aboutsummaryrefslogtreecommitdiff
path: root/docs/cmdline-opts
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2018-02-19 14:31:06 +0100
committerDaniel Stenberg <daniel@haxx.se>2018-08-08 09:46:01 +0200
commit298d2565e2a2f06a859b7f5a1cc24ba7c87a8ce2 (patch)
treed6c7b12308a7d3617d6843297168c2e6a42d7578 /docs/cmdline-opts
parentc892795ea3601a6d210a325b2ac566b1c30d3334 (diff)
ssl: set engine implicitly when a PKCS#11 URI is provided
This allows the use of PKCS#11 URI for certificates and keys without setting the corresponding type as "ENG" and the engine as "pkcs11" explicitly. If a PKCS#11 URI is provided for certificate, key, proxy_certificate or proxy_key, the corresponding type is set as "ENG" if not provided and the engine is set to "pkcs11" if not provided. Acked-by: Nikos Mavrogiannopoulos Closes #2333
Diffstat (limited to 'docs/cmdline-opts')
-rw-r--r--docs/cmdline-opts/cert.d7
-rw-r--r--docs/cmdline-opts/key.d7
2 files changed, 14 insertions, 0 deletions
diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d
index adf62fc7a..510b8333f 100644
--- a/docs/cmdline-opts/cert.d
+++ b/docs/cmdline-opts/cert.d
@@ -23,6 +23,13 @@ nickname contains ":", it needs to be preceded by "\\" so that it is not
recognized as password delimiter. If the nickname contains "\\", it needs to
be escaped as "\\\\" so that it is not recognized as an escape character.
+If curl is built against OpenSSL library, and the engine pkcs11 is available,
+then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
+a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a
+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
+as "pkcs11" if none was provided and the --cert-type option will be set as
+"ENG" if none was provided.
+
(iOS and macOS only) If curl is built against Secure Transport, then the
certificate string can either be the name of a certificate/private key in the
system or user keychain, or the path to a PKCS#12-encoded certificate and
diff --git a/docs/cmdline-opts/key.d b/docs/cmdline-opts/key.d
index fbf583af0..4877b4238 100644
--- a/docs/cmdline-opts/key.d
+++ b/docs/cmdline-opts/key.d
@@ -7,4 +7,11 @@ Private key file name. Allows you to provide your private key in this separate
file. For SSH, if not specified, curl tries the following candidates in order:
'~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'.
+If curl is built against OpenSSL library, and the engine pkcs11 is available,
+then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a
+PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a
+PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
+as "pkcs11" if none was provided and the --key-type option will be set as
+"ENG" if none was provided.
+
If this option is used several times, the last one will be used.