cyassl: Implement public key pinning

Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
author: Jay Satiro <raysatiro@yahoo.com> 2015-04-05 01:48:16 -0400
committer: Jay Satiro <raysatiro@yahoo.com> 2015-04-22 17:07:19 -0400
commit: 0675abbc7572ff6d711a1f325d9b812f98bce78f (patch)
tree: 8e9ab2f345f2ccc8405e941560cae58d4ac69850 /docs/libcurl/opts
parent: 26cbd7a1d94d0d0ddb7923bfa2a6771154c93334 (diff)
1 files changed, 15 insertions, 4 deletions
diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
index 4cc68b1d3..94cad31f0 100644
--- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
+++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
@@ -50,11 +50,22 @@ if(curl) {
   curl_easy_perform(curl);
 }
 .fi
+.SH PUBLIC KEY EXTRACTION
+If you do not have the server's public key file you can extract it from the
+server's certificate.
+.nf
+openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem
+.fi
+The public key is output in PEM format and contains a header, base64 data and a
+footer:
+.nf
+-----BEGIN PUBLIC KEY-----
+[BASE 64 DATA]
+-----END PUBLIC KEY-----
+.fi
 .SH AVAILABILITY
-If built TLS enabled. This is currently only implemented in the OpenSSL,
-GnuTLS, NSS and GSKit backends.
-
-Added in libcurl 7.39.0
+Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for
+NSS and wolfSSL/CyaSSL. Other SSL backends not supported.
 .SH RETURN VALUE
 Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
author	Jay Satiro <raysatiro@yahoo.com>	2015-04-05 01:48:16 -0400
committer	Jay Satiro <raysatiro@yahoo.com>	2015-04-22 17:07:19 -0400
commit	0675abbc7572ff6d711a1f325d9b812f98bce78f (patch)
tree	8e9ab2f345f2ccc8405e941560cae58d4ac69850 /docs/libcurl/opts
parent	26cbd7a1d94d0d0ddb7923bfa2a6771154c93334 (diff)