mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
265b14d6b3
Warning: this will make existing curl command lines that use metalink to stop working. Reasons for removal: 1. We've found several security problems and issues involving the metalink support in curl. The issues are not detailed here. When working on those, it become apparent to the team that several of the problems are due to the system design, metalink library API and what the metalink RFC says. They are very hard to fix on the curl side only. 2. The metalink usage with curl was only very briefly documented and was not following the "normal" curl usage pattern in several ways, making it surprising and non-intuitive which could lead to further security issues. 3. The metalink library was last updated 6 years ago and wasn't so active the years before that either. An unmaintained library means there's a security problem waiting to happen. This is probably reason enough. 4. Metalink requires an XML parsing library, which is complex code (even the smaller alternatives) and to this day often gets security updates. 5. Metalink is not a widely used curl feature. In the 2020 curl user survey, only 1.4% of the responders said that they'd are using it. In 2021 that number was 1.2%. Searching the web also show very few traces of it being used, even with other tools. 6. The torrent format and associated technology clearly won for downloading large files from multiple sources in parallel. Cloes #7176
5.7 KiB
5.7 KiB
Features -- what curl can do
curl tool
- config file support
- multiple URLs in a single command line
- range "globbing" support: [0-13], {one,two,three}
- multiple file upload on a single command line
- custom maximum transfer rate
- redirectable stderr
- parallel transfers
libcurl
- full URL syntax with no length limit
- custom maximum download time
- custom least download speed acceptable
- custom output result after completion
- guesses protocol from host name unless specified
- uses .netrc
- progress bar with time statistics while downloading
- "standard" proxy environment variables support
- compiles on win32 (reported builds on 70+ operating systems)
- selectable network interface for outgoing traffic
- IPv6 support on unix and Windows
- happy eyeballs dual-stack connects
- persistent connections
- SOCKS 4 + 5 support, with or without local name resolving
- supports user name and password in proxy environment variables
- operations through HTTP proxy "tunnel" (using CONNECT)
- replaceable memory functions (malloc, free, realloc, etc)
- asynchronous name resolving (6)
- both a push and a pull style interface
- international domain names (11)
HTTP
- HTTP/0.9 responses are optionally accepted
- HTTP/1.0
- HTTP/1.1
- HTTP/2, including multiplexing and server push (5)
- GET
- PUT
- HEAD
- POST
- multipart formpost (RFC1867-style)
- authentication: Basic, Digest, NTLM (9) and Negotiate (SPNEGO) (3) to server and proxy
- resume (both GET and PUT)
- follow redirects
- maximum amount of redirects to follow
- custom HTTP request
- cookie get/send fully parsed
- reads/writes the netscape cookie file format
- custom headers (replace/remove internally generated headers)
- custom user-agent string
- custom referrer string
- range
- proxy authentication
- time conditions
- via HTTP proxy, HTTPS proxy or SOCKS proxy
- retrieve file modification date
- Content-Encoding support for deflate and gzip
- "Transfer-Encoding: chunked" support in uploads
- automatic data compression (12)
HTTPS (1)
- (all the HTTP features)
- HTTP/3 experimental support
- using client certificates
- verify server certificate
- via HTTP proxy, HTTPS proxy or SOCKS proxy
- select desired encryption
- select usage of a specific SSL version
FTP
- download
- authentication
- Kerberos 5 (13)
- active/passive using PORT, EPRT, PASV or EPSV
- single file size information (compare to HTTP HEAD)
- 'type=' URL support
- dir listing
- dir listing names-only
- upload
- upload append
- upload via http-proxy as HTTP PUT
- download resume
- upload resume
- custom ftp commands (before and/or after the transfer)
- simple "range" support
- via HTTP proxy, HTTPS proxy or SOCKS proxy
- all operations can be tunneled through proxy
- customizable to retrieve file modification date
- no dir depth limit
FTPS (1)
- implicit
ftps://
support that use SSL on both connections - explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain
ftp://
connection to use SSL for both or one of the connections
SCP (8)
- both password and public key auth
SFTP (7)
- both password and public key auth
- with custom commands sent before/after the transfer
TFTP
- download
- upload
TELNET
- connection negotiation
- custom telnet options
- stdin/stdout I/O
LDAP (2)
- full LDAP URL support
DICT
- extended DICT URL support
FILE
- URL support
- upload
- resume
SMB
- SMBv1 over TCP and SSL
- download
- upload
- authentication with NTLMv1
SMTP
- authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), Kerberos 5 (4) and External.
- send e-mails
- mail from support
- mail size support
- mail auth support for trusted server-to-server relaying
- multiple recipients
- via http-proxy
SMTPS (1)
- implicit
smtps://
support - explicit "STARTTLS" usage to "upgrade" plain
smtp://
connections to use SSL - via http-proxy
POP3
- authentication: Clear Text, APOP and SASL
- SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), Kerberos 5 (4) and External.
- list e-mails
- retrieve e-mails
- enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via custom requests
- via http-proxy
POP3S (1)
- implicit
pop3s://
support - explicit "STLS" usage to "upgrade" plain
pop3://
connections to use SSL - via http-proxy
IMAP
- authentication: Clear Text and SASL
- SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), Kerberos 5 (4) and External.
- list the folders of a mailbox
- select a mailbox with support for verifying the UIDVALIDITY
- fetch e-mails with support for specifying the UID and SECTION
- upload e-mails via the append command
- enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS, STORE, COPY and UID via custom requests
- via http-proxy
IMAPS (1)
- implicit
imaps://
support - explicit "STARTTLS" usage to "upgrade" plain
imap://
connections to use SSL - via http-proxy
MQTT
- Subscribe to and publish topics using url scheme
mqtt://broker/topic
Footnotes
- requires a TLS library
- requires OpenLDAP or WinLDAP
- requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or SSPI (native Windows)
- requires a GSS-API implementation, however, only Windows SSPI is currently supported
- requires nghttp2
- requires c-ares
- requires libssh2, libssh or wolfSSH
- requires libssh2 or libssh
- requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI (native Windows)
-
- requires libidn2 or Windows
- requires libz, brotli and/or zstd
- requires a GSS-API implementation (such as Heimdal or MIT Kerberos)