Accessing Swestore with cURL

From SNIC Documentation
Revision as of 15:58, 21 November 2013 by Lars Viklund (HPC2N) (talk | contribs) (Add section on SSLv3 as the problem has been mentioned on dCache user-forum mailing list)
Jump to: navigation, search

< SweStore

This guide outlines the procedure for using cURL to access files through the WebDav door of dCache.

Essential parameters

--capath /etc/grid-security/certificates

The certificate bundle provided through --capath is required in order for cURL to accept the server certificates the door presents. If the certificate bundle is not available, the -k flag may be passed to allow untrusted server certificates.

--cert /tmp/x509up_u1234

--cert (or -E) names the proxy certificate generated by arcproxy or similar tools, which is a single PEM file consisting of the client certificate, the proxy key and the proxy certificate. The name will vary based on the user issuing it. grid-proxy-init (and thus arcproxy) will put the certificate in /tmp by default and name it according to the pattern x509up_u<NumericUID>. The -out parameter to grid-proxy-init takes a location to store the certificate in if the default is not sufficient.


--location (or -L) instructs cURL to follow HTTP redirects, in this case the 302 redirects that the dCache door uses to direct clients to different storage nodes.

Optional parameters


There exists older cURL versions out there which still prefer SSLv2 when making a connection. They will fail to connect to SweStore national storage with an error along the lines of "curl: (35) Unknown SSL protocol error in connection to ...". If you use such a client and cannot upgrade or otherwise circumvent the problem, --sslv3 (or -3) instructs those versions of cURL to force SSLv3. This parameter is only recommended and needed for older versions, if you use it you should re-evaluate your need for it whenever you end up upgrading cURL to see if it's still required. Using it unnecessarily for newer versions of cURL that do not exhibit the problem will reduce their choice of SSL/TLS versions and ultimately reduce security strength.

Sample invocations

Downloads the file 'file-to-download.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -O

Upload the file 'source.file' as 'uploaded.ext':

curl --location --capath /etc/grid-security/certificates --cert /tmp/x509up_u1234 -T ~/source.file


This guide was written by Lars Viklund