Difference between revisions of "Accessing Swestore with cURL"

From SNIC Documentation
Jump to: navigation, search
m (Add categories and "up" link.)
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Category:SweStore]]
+
[[Category:Swestore]]
[[Category:SweStore user guide]]
+
[[Category:Swestore user guide]]
[[SweStore|< SweStore]]
+
[[Swestore|< Swestore]]
  
  
Line 17: Line 17:
 
  --location
 
  --location
 
--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.
 
--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.
 +
 +
== Required parameters ==
 +
 +
--tls or -1
 +
Since sslv3 Version is disabled on servers due to POODLE: SSLv3 vulnerability (CVE-2014-3566) but some of the cURL Versions are trying to connect to SSLv3 instead of TLS and failing to connect to with an error along the lines of <tt>curl: (35) Unknown SSL protocol error in connection to ...</tt>.So this parameter is recommended to be used with cURL till the problem is solved.
 +
 +
Ex:- curl --tls --location --capath /etc/grid-security/certificates
  
 
== Sample invocations ==
 
== Sample invocations ==

Revision as of 14:01, 14 July 2016

< Swestore


This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.

Essential parameters

--capath /etc/grid-security/certificates

The certificate bundle provided through --capath is required in order for cURL to accept the server certificates the door presents. If the certificate bundle is not available, the -k flag may be passed to allow untrusted server certificates.

--cert /tmp/x509up_u1234

--cert (or -E) names the proxy certificate generated by arcproxy or similar tools, which is a single PEM file consisting of the client certificate, the proxy key and the proxy certificate. The name will vary based on the user issuing it. grid-proxy-init (and thus arcproxy) will put the certificate in /tmp by default and name it according to the pattern x509up_u<NumericUID>. The -out parameter to grid-proxy-init takes a location to store the certificate in if the default is not sufficient.

--location

--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.

Required parameters

--tls or -1

Since sslv3 Version is disabled on servers due to POODLE: SSLv3 vulnerability (CVE-2014-3566) but some of the cURL Versions are trying to connect to SSLv3 instead of TLS and failing to connect to with an error along the lines of curl: (35) Unknown SSL protocol error in connection to ....So this parameter is recommended to be used with cURL till the problem is solved.

Ex:- curl --tls --location --capath /etc/grid-security/certificates

Sample invocations

Downloads the file 'file-to-download.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -O https://webdav.swegrid.se/target/path/file-to-download.ext

Upload the file 'source.file' as 'uploaded.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -T ~/source.file https://webdav.swegrid.se/target/path/uploaded.ext

Credits

This guide was written by Lars Viklund