Accessing Swestore with cURL

From SNIC Documentation

Jump to: navigation, search

< Swestore

This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.


Essential parameters

--capath /etc/grid-security/certificates

The certificate bundle provided through --capath is required in order for cURL to accept the server certificates the door presents. If the certificate bundle is not available, the -k flag may be passed to allow untrusted server certificates.

--cert /tmp/x509up_u1234

--cert (or -E) names the proxy certificate generated by arcproxy or similar tools, which is a single PEM file consisting of the client certificate, the proxy key and the proxy certificate. The name will vary based on the user issuing it. grid-proxy-init (and thus arcproxy) will put the certificate in /tmp by default and name it according to the pattern x509up_u<NumericUID>. The -out parameter to grid-proxy-init takes a location to store the certificate in if the default is not sufficient.


--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.

Required parameters

--tls or -1

Since sslv3 Version is disabled on servers due to POODLE: SSLv3 vulnerability (CVE-2014-3566) but some of the cURL Versions are trying to connect to SSLv3 instead of TLS and failing to connect to with an error along the lines of curl: (35) Unknown SSL protocol error in connection to ....So this parameter is recommended to be used with cURL till the problem is solved.

Ex:- curl --tls --location --capath /etc/grid-security/certificates

Sample invocations

Downloads the file 'file-to-download.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -O

Upload the file 'source.file' as 'uploaded.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -T ~/source.file


This guide was written by Lars Viklund

Personal tools
For Staff