Difference between revisions of "Accessing Swestore with cURL"

From SNIC Documentation
Jump to: navigation, search
(Fix "up" link to point to Swestore-dCache)
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
[[Category:Swestore]]
 +
[[Category:Swestore user guide]]
 +
[[Swestore-dCache|< Swestore-dCache]]
 +
 +
 
This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.
 
This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.
  
Line 12: Line 17:
 
  --location
 
  --location
 
--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.
 
--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.
 +
 +
== Required parameters ==
 +
 +
--tls or -1
 +
Since sslv3 Version is disabled on servers due to POODLE: SSLv3 vulnerability (CVE-2014-3566) but some of the cURL Versions are trying to connect to SSLv3 instead of TLS and failing to connect to with an error along the lines of <tt>curl: (35) Unknown SSL protocol error in connection to ...</tt>.So this parameter is recommended to be used with cURL till the problem is solved.
 +
 +
Ex:- curl --tls --location --capath /etc/grid-security/certificates
  
 
== Sample invocations ==
 
== Sample invocations ==

Revision as of 09:38, 20 October 2021

< Swestore-dCache


This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.

Essential parameters

--capath /etc/grid-security/certificates

The certificate bundle provided through --capath is required in order for cURL to accept the server certificates the door presents. If the certificate bundle is not available, the -k flag may be passed to allow untrusted server certificates.

--cert /tmp/x509up_u1234

--cert (or -E) names the proxy certificate generated by arcproxy or similar tools, which is a single PEM file consisting of the client certificate, the proxy key and the proxy certificate. The name will vary based on the user issuing it. grid-proxy-init (and thus arcproxy) will put the certificate in /tmp by default and name it according to the pattern x509up_u<NumericUID>. The -out parameter to grid-proxy-init takes a location to store the certificate in if the default is not sufficient.

--location

--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.

Required parameters

--tls or -1

Since sslv3 Version is disabled on servers due to POODLE: SSLv3 vulnerability (CVE-2014-3566) but some of the cURL Versions are trying to connect to SSLv3 instead of TLS and failing to connect to with an error along the lines of curl: (35) Unknown SSL protocol error in connection to ....So this parameter is recommended to be used with cURL till the problem is solved.

Ex:- curl --tls --location --capath /etc/grid-security/certificates

Sample invocations

Downloads the file 'file-to-download.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -O https://webdav.swegrid.se/target/path/file-to-download.ext

Upload the file 'source.file' as 'uploaded.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -T ~/source.file https://webdav.swegrid.se/target/path/uploaded.ext

Credits

This guide was written by Lars Viklund