What HTTP request and response headers do `curl --cert` and `curl --cacert` read and write?
Clash Royale CLAN TAG#URR8PPP
From https://curl.haxx.se/docs/httpscripting.html
In the HTTPS world, you use certificates to validate that you are the
one you claim to be, as an addition to normal passwords. Curl supports
client- side certificates. All certificates are locked with a pass
phrase, which you need to enter before the certificate can be used by
curl. The pass phrase can be specified on the command line or if not,
entered interactively when curl queries for it. Use a certificate with
curl on a HTTPS server like:curl --cert mycert.pem https://secure.example.com
curl also tries to verify that the server is who it claims to be, by
verifying the server's certificate against a locally stored CA cert
bundle. Failing the verification will cause curl to deny the
connection. You must then use --insecure (-k) in case you want to tell
curl to ignore that the server can't be verified. More about server
certificate verification and ca cert bundles can be read in the
SSLCERTS document, available online here:
https://curl.haxx.se/docs/sslcerts.html
At times you may end up with your own CA cert store and then you can
tell curl to use that to verify the server's certificate:curl --cacert ca-bundle.pem https://example.com/
What HTTP request and response headers do curl --cert
and curl --cacert
read and write?
Thanks.
curl http
add a comment |
From https://curl.haxx.se/docs/httpscripting.html
In the HTTPS world, you use certificates to validate that you are the
one you claim to be, as an addition to normal passwords. Curl supports
client- side certificates. All certificates are locked with a pass
phrase, which you need to enter before the certificate can be used by
curl. The pass phrase can be specified on the command line or if not,
entered interactively when curl queries for it. Use a certificate with
curl on a HTTPS server like:curl --cert mycert.pem https://secure.example.com
curl also tries to verify that the server is who it claims to be, by
verifying the server's certificate against a locally stored CA cert
bundle. Failing the verification will cause curl to deny the
connection. You must then use --insecure (-k) in case you want to tell
curl to ignore that the server can't be verified. More about server
certificate verification and ca cert bundles can be read in the
SSLCERTS document, available online here:
https://curl.haxx.se/docs/sslcerts.html
At times you may end up with your own CA cert store and then you can
tell curl to use that to verify the server's certificate:curl --cacert ca-bundle.pem https://example.com/
What HTTP request and response headers do curl --cert
and curl --cacert
read and write?
Thanks.
curl http
add a comment |
From https://curl.haxx.se/docs/httpscripting.html
In the HTTPS world, you use certificates to validate that you are the
one you claim to be, as an addition to normal passwords. Curl supports
client- side certificates. All certificates are locked with a pass
phrase, which you need to enter before the certificate can be used by
curl. The pass phrase can be specified on the command line or if not,
entered interactively when curl queries for it. Use a certificate with
curl on a HTTPS server like:curl --cert mycert.pem https://secure.example.com
curl also tries to verify that the server is who it claims to be, by
verifying the server's certificate against a locally stored CA cert
bundle. Failing the verification will cause curl to deny the
connection. You must then use --insecure (-k) in case you want to tell
curl to ignore that the server can't be verified. More about server
certificate verification and ca cert bundles can be read in the
SSLCERTS document, available online here:
https://curl.haxx.se/docs/sslcerts.html
At times you may end up with your own CA cert store and then you can
tell curl to use that to verify the server's certificate:curl --cacert ca-bundle.pem https://example.com/
What HTTP request and response headers do curl --cert
and curl --cacert
read and write?
Thanks.
curl http
From https://curl.haxx.se/docs/httpscripting.html
In the HTTPS world, you use certificates to validate that you are the
one you claim to be, as an addition to normal passwords. Curl supports
client- side certificates. All certificates are locked with a pass
phrase, which you need to enter before the certificate can be used by
curl. The pass phrase can be specified on the command line or if not,
entered interactively when curl queries for it. Use a certificate with
curl on a HTTPS server like:curl --cert mycert.pem https://secure.example.com
curl also tries to verify that the server is who it claims to be, by
verifying the server's certificate against a locally stored CA cert
bundle. Failing the verification will cause curl to deny the
connection. You must then use --insecure (-k) in case you want to tell
curl to ignore that the server can't be verified. More about server
certificate verification and ca cert bundles can be read in the
SSLCERTS document, available online here:
https://curl.haxx.se/docs/sslcerts.html
At times you may end up with your own CA cert store and then you can
tell curl to use that to verify the server's certificate:curl --cacert ca-bundle.pem https://example.com/
What HTTP request and response headers do curl --cert
and curl --cacert
read and write?
Thanks.
curl http
curl http
edited Jan 30 at 17:51
Tim
asked Jan 30 at 17:37
TimTim
27.2k78262472
27.2k78262472
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.
With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.
Telling curl
to use --cacert
and --cert
will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497743%2fwhat-http-request-and-response-headers-do-curl-cert-and-curl-cacert-read%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.
With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.
Telling curl
to use --cacert
and --cert
will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.
add a comment |
Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.
With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.
Telling curl
to use --cacert
and --cert
will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.
add a comment |
Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.
With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.
Telling curl
to use --cacert
and --cert
will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.
Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.
With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.
Telling curl
to use --cacert
and --cert
will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.
edited Jan 31 at 0:33
answered Jan 31 at 0:28
Stephen HarrisStephen Harris
26.3k24779
26.3k24779
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497743%2fwhat-http-request-and-response-headers-do-curl-cert-and-curl-cacert-read%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown