Accessing Swestore with cURL
This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.
Essential parameters
--capath /etc/grid-security/certificates
The certificate bundle provided through --capath is required in order for cURL to accept the server certificates the door presents. If the certificate bundle is not available, the -k flag may be passed to allow untrusted server certificates.
--cert /tmp/x509up_u1234
--cert (or -E) names the proxy certificate generated by arcproxy or similar tools, which is a single PEM file consisting of the client certificate, the proxy key and the proxy certificate. The name will vary based on the user issuing it. grid-proxy-init (and thus arcproxy) will put the certificate in /tmp by default and name it according to the pattern x509up_u<NumericUID>. The -out parameter to grid-proxy-init takes a location to store the certificate in if the default is not sufficient.
--location
--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.
Required parameters
--tls or -1
Since sslv3 Version is disabled on servers due to POODLE: SSLv3 vulnerability (CVE-2014-3566) but some of the cURL Versions are trying to connect to SSLv3 instead of TLS and failing to connect to with an error along the lines of curl: (35) Unknown SSL protocol error in connection to ....So this parameter is recommended to be used with cURL till the problem is solved.
Ex:- curl --tls --location --capath /etc/grid-security/certificates
Sample invocations
Downloads the file 'file-to-download.ext':
curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -O https://webdav.swegrid.se/target/path/file-to-download.ext
Upload the file 'source.file' as 'uploaded.ext':
curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -T ~/source.file https://webdav.swegrid.se/target/path/uploaded.ext
Credits
This guide was written by Lars Viklund
