libcurl reads and understands a set of environment variables that if set will control and change behaviors. This is the full list of variables to set and description of what they do. Also note that curl, the command line tool, supports a set of additional environment variables independently of this.
When libcurl is given a URL to use in a transfer, it first extracts the "scheme" part from the URL and checks if there is a given proxy set for that in its corresponding environment variable. A URL like "https://example.com" will hence use the "http_proxy" variable, while a URL like "ftp://example.com" will use the "ftp_proxy" variable.
These proxy variables are also checked for in their uppercase versions, except the "http_proxy" one which is only used lowercase. Note also that some systems actually have a case insensitive handling of environment variables and then of course "HTTP_PROXY" will still work...
This is a setting to set proxy for all URLs, independently of what scheme is being used. Note that the scheme specific variables will override this one if set.
When libcurl is built to support multiple SSL backends, it will select a specific backend at first use. If no selection is done by the program using libcurl, this variable's selection will be used. Setting a name that is not a built-in alternative will make libcurl stay with the default.
SSL backend names (case-insensitive): bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls, schannel, secure-transport, wolfssl
When the netrc feature is used (CURLOPT_NETRC(3)), this variable is checked as the primary way to find the "current" home directory in which the .netrc file is likely to exist.
User name to use when invoking the ntlm-wb tool, if NTLMUSER was not set.
This has the same functionality as the CURLOPT_NOPROXY(3) option: it gives libcurl a comma-separated list of host name patterns for which libcurl should not use a proxy.
User name to use when invoking the ntlm-wb tool.
When set and libcurl runs with a SSL backend that supports this feature, libcurl will save SSL secrets into the given file name. Using those SSL secrets, other tools (such as Wireshark) can decrypt the SSL communication and analyze/view the traffic.
When libcurl runs with the NSS backends for TLS features, this variable is used to find the directory for NSS PKI database instead of the built-in.
User name to use when invoking the ntlm-wb tool, if NTLMUSER and LOGNAME were not set.
There's a set of variables only recognized and used if libcurl was built "debug enabled", which should never be true for a library used in production.
Debug-only variable. Used to set a fixed faked value to use instead of a proper random number so that functions in libcurl that are otherwise getting random outputs can be tested for what they generate.
Debug-only variable. Used for debugging the lib/ldap implementation.
Debug-only variable. Used to set to a debug-version of the ntlm-wb executable.
Debug-only variable. Used for debugging the lib/openldap.c implementation.