FIXME: This does not work on CentOS 7. Possible since curl is built against libnss and not OpenSSL. Doesn't handle proxy-certificates?
This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.
The certificate bundle provided through
--capath is required in order
for cURL to accept the server certificates the door presents. If the
certificate bundle is not available, the
-k flag may be passed to allow
untrusted server certificates.
-E) names the proxy certificate generated by arcproxy or
similar tools, which is a single PEM file consisting of the client
certificate, the proxy key and the proxy certificate. The name will vary
based on the user issuing it.
put the certificate in /tmp by default and name it according to the
-L) instructs cURL to follow HTTP redirects, in this case
the 302 redirects that the dCache door uses to direct clients to
different storage nodes.
Since sslv3 Version is disabled on servers due to POODLE: SSLv3
vulnerability (CVE-2014-3566) but some of the cURL Versions are trying
to connect to SSLv3 instead of TLS and failing to connect to with an
error along the lines of
curl: (35) Unknown SSL protocol error in
connection to .... So this parameter is recommended to be used with
cURL till the problem is solved.
Write output to a local file named like the remote file we get (only the file part of the remote file is used, the path is cut off). The file will be saved in the current working directory.
This transfers the specified local file to the remote URL. If there is no file part in the specified URL (ends with a /), curl will append the local file name.
Downloads the file 'file-to-download.txt':
curl --tlsv1.3 --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -O https://webdav.swegrid.se/snic/project/file-to-download.txt
Upload the file
source.file as 'uploaded.txt':
curl --tlsv1.3 --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -T ~/source.file https://webdav.swegrid.se/target/path/uploaded.ext