47
47
<p class="level0">libcurl-tutorial - libcurl programming tutorial <a name="Objective"></a><h2 class="nroffsh">Objective</h2>
48
48
<p class="level0">This document attempts to describe the general principles and some basic approaches to consider when programming with libcurl. The text will focus mainly on the C interface but might apply fairly well on other interfaces as well as they usually follow the C one pretty closely.
49
49
<p class="level0">This document will refer to 'the user' as the person writing the source code that uses libcurl. That would probably be you or someone in your position. What will be generally referred to as 'the program' will be the collected source code that you write that is using libcurl for transfers. The program is outside libcurl and libcurl is outside of the program.
50
<p class="level0">To get the more details on all options and functions described herein, please refer to their respective man pages.
50
<p class="level0">To get more details on all options and functions described herein, please refer to their respective man pages.
51
51
<p class="level0"><a name="Building"></a><h2 class="nroffsh">Building</h2>
52
<p class="level0">There are many different ways to build C programs. This chapter will assume a unix-style build process. If you use a different build system, you can still read this to get general information that may apply to your environment as well.
52
<p class="level0">There are many different ways to build C programs. This chapter will assume a UNIX-style build process. If you use a different build system, you can still read this to get general information that may apply to your environment as well.
53
53
<p class="level0"><a name="Compiling"></a><span class="nroffip">Compiling the Program</span>
54
54
<p class="level1">Your compiler needs to know where the libcurl headers are located. Therefore you must set your compiler's include path to point to the directory where you installed them. The 'curl-config'[3] tool can be used to get this information:
55
55
<p class="level1">$ curl-config --cflags
61
61
<p class="level0"><a name="SSL"></a><span class="nroffip">SSL or Not</span>
62
62
<p class="level1">libcurl can be built and customized in many ways. One of the things that varies from different libraries and builds is the support for SSL-based transfers, like HTTPS and FTPS. If a supported SSL library was detected properly at build-time, libcurl will be built with SSL support. To figure out if an installed libcurl has been built with SSL support enabled, use 'curl-config' like this:
63
63
<p class="level1">$ curl-config --feature
64
<p class="level1">And if SSL is supported, the keyword 'SSL' will be written to stdout, possibly together with a few other features that can be on and off on different libcurls.
64
<p class="level1">And if SSL is supported, the keyword 'SSL' will be written to stdout, possibly together with a few other features that could be either on or off on for different libcurls.
65
65
<p class="level1">See also the "Features libcurl Provides" further down.
66
66
<p class="level0"><a name="autoconf"></a><span class="nroffip">autoconf macro</span>
67
67
<p class="level1">When you write your configure script to detect libcurl and setup variables accordingly, we offer a prewritten macro that probably does everything you need in this area. See docs/libcurl/libcurl.m4 file - it includes docs on how to use it.
68
68
<p class="level1"><a name="Portable"></a><h2 class="nroffsh">Portable Code in a Portable World</h2>
69
69
<p class="level0">The people behind libcurl have put a considerable effort to make libcurl work on a large amount of different operating systems and environments.
70
<p class="level0">You program libcurl the same way on all platforms that libcurl runs on. There are only very few minor considerations that differs. If you just make sure to write your code portable enough, you may very well create yourself a very portable program. libcurl shouldn't stop you from that.
70
<p class="level0">You program libcurl the same way on all platforms that libcurl runs on. There are only very few minor considerations that differ. If you just make sure to write your code portable enough, you may very well create yourself a very portable program. libcurl shouldn't stop you from that.
71
71
<p class="level0"><a name="Global"></a><h2 class="nroffsh">Global Preparation</h2>
72
72
<p class="level0">The program must initialize some of the libcurl functionality globally. That means it should be done exactly once, no matter how many times you intend to use the library. Once for your program's entire life time. This is done using
73
73
<p class="level0"> curl_global_init()
76
76
<p class="level0"><a name="CURLGLOBALWIN32"></a><span class="nroffip">CURL_GLOBAL_WIN32</span>
77
77
<p class="level1">which only does anything on Windows machines. When used on a Windows machine, it'll make libcurl initialize the win32 socket stuff. Without having that initialized properly, your program cannot use sockets properly. You should only do this once for each application, so if your program already does this or of another library in use does it, you should not tell libcurl to do this as well.
78
78
<p class="level0"><a name="CURLGLOBALSSL"></a><span class="nroffip">CURL_GLOBAL_SSL</span>
79
<p class="level1">which only does anything on libcurls compiled and built SSL-enabled. On these systems, this will make libcurl initialize the SSL library properly for this application. This is only needed to do once for each application so if your program or another library already does this, this bit should not be needed.
79
<p class="level1">which only does anything on libcurls compiled and built SSL-enabled. On these systems, this will make libcurl initialize the SSL library properly for this application. This only needs to be done once for each application so if your program or another library already does this, this bit should not be needed.
81
81
<p class="level0">libcurl has a default protection mechanism that detects if <a class="emphasis" href="./curl_global_init.html">curl_global_init(3)</a> hasn't been called by the time <a class="emphasis" href="./curl_easy_perform.html">curl_easy_perform(3)</a> is called and if that is the case, libcurl runs the function itself with a guessed bit pattern. Please note that depending solely on this is not considered nice nor very good.
82
82
<p class="level0">When the program no longer uses libcurl, it should call <a class="emphasis" href="./curl_global_cleanup.html">curl_global_cleanup(3)</a>, which is the opposite of the init call. It will then do the reversed operations to cleanup the resources the <a class="emphasis" href="./curl_global_init.html">curl_global_init(3)</a> call initialized.
114
114
<p class="level0"><a class="emphasis" href="./curl_easy_perform.html">curl_easy_perform(3)</a> will connect to the remote site, do the necessary commands and receive the transfer. Whenever it receives data, it calls the callback function we previously set. The function may get one byte at a time, or it may get many kilobytes at once. libcurl delivers as much as possible as often as possible. Your callback function should return the number of bytes it "took care of". If that is not the exact same amount of bytes that was passed to it, libcurl will abort the operation and return with an error code.
115
115
<p class="level0">When the transfer is complete, the function returns a return code that informs you if it succeeded in its mission or not. If a return code isn't enough for you, you can use the CURLOPT_ERRORBUFFER to point libcurl to a buffer of yours where it'll store a human readable error message as well.
116
116
<p class="level0">If you then want to transfer another file, the handle is ready to be used again. Mind you, it is even preferred that you re-use an existing handle if you intend to make another transfer. libcurl will then attempt to re-use the previous connection.
117
<p class="level0">For some protocols, downloading a file can involve a complicated process of logging in, setting the transfer mode, changing the current directory and finally transferring the file data. libcurl takes care of all that complication for you. Given simply the URL to a file, libcurl will take care of all the details needed to get the file moved from one machine to another.
117
118
<p class="level0"><a name="Multi-threading"></a><h2 class="nroffsh">Multi-threading Issues</h2>
118
119
<p class="level0">The first basic rule is that you must <span Class="bold">never</span> share a libcurl handle (be it easy or multi or whatever) between multiple threads. Only use one handle in one thread at a time.
119
<p class="level0">libcurl is completely thread safe, except for two issues: signals and SSL/TLS handlers. Signals are used timeouting name resolves (during DNS lookup) - when built without c-ares support and not on Windows..
120
<p class="level0">libcurl is completely thread safe, except for two issues: signals and SSL/TLS handlers. Signals are used for timing out name resolves (during DNS lookup) - when built without c-ares support and not on Windows.
120
121
<p class="level0">If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are then of course using the underlying SSL library multi-threaded and those libs might have their own requirements on this issue. Basically, you need to provide one or two functions to allow it to function properly. For all details, see this:
121
122
<p class="level0">OpenSSL
122
123
<p class="level0"> <a href="http://www.openssl.org/docs/crypto/threads.html">http://www.openssl.org/docs/crypto/threads.html</a>#DESCRIPTION
123
124
<p class="level0">GnuTLS
124
125
<p class="level0"> <a href="http://www.gnu.org/software/gnutls/manual/html_node/">http://www.gnu.org/software/gnutls/manual/html_node/</a>Multi_002dthreaded-applications.html
125
126
<p class="level0">NSS
126
<p class="level0"> is claimed to be thread-safe already without anything required
127
<p class="level0"> is claimed to be thread-safe already without anything required.
127
128
<p class="level0">yassl
128
<p class="level0"> Required actions unknown
129
<p class="level0">When using multiple threads you should set the CURLOPT_NOSIGNAL option to TRUE for all handles. Everything will or might work fine except that timeouts are not honored during the DNS lookup - which you can work around by building libcurl with c-ares support. c-ares is a library that provides asynchronous name resolves. Unfortunately, c-ares does not yet fully support IPv6. On some platforms, libcurl simply will not function properly multi-threaded unless this option is set.
129
<p class="level0"> Required actions unknown.
130
<p class="level0">When using multiple threads you should set the CURLOPT_NOSIGNAL option to 1 for all handles. Everything will or might work fine except that timeouts are not honored during the DNS lookup - which you can work around by building libcurl with c-ares support. c-ares is a library that provides asynchronous name resolves. On some platforms, libcurl simply will not function properly multi-threaded unless this option is set.
130
131
<p class="level0">Also, note that CURLOPT_DNS_USE_GLOBAL_CACHE is not thread-safe.
131
132
<p class="level0"><a name="When"></a><h2 class="nroffsh">When It Doesn't Work</h2>
132
133
<p class="level0">There will always be times when the transfer fails for some reason. You might have set the wrong libcurl option or misunderstood what the libcurl option actually does, or the remote server might return non-standard replies that confuse the library which then confuses your program.
133
<p class="level0">There's one golden rule when these things occur: set the CURLOPT_VERBOSE option to TRUE. It'll cause the library to spew out the entire protocol details it sends, some internal info and some received protocol data as well (especially when using FTP). If you're using HTTP, adding the headers in the received output to study is also a clever way to get a better understanding why the server behaves the way it does. Include headers in the normal body output with CURLOPT_HEADER set TRUE.
134
<p class="level0">Of course there are bugs left. We need to get to know about them to be able to fix them, so we're quite dependent on your bug reports! When you do report suspected bugs in libcurl, please include as much details you possibly can: a protocol dump that CURLOPT_VERBOSE produces, library version, as much as possible of your code that uses libcurl, operating system name and version, compiler name and version etc.
134
<p class="level0">There's one golden rule when these things occur: set the CURLOPT_VERBOSE option to 1. It'll cause the library to spew out the entire protocol details it sends, some internal info and some received protocol data as well (especially when using FTP). If you're using HTTP, adding the headers in the received output to study is also a clever way to get a better understanding why the server behaves the way it does. Include headers in the normal body output with CURLOPT_HEADER set 1.
135
<p class="level0">Of course, there are bugs left. We need to know about them to be able to fix them, so we're quite dependent on your bug reports! When you do report suspected bugs in libcurl, please include as many details as you possibly can: a protocol dump that CURLOPT_VERBOSE produces, library version, as much as possible of your code that uses libcurl, operating system name and version, compiler name and version etc.
135
136
<p class="level0">If CURLOPT_VERBOSE is not enough, you increase the level of debug data your application receive by using the CURLOPT_DEBUGFUNCTION.
136
137
<p class="level0">Getting some in-depth knowledge about the protocols involved is never wrong, and if you're trying to do funny things, you might very well understand libcurl and how to use it better if you study the appropriate RFC documents at least briefly.
137
138
<p class="level0"><a name="Upload"></a><h2 class="nroffsh">Upload Data to a Remote Site</h2>
141
142
<p class="level0"> size_t function(char *bufptr, size_t size, size_t nitems, void *userp);
142
143
<p class="level0">Where bufptr is the pointer to a buffer we fill in with data to upload and size*nitems is the size of the buffer and therefore also the maximum amount of data we can return to libcurl in this call. The 'userp' pointer is the custom pointer we set to point to a struct of ours to pass private data between the application and the callback.
143
144
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_READFUNCTION, read_function);
144
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_INFILE, &filedata);
145
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_READDATA, &filedata);
145
146
<p class="level0">Tell libcurl that we want to upload:
146
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_UPLOAD, TRUE);
147
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_UPLOAD, 1L);
147
148
<p class="level0">A few protocols won't behave properly when uploads are done without any prior knowledge of the expected file size. So, set the upload file size using the CURLOPT_INFILESIZE_LARGE for all known file sizes like this[1]:
148
149
<p class="level0"><pre>
149
<p class="level0"> /* in this example, file_size must be an off_t variable */
150
<p class="level0"> /* in this example, file_size must be an curl_off_t variable */
150
151
curl_easy_setopt(easyhandle, CURLOPT_INFILESIZE_LARGE, file_size);
161
162
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_USERPWD, "myname:thesecret");
162
163
<p class="level0">Another case where name and password might be needed at times, is for those users who need to authenticate themselves to a proxy they use. libcurl offers another option for this, the CURLOPT_PROXYUSERPWD. It is used quite similar to the CURLOPT_USERPWD option like this:
163
164
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_PROXYUSERPWD, "myname:thesecret");
164
<p class="level0">There's a long time unix "standard" way of storing ftp user names and passwords, namely in the $HOME/.netrc file. The file should be made private so that only the user may read it (see also the "Security Considerations" chapter), as it might contain the password in plain text. libcurl has the ability to use this file to figure out what set of user name and password to use for a particular host. As an extension to the normal functionality, libcurl also supports this file for non-FTP protocols such as HTTP. To make curl use this file, use the CURLOPT_NETRC option:
165
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_NETRC, TRUE);
165
<p class="level0">There's a long time UNIX "standard" way of storing ftp user names and passwords, namely in the $HOME/.netrc file. The file should be made private so that only the user may read it (see also the "Security Considerations" chapter), as it might contain the password in plain text. libcurl has the ability to use this file to figure out what set of user name and password to use for a particular host. As an extension to the normal functionality, libcurl also supports this file for non-FTP protocols such as HTTP. To make curl use this file, use the CURLOPT_NETRC option:
166
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_NETRC, 1L);
166
167
<p class="level0">And a very basic example of how such a .netrc file may look like:
167
168
<p class="level0"><pre>
168
169
<p class="level0"> machine myhost.mydomain.com
175
176
<p class="level0">To pass the known private key password to libcurl:
176
177
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_KEYPASSWD, "keypassword");
177
178
<p class="level0"><a name="HTTP"></a><h2 class="nroffsh">HTTP Authentication</h2>
178
<p class="level0">The previous chapter showed how to set user name and password for getting URLs that require authentication. When using the HTTP protocol, there are many different ways a client can provide those credentials to the server and you can control what way libcurl will (attempt to) use. The default HTTP authentication method is called 'Basic', which is sending the name and password in clear-text in the HTTP request, base64-encoded. This is insecure.
179
<p class="level0">At the time of this writing libcurl can be built to use: Basic, Digest, NTLM, Negotiate, GSS-Negotiate and SPNEGO. You can tell libcurl which one to use with CURLOPT_HTTPAUTH as in:
179
<p class="level0">The previous chapter showed how to set user name and password for getting URLs that require authentication. When using the HTTP protocol, there are many different ways a client can provide those credentials to the server and you can control which way libcurl will (attempt to) use them. The default HTTP authentication method is called 'Basic', which is sending the name and password in clear-text in the HTTP request, base64-encoded. This is insecure.
180
<p class="level0">At the time of this writing, libcurl can be built to use: Basic, Digest, NTLM, Negotiate, GSS-Negotiate and SPNEGO. You can tell libcurl which one to use with CURLOPT_HTTPAUTH as in:
180
181
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
181
182
<p class="level0">And when you send authentication to a proxy, you can also set authentication type the same way but instead with CURLOPT_PROXYAUTH:
182
183
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
197
198
<p class="level0">
198
199
<p class="level0">Simple enough, huh? Since you set the POST options with the CURLOPT_POSTFIELDS, this automatically switches the handle to use POST in the upcoming request.
199
<p class="level0">Ok, so what if you want to post binary data that also requires you to set the Content-Type: header of the post? Well, binary posts prevents libcurl from being able to do strlen() on the data to figure out the size, so therefore we must tell libcurl the size of the post data. Setting headers in libcurl requests are done in a generic way, by building a list of our own headers and then passing that list to libcurl.
200
<p class="level0">Ok, so what if you want to post binary data that also requires you to set the Content-Type: header of the post? Well, binary posts prevent libcurl from being able to do strlen() on the data to figure out the size, so therefore we must tell libcurl the size of the post data. Setting headers in libcurl requests are done in a generic way, by building a list of our own headers and then passing that list to libcurl.
200
201
<p class="level0"><pre>
201
202
<p class="level0"> struct curl_slist *headers=NULL;
202
203
headers = curl_slist_append(headers, "Content-Type: text/xml");
203
204
<p class="level0"> /* post binary data */
204
205
curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDS, binaryptr);
205
206
<p class="level0"> /* set the size of the postfields data */
206
curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDSIZE, 23);
207
curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDSIZE, 23L);
207
208
<p class="level0"> /* pass our list of custom made headers */
208
209
curl_easy_setopt(easyhandle, CURLOPT_HTTPHEADER, headers);
209
210
<p class="level0"> curl_easy_perform(easyhandle); /* post away! */
250
251
<p class="level0">
251
<p class="level0">Since all options on an easyhandle are "sticky", they remain the same until changed even if you do call <a class="emphasis" href="./curl_easy_perform.html">curl_easy_perform(3)</a>, you may need to tell curl to go back to a plain GET request if you intend to do such a one as your next request. You force an easyhandle to back to GET by using the CURLOPT_HTTPGET option:
252
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_HTTPGET, TRUE);
252
<p class="level0">Since all options on an easyhandle are "sticky", they remain the same until changed even if you do call <a class="emphasis" href="./curl_easy_perform.html">curl_easy_perform(3)</a>, you may need to tell curl to go back to a plain GET request if you intend to do one as your next request. You force an easyhandle to go back to GET by using the CURLOPT_HTTPGET option:
253
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_HTTPGET, 1L);
253
254
<p class="level0">Just setting CURLOPT_POSTFIELDS to "" or NULL will *not* stop libcurl from doing a POST. It will just make it POST without any data to send!
254
255
<p class="level0"><a name="Showing"></a><h2 class="nroffsh">Showing Progress</h2>
255
256
<p class="level0">
256
<p class="level0">For historical and traditional reasons, libcurl has a built-in progress meter that can be switched on and then makes it presents a progress meter in your terminal.
257
<p class="level0">Switch on the progress meter by, oddly enough, set CURLOPT_NOPROGRESS to FALSE. This option is set to TRUE by default.
257
<p class="level0">For historical and traditional reasons, libcurl has a built-in progress meter that can be switched on and then makes it present a progress meter in your terminal.
258
<p class="level0">Switch on the progress meter by, oddly enough, setting CURLOPT_NOPROGRESS to zero. This option is set to 1 by default.
258
259
<p class="level0">For most applications however, the built-in progress meter is useless and what instead is interesting is the ability to specify a progress callback. The function pointer you pass to libcurl will then be called on irregular intervals with information about the current transfer.
259
260
<p class="level0">Set the progress callback by using CURLOPT_PROGRESSFUNCTION. And pass a pointer to a function that matches this prototype:
260
261
<p class="level0"><pre>
335
336
<p class="level0">Re-cycling the same easy handle several times when doing multiple requests is the way to go.
336
337
<p class="level0">After each single <a class="emphasis" href="./curl_easy_perform.html">curl_easy_perform(3)</a> operation, libcurl will keep the connection alive and open. A subsequent request using the same easy handle to the same host might just be able to use the already open connection! This reduces network impact a lot.
337
338
<p class="level0">Even if the connection is dropped, all connections involving SSL to the same host again, will benefit from libcurl's session ID cache that drastically reduces re-connection time.
338
<p class="level0">FTP connections that are kept alive saves a lot of time, as the command- response round-trips are skipped, and also you don't risk getting blocked without permission to login again like on many FTP servers only allowing N persons to be logged in at the same time.
339
<p class="level0">FTP connections that are kept alive save a lot of time, as the command- response round-trips are skipped, and also you don't risk getting blocked without permission to login again like on many FTP servers only allowing N persons to be logged in at the same time.
339
340
<p class="level0">libcurl caches DNS name resolving results, to make lookups of a previously looked up name a lot faster.
340
341
<p class="level0">Other interesting details that improve performance for subsequent requests may also be added in the future.
341
<p class="level0">Each easy handle will attempt to keep the last few connections alive for a while in case they are to be used again. You can set the size of this "cache" with the CURLOPT_MAXCONNECTS option. Default is 5. It is very seldom any point in changing this value, and if you think of changing this it is often just a matter of thinking again.
342
<p class="level0">To force your upcoming request to not use an already existing connection (it will even close one first if there happens to be one alive to the same host you're about to operate on), you can do that by setting CURLOPT_FRESH_CONNECT to TRUE. In a similar spirit, you can also forbid the upcoming request to be "lying" around and possibly get re-used after the request by setting CURLOPT_FORBID_REUSE to TRUE.
342
<p class="level0">Each easy handle will attempt to keep the last few connections alive for a while in case they are to be used again. You can set the size of this "cache" with the CURLOPT_MAXCONNECTS option. Default is 5. There is very seldom any point in changing this value, and if you think of changing this it is often just a matter of thinking again.
343
<p class="level0">To force your upcoming request to not use an already existing connection (it will even close one first if there happens to be one alive to the same host you're about to operate on), you can do that by setting CURLOPT_FRESH_CONNECT to 1. In a similar spirit, you can also forbid the upcoming request to be "lying" around and possibly get re-used after the request by setting CURLOPT_FORBID_REUSE to 1.
343
344
<p class="level0"><a name="HTTP"></a><h2 class="nroffsh">HTTP Headers Used by libcurl</h2>
344
<p class="level0">When you use libcurl to do HTTP requests, it'll pass along a series of headers automatically. It might be good for you to know and understand these ones. You can replace or remove them by using the CURLOPT_HTTPHEADER option.
345
<p class="level0">When you use libcurl to do HTTP requests, it'll pass along a series of headers automatically. It might be good for you to know and understand these. You can replace or remove them by using the CURLOPT_HTTPHEADER option.
345
346
<p class="level0">
346
347
<p class="level0"><a name="Host"></a><span class="nroffip">Host</span>
347
348
<p class="level1">This header is required by HTTP 1.1 and even many 1.0 servers and should be the name of the server we want to talk to. This includes the port number if anything but default.
355
356
<p class="level0"><a name="Expect"></a><span class="nroffip">Expect</span>
356
357
<p class="level1">When doing POST requests, libcurl sets this header to "100-continue" to ask the server for an "OK" message before it proceeds with sending the data part of the post. If the POSTed data amount is deemed "small", libcurl will not use this header.
357
358
<p class="level1"><a name="Customizing"></a><h2 class="nroffsh">Customizing Operations</h2>
358
<p class="level0">There is an ongoing development today where more and more protocols are built upon HTTP for transport. This has obvious benefits as HTTP is a tested and reliable protocol that is widely deployed and have excellent proxy-support.
359
<p class="level0">There is an ongoing development today where more and more protocols are built upon HTTP for transport. This has obvious benefits as HTTP is a tested and reliable protocol that is widely deployed and has excellent proxy-support.
359
360
<p class="level0">When you use one of these protocols, and even when doing other kinds of programming you may need to change the traditional HTTP (or FTP or...) manners. You may need to change words, headers or various data.
360
361
<p class="level0">libcurl is your friend here too.
361
362
<p class="level0">
362
363
<p class="level0"><a name="CUSTOMREQUEST"></a><span class="nroffip">CUSTOMREQUEST</span>
363
364
<p class="level1">If just changing the actual HTTP request keyword is what you want, like when GET, HEAD or POST is not good enough for you, CURLOPT_CUSTOMREQUEST is there for you. It is very simple to use:
364
365
<p class="level1"> curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "MYOWNRUQUEST");
365
<p class="level1">When using the custom request, you change the request keyword of the actual request you are performing. Thus, by default you make GET request but you can also make a POST operation (as described before) and then replace the POST keyword if you want to. You're the boss.
366
<p class="level1">When using the custom request, you change the request keyword of the actual request you are performing. Thus, by default you make a GET request but you can also make a POST operation (as described before) and then replace the POST keyword if you want to. You're the boss.
366
367
<p class="level1">
367
368
<p class="level0"><a name="Modify"></a><span class="nroffip">Modify Headers</span>
368
<p class="level1">HTTP-like protocols pass a series of headers to the server when doing the request, and you're free to pass any amount of extra headers that you think fit. Adding headers are this easy:
369
<p class="level1">HTTP-like protocols pass a series of headers to the server when doing the request, and you're free to pass any amount of extra headers that you think fit. Adding headers is this easy:
369
370
<p class="level1"><pre>
370
371
<p class="level1"> struct curl_slist *headers=NULL; /* init to NULL is important */
371
372
<p class="level1"> headers = curl_slist_append(headers, "Hey-server-hey: how are you?");
396
397
<p class="level1">
397
398
<p class="level0"><a name="HTTP"></a><span class="nroffip">HTTP Version</span>
398
399
<p class="level1">
399
<p class="level1">All HTTP requests includes the version number to tell the server which version we support. libcurl speak HTTP 1.1 by default. Some very old servers don't like getting 1.1-requests and when dealing with stubborn old things like that, you can tell libcurl to use 1.0 instead by doing something like this:
400
<p class="level1">All HTTP requests includes the version number to tell the server which version we support. libcurl speaks HTTP 1.1 by default. Some very old servers don't like getting 1.1-requests and when dealing with stubborn old things like that, you can tell libcurl to use 1.0 instead by doing something like this:
400
401
<p class="level1"> curl_easy_setopt(easyhandle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
401
402
<p class="level1">
402
403
<p class="level0"><a name="FTP"></a><span class="nroffip">FTP Custom Commands</span>
403
404
<p class="level1">
404
<p class="level1">Not all protocols are HTTP-like, and thus the above may not help you when you want to make for example your FTP transfers to behave differently.
405
<p class="level1">Sending custom commands to a FTP server means that you need to send the commands exactly as the FTP server expects them (RFC959 is a good guide here), and you can only use commands that work on the control-connection alone. All kinds of commands that requires data interchange and thus needs a data-connection must be left to libcurl's own judgment. Also be aware that libcurl will do its very best to change directory to the target directory before doing any transfer, so if you change directory (with CWD or similar) you might confuse libcurl and then it might not attempt to transfer the file in the correct remote directory.
405
<p class="level1">Not all protocols are HTTP-like, and thus the above may not help you when you want to make, for example, your FTP transfers to behave differently.
406
<p class="level1">Sending custom commands to a FTP server means that you need to send the commands exactly as the FTP server expects them (RFC959 is a good guide here), and you can only use commands that work on the control-connection alone. All kinds of commands that require data interchange and thus need a data-connection must be left to libcurl's own judgment. Also be aware that libcurl will do its very best to change directory to the target directory before doing any transfer, so if you change directory (with CWD or similar) you might confuse libcurl and then it might not attempt to transfer the file in the correct remote directory.
406
407
<p class="level1">A little example that deletes a given file before an operation:
407
408
<p class="level1"><pre>
408
409
<p class="level1"> headers = curl_slist_append(headers, "DELE file-to-remove");
415
416
<p class="level1">
416
417
<p class="level1">If you would instead want this operation (or chain of operations) to happen _after_ the data transfer took place the option to <a class="emphasis" href="./curl_easy_setopt.html">curl_easy_setopt(3)</a> would instead be called CURLOPT_POSTQUOTE and used the exact same way.
417
418
<p class="level1">The custom FTP command will be issued to the server in the same order they are added to the list, and if a command gets an error code returned back from the server, no more commands will be issued and libcurl will bail out with an error code (CURLE_QUOTE_ERROR). Note that if you use CURLOPT_QUOTE to send commands before a transfer, no transfer will actually take place when a quote command has failed.
418
<p class="level1">If you set the CURLOPT_HEADER to true, you will tell libcurl to get information about the target file and output "headers" about it. The headers will be in "HTTP-style", looking like they do in HTTP.
419
<p class="level1">If you set the CURLOPT_HEADER to 1, you will tell libcurl to get information about the target file and output "headers" about it. The headers will be in "HTTP-style", looking like they do in HTTP.
419
420
<p class="level1">The option to enable headers or to run custom FTP commands may be useful to combine with CURLOPT_NOBODY. If this option is set, no actual file content transfer will be performed.
420
421
<p class="level1">
421
422
<p class="level0"><a name="FTP"></a><span class="nroffip">FTP Custom CUSTOMREQUEST</span>
422
<p class="level1">If you do what list the contents of a FTP directory using your own defined FTP command, CURLOPT_CUSTOMREQUEST will do just that. "NLST" is the default one for listing directories but you're free to pass in your idea of a good alternative.
423
<p class="level1">If you do want to list the contents of a FTP directory using your own defined FTP command, CURLOPT_CUSTOMREQUEST will do just that. "NLST" is the default one for listing directories but you're free to pass in your idea of a good alternative.
423
424
<p class="level1"><a name="Cookies"></a><h2 class="nroffsh">Cookies Without Chocolate Chips</h2>
424
425
<p class="level0">In the HTTP sense, a cookie is a name with an associated value. A server sends the name and value to the client, and expects it to get sent back on every subsequent request to the server that matches the particular conditions set. The conditions include that the domain name and path match and that the cookie hasn't become too old.
425
<p class="level0">In real-world cases, servers send new cookies to replace existing one to update them. Server use cookies to "track" users and to keep "sessions".
426
<p class="level0">In real-world cases, servers send new cookies to replace existing ones to update them. Server use cookies to "track" users and to keep "sessions".
426
427
<p class="level0">Cookies are sent from server to clients with the header Set-Cookie: and they're sent from clients to servers with the Cookie: header.
427
428
<p class="level0">To just send whatever cookie you want to a server, you can use CURLOPT_COOKIE to set a cookie string like this:
428
429
<p class="level0"> curl_easy_setopt(easyhandle, CURLOPT_COOKIE, "name1=var1; name2=var2;");
429
<p class="level0">In many cases, that is not enough. You might want to dynamically save whatever cookies the remote server passes to you, and make sure those cookies are then use accordingly on later requests.
430
<p class="level0">One way to do this, is to save all headers you receive in a plain file and when you make a request, you tell libcurl to read the previous headers to figure out which cookies to use. Set header file to read cookies from with CURLOPT_COOKIEFILE.
431
<p class="level0">The CURLOPT_COOKIEFILE option also automatically enables the cookie parser in libcurl. Until the cookie parser is enabled, libcurl will not parse or understand incoming cookies and they will just be ignored. However, when the parser is enabled the cookies will be understood and the cookies will be kept in memory and used properly in subsequent requests when the same handle is used. Many times this is enough, and you may not have to save the cookies to disk at all. Note that the file you specify to CURLOPT_COOKIEFILE doesn't have to exist to enable the parser, so a common way to just enable the parser and not read able might be to use a file name you know doesn't exist.
432
<p class="level0">If you rather use existing cookies that you've previously received with your Netscape or Mozilla browsers, you can make libcurl use that cookie file as input. The CURLOPT_COOKIEFILE is used for that too, as libcurl will automatically find out what kind of file it is and act accordingly.
433
<p class="level0">The perhaps most advanced cookie operation libcurl offers, is saving the entire internal cookie state back into a Netscape/Mozilla formatted cookie file. We call that the cookie-jar. When you set a file name with CURLOPT_COOKIEJAR, that file name will be created and all received cookies will be stored in it when <a class="emphasis" href="./curl_easy_cleanup.html">curl_easy_cleanup(3)</a> is called. This enabled cookies to get passed on properly between multiple handles without any information getting lost.
430
<p class="level0">In many cases, that is not enough. You might want to dynamically save whatever cookies the remote server passes to you, and make sure those cookies are then used accordingly on later requests.
431
<p class="level0">One way to do this, is to save all headers you receive in a plain file and when you make a request, you tell libcurl to read the previous headers to figure out which cookies to use. Set the header file to read cookies from with CURLOPT_COOKIEFILE.
432
<p class="level0">The CURLOPT_COOKIEFILE option also automatically enables the cookie parser in libcurl. Until the cookie parser is enabled, libcurl will not parse or understand incoming cookies and they will just be ignored. However, when the parser is enabled the cookies will be understood and the cookies will be kept in memory and used properly in subsequent requests when the same handle is used. Many times this is enough, and you may not have to save the cookies to disk at all. Note that the file you specify to CURLOPT_COOKIEFILE doesn't have to exist to enable the parser, so a common way to just enable the parser and not read any cookies is to use the name of a file you know doesn't exist.
433
<p class="level0">If you would rather use existing cookies that you've previously received with your Netscape or Mozilla browsers, you can make libcurl use that cookie file as input. The CURLOPT_COOKIEFILE is used for that too, as libcurl will automatically find out what kind of file it is and act accordingly.
434
<p class="level0">Perhaps the most advanced cookie operation libcurl offers, is saving the entire internal cookie state back into a Netscape/Mozilla formatted cookie file. We call that the cookie-jar. When you set a file name with CURLOPT_COOKIEJAR, that file name will be created and all received cookies will be stored in it when <a class="emphasis" href="./curl_easy_cleanup.html">curl_easy_cleanup(3)</a> is called. This enables cookies to get passed on properly between multiple handles without any information getting lost.
434
435
<p class="level0"><a name="FTP"></a><h2 class="nroffsh">FTP Peculiarities We Need</h2>
435
436
<p class="level0">
436
<p class="level0">FTP transfers use a second TCP/IP connection for the data transfer. This is usually a fact you can forget and ignore but at times this fact will come back to haunt you. libcurl offers several different ways to custom how the second connection is being made.
437
<p class="level0">FTP transfers use a second TCP/IP connection for the data transfer. This is usually a fact you can forget and ignore but at times this fact will come back to haunt you. libcurl offers several different ways to customize how the second connection is being made.
437
438
<p class="level0">libcurl can either connect to the server a second time or tell the server to connect back to it. The first option is the default and it is also what works best for all the people behind firewalls, NATs or IP-masquerading setups. libcurl then tells the server to open up a new port and wait for a second connection. This is by default attempted with EPSV first, and if that doesn't work it tries PASV instead. (EPSV is an extension to the original FTP spec and does not exist nor work on all FTP servers.)
438
<p class="level0">You can prevent libcurl from first trying the EPSV command by setting CURLOPT_FTP_USE_EPSV to FALSE.
439
<p class="level0">You can prevent libcurl from first trying the EPSV command by setting CURLOPT_FTP_USE_EPSV to zero.
439
440
<p class="level0">In some cases, you will prefer to have the server connect back to you for the second connection. This might be when the server is perhaps behind a firewall or something and only allows connections on a single port. libcurl then informs the remote server which IP address and port number to connect to. This is made with the CURLOPT_FTPPORT option. If you set it to "-", libcurl will use your system's "default IP address". If you want to use a particular IP, you can set the full IP address, a host name to resolve to an IP address or even a local network interface name that libcurl will get the IP address from.
440
<p class="level0">When doing the "PORT" approach, libcurl will attempt to use the EPRT and the LPRT before trying PORT, as they work with more protocols. You can disable this behavior by setting CURLOPT_FTP_USE_EPRT to FALSE.
441
<p class="level0">When doing the "PORT" approach, libcurl will attempt to use the EPRT and the LPRT before trying PORT, as they work with more protocols. You can disable this behavior by setting CURLOPT_FTP_USE_EPRT to zero.
441
442
<p class="level0"><a name="Headers"></a><h2 class="nroffsh">Headers Equal Fun</h2>
442
443
<p class="level0">
443
<p class="level0">Some protocols provide "headers", meta-data separated from the normal data. These headers are by default not included in the normal data stream, but you can make them appear in the data stream by setting CURLOPT_HEADER to TRUE.
444
<p class="level0">Some protocols provide "headers", meta-data separated from the normal data. These headers are by default not included in the normal data stream, but you can make them appear in the data stream by setting CURLOPT_HEADER to 1.
444
445
<p class="level0">What might be even more useful, is libcurl's ability to separate the headers from the data and thus make the callbacks differ. You can for example set a different pointer to pass to the ordinary write callback by setting CURLOPT_WRITEHEADER.
445
446
<p class="level0">Or, you can set an entirely separate function to receive the headers, by using CURLOPT_HEADERFUNCTION.
446
447
<p class="level0">The headers are passed to the callback function one by one, and you can depend on that fact. It makes it easier for you to add custom header parsers etc.
462
463
<p class="level1">To avoid this problem, don't use .netrc files and never store passwords in plain text anywhere.
463
464
<p class="level1">
464
465
<p class="level0"><a name="Clear"></a><span class="nroffip">Clear Text Passwords</span>
465
<p class="level1">Many of the protocols libcurl supports send name and password unencrypted as clear text (HTTP Basic authentication, FTP, TELNET etc). It is very easy for anyone on your network or a network nearby yours, to just fire up a network analyzer tool and eavesdrop on your passwords. Don't let the fact that HTTP uses base64 encoded passwords fool you. They may not look readable at a first glance, but they very easily "deciphered" by anyone within seconds.
466
<p class="level1">To avoid this problem, use protocols that don't let snoopers see your password: HTTPS, FTPS and FTP-kerberos are a few examples. HTTP Digest authentication allows this too, but isn't supported by libcurl as of this writing.
466
<p class="level1">Many of the protocols libcurl supports send name and password unencrypted as clear text (HTTP Basic authentication, FTP, TELNET etc). It is very easy for anyone on your network or a network nearby yours, to just fire up a network analyzer tool and eavesdrop on your passwords. Don't let the fact that HTTP Basic uses base64 encoded passwords fool you. They may not look readable at a first glance, but they very easily "deciphered" by anyone within seconds.
467
<p class="level1">To avoid this problem, use HTTP athentication methods or other protocols that don't let snoopers see your password: HTTP with Digest, NTLM or GSS authentication, HTTPS, FTPS, SCP, SFTP and FTP-kerberos are a few examples.
468
468
<p class="level0"><a name="Showing"></a><span class="nroffip">Showing What You Do</span>
469
<p class="level1">On a related issue, be aware that even in situations like when you have problems with libcurl and ask someone for help, everything you reveal in order to get best possible help might also impose certain security related risks. Host names, user names, paths, operating system specifics etc (not to mention passwords of course) may in fact be used by intruders to gain additional information of a potential target.
469
<p class="level1">On a related issue, be aware that even in situations like when you have problems with libcurl and ask someone for help, everything you reveal in order to get best possible help might also impose certain security related risks. Host names, user names, paths, operating system specifics, etc (not to mention passwords of course) may in fact be used by intruders to gain additional information of a potential target.
470
470
<p class="level1">To avoid this problem, you must of course use your common sense. Often, you can just edit out the sensitive data or just search/replace your true information with faked data.
471
471
<p class="level1"><a name="Multiple"></a><h2 class="nroffsh">Multiple Transfers Using the multi Interface</h2>
472
472
<p class="level0">
473
<p class="level0">The easy interface as described in detail in this document is a synchronous interface that transfers one file at a time and doesn't return until its done.
474
<p class="level0">The multi interface on the other hand, allows your program to transfer multiple files in both directions at the same time, without forcing you to use multiple threads.
475
<p class="level0">To use this interface, you are better off if you first understand the basics of how to use the easy interface. The multi interface is simply a way to make multiple transfers at the same time, by adding up multiple easy handles in to a "multi stack".
473
<p class="level0">The easy interface as described in detail in this document is a synchronous interface that transfers one file at a time and doesn't return until it is done.
474
<p class="level0">The multi interface, on the other hand, allows your program to transfer multiple files in both directions at the same time, without forcing you to use multiple threads. The name might make it seem that the multi interface is for multi-threaded programs, but the truth is almost the reverse. The multi interface can allow a single-threaded application to perform the same kinds of multiple, simultaneous transfers that multi-threaded programs can perform. It allows many of the benefits of multi-threaded transfers without the complexity of managing and synchronizing many threads.
475
<p class="level0">To use this interface, you are better off if you first understand the basics of how to use the easy interface. The multi interface is simply a way to make multiple transfers at the same time by adding up multiple easy handles into a "multi stack".
476
476
<p class="level0">You create the easy handles you want and you set all the options just like you have been told above, and then you create a multi handle with <a class="emphasis" href="./curl_multi_init.html">curl_multi_init(3)</a> and add all those easy handles to that multi handle with <a class="emphasis" href="./curl_multi_add_handle.html">curl_multi_add_handle(3)</a>.
477
<p class="level0">When you've added the handles you have for the moment (you can still add new ones at any time), you start the transfers by call <a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a>.
477
<p class="level0">When you've added the handles you have for the moment (you can still add new ones at any time), you start the transfers by calling <a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a>.
478
478
<p class="level0"><a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a> is asynchronous. It will only execute as little as possible and then return back control to your program. It is designed to never block. If it returns CURLM_CALL_MULTI_PERFORM you better call it again soon, as that is a signal that it still has local data to send or remote data to receive.
479
479
<p class="level0">The best usage of this interface is when you do a select() on all possible file descriptors or sockets to know when to call libcurl again. This also makes it easy for you to wait and respond to actions on your own application's sockets/handles. You figure out what to select() for by using <a class="emphasis" href="./curl_multi_fdset.html">curl_multi_fdset(3)</a>, that fills in a set of fd_set variables for you with the particular file descriptors libcurl uses for the moment.
480
<p class="level0">When you then call select(), it'll return when one of the file handles signal action and you then call <a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a> to allow libcurl to do what it wants to do. Take note that libcurl does also feature some time-out code so we advice you to never use very long timeouts on select() before you call <a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a>, which thus should be called unconditionally every now and then even if none of its file descriptors have signaled ready. Another precaution you should use: always call <a class="emphasis" href="./curl_multi_fdset.html">curl_multi_fdset(3)</a> immediately before the select() call since the current set of file descriptors may change when calling a curl function.
480
<p class="level0">When you then call select(), it'll return when one of the file handles signal action and you then call <a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a> to allow libcurl to do what it wants to do. Take note that libcurl does also feature some time-out code so we advise you to never use very long timeouts on select() before you call <a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a>, which thus should be called unconditionally every now and then even if none of its file descriptors have signaled ready. Another precaution you should use: always call <a class="emphasis" href="./curl_multi_fdset.html">curl_multi_fdset(3)</a> immediately before the select() call since the current set of file descriptors may change when calling a curl function.
481
481
<p class="level0">If you want to stop the transfer of one of the easy handles in the stack, you can use <a class="emphasis" href="./curl_multi_remove_handle.html">curl_multi_remove_handle(3)</a> to remove individual easy handles. Remember that easy handles should be <a class="emphasis" href="./curl_easy_cleanup.html">curl_easy_cleanup(3)</a>ed.
482
482
<p class="level0">When a transfer within the multi stack has finished, the counter of running transfers (as filled in by <a class="emphasis" href="./curl_multi_perform.html">curl_multi_perform(3)</a>) will decrease. When the number reaches zero, all transfers are done.
483
483
<p class="level0"><a class="emphasis" href="./curl_multi_info_read.html">curl_multi_info_read(3)</a> can be used to get information about completed transfers. It then returns the CURLcode for each easy transfer, to allow you to figure out success on each individual transfer.
491
491
<p class="level0">
492
492
<p class="level0">
493
493
<p class="level0"><a name="1"></a><span class="nroffip">[1]</span>
494
<p class="level1">libcurl 7.10.3 and later have the ability to switch over to chunked Transfer-Encoding in cases were HTTP uploads are done with data of an unknown size.
494
<p class="level1">libcurl 7.10.3 and later have the ability to switch over to chunked Transfer-Encoding in cases where HTTP uploads are done with data of an unknown size.
495
495
<p class="level0"><a name="2"></a><span class="nroffip">[2]</span>
496
496
<p class="level1">This happens on Windows machines when libcurl is built and used as a DLL. However, you can still do this on Windows if you link with a static library.
497
497
<p class="level0"><a name="3"></a><span class="nroffip">[3]</span>
498
<p class="level1">The curl-config tool is generated at build-time (on unix-like systems) and should be installed with the 'make install' or similar instruction that installs the library, header files, man pages etc. <p class="roffit">
498
<p class="level1">The curl-config tool is generated at build-time (on UNIX-like systems) and should be installed with the 'make install' or similar instruction that installs the library, header files, man pages etc.
499
<p class="level0"><a name="4"></a><span class="nroffip">[4]</span>
500
<p class="level1">This behavior was different in versions before 7.17.0, where strings had to remain valid past the end of the <a class="emphasis" href="./curl_easy_setopt.html">curl_easy_setopt(3)</a> call. <p class="roffit">
499
501
This HTML page was made with <a href="http://daniel.haxx.se/projects/roffit/">roffit</a>.
added
removed
docs/libcurl/libcurl-tutorial.html
