What HTTP request and response headers do `curl --cert` and `curl --cacert` read and write?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















From https://curl.haxx.se/docs/httpscripting.html




In the HTTPS world, you use certificates to validate that you are the
one you claim to be, as an addition to normal passwords. Curl supports
client- side certificates. All certificates are locked with a pass
phrase, which you need to enter before the certificate can be used by
curl. The pass phrase can be specified on the command line or if not,
entered interactively when curl queries for it. Use a certificate with
curl on a HTTPS server like:



curl --cert mycert.pem https://secure.example.com


curl also tries to verify that the server is who it claims to be, by
verifying the server's certificate against a locally stored CA cert
bundle. Failing the verification will cause curl to deny the
connection. You must then use --insecure (-k) in case you want to tell
curl to ignore that the server can't be verified. More about server
certificate verification and ca cert bundles can be read in the
SSLCERTS document, available online here:
https://curl.haxx.se/docs/sslcerts.html



At times you may end up with your own CA cert store and then you can
tell curl to use that to verify the server's certificate:



 curl --cacert ca-bundle.pem https://example.com/



What HTTP request and response headers do curl --cert and curl --cacert read and write?



Thanks.










share|improve this question




























    0















    From https://curl.haxx.se/docs/httpscripting.html




    In the HTTPS world, you use certificates to validate that you are the
    one you claim to be, as an addition to normal passwords. Curl supports
    client- side certificates. All certificates are locked with a pass
    phrase, which you need to enter before the certificate can be used by
    curl. The pass phrase can be specified on the command line or if not,
    entered interactively when curl queries for it. Use a certificate with
    curl on a HTTPS server like:



    curl --cert mycert.pem https://secure.example.com


    curl also tries to verify that the server is who it claims to be, by
    verifying the server's certificate against a locally stored CA cert
    bundle. Failing the verification will cause curl to deny the
    connection. You must then use --insecure (-k) in case you want to tell
    curl to ignore that the server can't be verified. More about server
    certificate verification and ca cert bundles can be read in the
    SSLCERTS document, available online here:
    https://curl.haxx.se/docs/sslcerts.html



    At times you may end up with your own CA cert store and then you can
    tell curl to use that to verify the server's certificate:



     curl --cacert ca-bundle.pem https://example.com/



    What HTTP request and response headers do curl --cert and curl --cacert read and write?



    Thanks.










    share|improve this question


























      0












      0








      0








      From https://curl.haxx.se/docs/httpscripting.html




      In the HTTPS world, you use certificates to validate that you are the
      one you claim to be, as an addition to normal passwords. Curl supports
      client- side certificates. All certificates are locked with a pass
      phrase, which you need to enter before the certificate can be used by
      curl. The pass phrase can be specified on the command line or if not,
      entered interactively when curl queries for it. Use a certificate with
      curl on a HTTPS server like:



      curl --cert mycert.pem https://secure.example.com


      curl also tries to verify that the server is who it claims to be, by
      verifying the server's certificate against a locally stored CA cert
      bundle. Failing the verification will cause curl to deny the
      connection. You must then use --insecure (-k) in case you want to tell
      curl to ignore that the server can't be verified. More about server
      certificate verification and ca cert bundles can be read in the
      SSLCERTS document, available online here:
      https://curl.haxx.se/docs/sslcerts.html



      At times you may end up with your own CA cert store and then you can
      tell curl to use that to verify the server's certificate:



       curl --cacert ca-bundle.pem https://example.com/



      What HTTP request and response headers do curl --cert and curl --cacert read and write?



      Thanks.










      share|improve this question
















      From https://curl.haxx.se/docs/httpscripting.html




      In the HTTPS world, you use certificates to validate that you are the
      one you claim to be, as an addition to normal passwords. Curl supports
      client- side certificates. All certificates are locked with a pass
      phrase, which you need to enter before the certificate can be used by
      curl. The pass phrase can be specified on the command line or if not,
      entered interactively when curl queries for it. Use a certificate with
      curl on a HTTPS server like:



      curl --cert mycert.pem https://secure.example.com


      curl also tries to verify that the server is who it claims to be, by
      verifying the server's certificate against a locally stored CA cert
      bundle. Failing the verification will cause curl to deny the
      connection. You must then use --insecure (-k) in case you want to tell
      curl to ignore that the server can't be verified. More about server
      certificate verification and ca cert bundles can be read in the
      SSLCERTS document, available online here:
      https://curl.haxx.se/docs/sslcerts.html



      At times you may end up with your own CA cert store and then you can
      tell curl to use that to verify the server's certificate:



       curl --cacert ca-bundle.pem https://example.com/



      What HTTP request and response headers do curl --cert and curl --cacert read and write?



      Thanks.







      curl http






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 30 at 17:51







      Tim

















      asked Jan 30 at 17:37









      TimTim

      27.2k78262472




      27.2k78262472




















          1 Answer
          1






          active

          oldest

          votes


















          2














          Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.



          With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.



          Telling curl to use --cacert and --cert will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.






          share|improve this answer
























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497743%2fwhat-http-request-and-response-headers-do-curl-cert-and-curl-cacert-read%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.



            With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.



            Telling curl to use --cacert and --cert will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.






            share|improve this answer





























              2














              Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.



              With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.



              Telling curl to use --cacert and --cert will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.






              share|improve this answer



























                2












                2








                2







                Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.



                With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.



                Telling curl to use --cacert and --cert will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.






                share|improve this answer















                Note that TLS is independent of HTTP. Other protocols may be passed over TLS (eg LDAP, SMTP, NNTP,...). Basically, TLS does "low level encryption" of the data channel, and then you can pass anything over it.



                With HTTPS, the HTTP traffic is layered on top of TLS. Things that happen at the TLS layer (TLS version; cipher negotiation; certificate validation; SNI) are "low level" compared to HTTP, and invisible to the HTTP layer.



                Telling curl to use --cacert and --cert will tell the program to send a client side cert to the server, which is processed at the TLS layer, and is invisble to the HTTP layer. A web server may expose the CN of the client to a CGI program, or expose it to an authentication module, but this is all done outside of the HTTP request.







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Jan 31 at 0:33

























                answered Jan 31 at 0:28









                Stephen HarrisStephen Harris

                26.3k24779




                26.3k24779



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f497743%2fwhat-http-request-and-response-headers-do-curl-cert-and-curl-cacert-read%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?