0 and 7.19.7.

Thanks,
Aaron



-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Bogdan Harjoc | 22 Jun 12:59 2015
Picon

anyauth for proxy authentication

I can't seem to make curl autodetect that the proxy I specified with --proxy-user requires Digest authentication. It works if I specify --proxy-digest, but if I just say --anyauth it gives up after the first 407 response. 

The command is:

curl --proxy 10.10.0.1:3128 --anyauth --proxy-user user:test --fail http://example.com

With wireshark I see curl sends this in the very first request:

Proxy-Authorization: Basic dXNlcjp0ZXN0

Instead, from the docs it seems it should not send proxy-auth at all, and wait for the 40x response, which contains this:

Proxy-Authenticate: Digest realm="secret", nonce="CemHVQAAAACALrv8qn8AAHRyugkAAAAA", qop="auth", stale=false

Is there a way to resolve this without source code changes ?

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
CJ Ess | 21 Jun 04:01 2015
Picon

Possible bug w/ alternate SSL locations

I think I've found a bug with using alternate SSL locations with curl.

I built a local copy of OpenSSL:

tar -xzf openssl-1.0.2c.tar.gz
cd openssl-1.0.2c
./config --prefix=/home/zxcvbn4038/local zlib
make
make test
make install

Then I tried to use it this way:

cd curl
./buildconf
PKG_CONFIG_LIBDIR=/home/zxcvbn4038/local/lib/pkgconfig/ ./configure --prefix=/home/zxcvbn4038/local

Looking at the configure output it is picking up my alternate openssl package config from ~/local/lib, however to work right it requires SSL_LDFLAGS and SSL_CPPFLAGS to be set which is normally not the case (on Linux at least) and I'm pretty sure they are not, so configure can't find the symbols it is looking for when linking its tests and thinks OpenSSL is not installed. I've tried to confirm however configure is some thick scripting and I can't work out exactly where the tests are being done (I see the code for that is compiled for the test, but not whats invoking gcc or where I might need to add linker flags).

I've also tried to use the alternate library this way:

cd curl
./buildconf
./configure --prefix=/home/zxcvbn4038/local --with-ssl=/home/zxcvbn4038/openssl-1.0.2c

And this time configure finds OpenSSL, enables it, and compiles. However when linking I get these errors:

../lib/.libs/libcurl.so: undefined reference to `SSL_get0_alpn_selected'
../lib/.libs/libcurl.so: undefined reference to `SSL_CTX_set_alpn_protos'

Both of those symbols are present in my alternate OpenSSL library, however they are not present in the system OpenSSL library, so again it appears that we're not setting up the right linker flags in that scenario either.

Both of these seem to be completely reproducible, so I'm hoping that someone more familiar with configure can duplicate my results and put together a fix.


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Hongyi Zhao | 19 Jun 05:35 2015
Picon

Using curl to list the entries for a ftp/http site recursively.

Hi Developer,

How can I use  curl to list the entries for a ftp/http site recursively?

Regards
--

-- 
Hongyi Zhao <hongyi.zhao <at> gmail.com>
Xinjiang Technical Institute of Physics and Chemistry
Chinese Academy of Sciences
GnuPG DSA: 0xD108493
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Sourin Maiti | 10 Jun 23:55 2015
Picon

Need to send and receive xml data using curl

I use SoapUI to verify my responses below are the sample details. I am planning to automate the processes in linux. How can I achieve it using curl? or wget? I would like to receive the result in a file. 

Raw SoapUI request:

Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
Authorization: Basic R1dTL0FQT1RFU1RJTkdVU0VSOkFwMHRlc3Rpbmc=
Content-Length: 7082
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://webservices.galileo.com">
   <soapenv:Header/>
   <soapenv:Body>
      <web:SubmitXml>
X
X
X
X
X
X
X

      </web:SubmitXml>
   </soapenv:Body>
</soapenv:Envelope>



Really Appreciate your response. 

--
with regards,
Sourin Maiti
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Gmane