cmdline-docs: more options converted over

Long: anyauth

Help: Pick any authentication method

Protocols: HTTP

See-also: proxy-anyauth basic digest

---

Tells curl to figure out authentication method by itself, and use the most

secure one the remote site claims to support. This is done by first doing a

request and checking the response-headers, thus possibly inducing an extra

network round-trip. This is used instead of setting a specific authentication

method, which you can do with --basic, --digest, --ntlm, and --negotiate.

Using --anyauth is not recommended if you do uploads from stdin, since it may

require data to be sent twice and then the client must be able to rewind. If

the need should arise when uploading from stdin, the upload operation will

fail.

Used together with --user.

Short: a

Long: append

Help: Append to target file when uploading

Protocols: FTP SFTP

---

When used in an upload, this makes curl append to the target file instead of

overwriting it. If the remote file doesn't exist, it will be created.  Note

that this flag is ignored by some SFTP servers (including OpenSSH).

Long: basic

Help: Use HTTP Basic Authentication

See-also: proxy-basic

Protocols: HTTP

---

Tells curl to use HTTP Basic authentication with the remote host. This is the

default and this option is usually pointless, unless you use it to override a

previously set option that sets a different authentication method (such as

--ntlm, --digest, or --negotiate).

Used together with --user.

Long: cacert

Arg: <CA certificate>

Help: CA certificate to verify peer against

Protocols: TLS

---

Tells curl to use the specified certificate file to verify the peer. The file

may contain multiple CA certificates. The certificate(s) must be in PEM

format. Normally curl is built to use a default file for this, so this option

is typically used to alter that default file.

curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is

set, and uses the given path as a path to a CA cert bundle. This option

overrides that variable.

The windows version of curl will automatically look for a CA certs file named

\'curl-ca-bundle.crt\', either in the same directory as curl.exe, or in the

Current Working Directory, or in any folder along your PATH.

If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module

(libnsspem.so) needs to be available for this option to work properly.

(iOS and macOS only) If curl is built against Secure Transport, then this

option is supported for backward compatibility with other SSL engines, but it

should not be set. If the option is not set, then curl will use the

certificates in the system and user Keychain to verify the peer, which is the

preferred method of verifying the peer's certificate chain.

If this option is used several times, the last one will be used.

Long: capath

Arg: <dir>

Help: CA directory to verify peer against

Protocols: TLS

---

Tells curl to use the specified certificate directory to verify the

peer. Multiple paths can be provided by separating them with ":" (e.g.

\&"path1:path2:path3"). The certificates must be in PEM format, and if curl is

built against OpenSSL, the directory must have been processed using the

c_rehash utility supplied with OpenSSL. Using --capath can allow

OpenSSL-powered curl to make SSL-connections much more efficiently than using

--cacert if the --cacert file contains many CA certificates.

If this option is set, the default capath value will be ignored, and if it is

used several times, the last one will be used.