diff options
author | Daniel Stenberg <daniel@haxx.se> | 2008-06-06 20:52:32 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2008-06-06 20:52:32 +0000 |
commit | 621c2b901527248b4822895bc0305373a7d2dd63 (patch) | |
tree | 7a4e48be66f14e8e652db6807d94d257aed043fd /docs/libcurl | |
parent | b39d1e9b9d7c6a3109822f7159b5d0eae95ff086 (diff) |
- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for
OpenSSL, NSS and GnuTLS-built libcurls.
Diffstat (limited to 'docs/libcurl')
-rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 16 | ||||
-rw-r--r-- | docs/libcurl/libcurl-errors.3 | 2 |
2 files changed, 18 insertions, 0 deletions
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index f1f086e84..6e7ce3ec7 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -1443,6 +1443,22 @@ bundle is assumed to be stored, as established at build time. When built against NSS this is the directory that the NSS certificate database resides in. +.IP CURLOPT_ISSUERCERT +Pass a char * to a zero terminated string naming a file holding a CA +certificate in PEM format. If the option is set, an additional check against +the peer certificate is performed to verify the issuer is indeed the one +associated with the certificate provided by the option. This additional check +is useful in multi-level PKI where one need to enforce the peer certificate is +from a specific branch of the tree. + +This option makes sense only when used in combination with the +\fICURLOPT_SSL_VERIFYPEER\fP option. Otherwise, the result of the check is not +considered as failure. + +A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, +which is returned if the setup of the SSL/TLS session has failed due to a +mismatch with the issuer of peer certificate (\fICURLOPT_SSL_VERIFYPEER\fP has +to be set too for the check to fail). (Added in 7.18.3) .IP CURLOPT_CAPATH Pass a char * to a zero terminated string naming a directory holding multiple CA certificates to verify the peer with. The certificate directory must be diff --git a/docs/libcurl/libcurl-errors.3 b/docs/libcurl/libcurl-errors.3 index 994489b71..c1ab31237 100644 --- a/docs/libcurl/libcurl-errors.3 +++ b/docs/libcurl/libcurl-errors.3 @@ -214,6 +214,8 @@ return code is only returned from \fIcurl_easy_recv(3)\fP and \fIcurl_easy_send(3)\fP (Added in 7.18.2) .IP "CURLE_SSL_CRL_BADFILE (82)" Failed to load CRL file (Added in 7.18.3) +.IP "CURLE_SSL_ISSUER_ERROR (83)" +Issuer check failed (Added in 7.18.3) .IP "CURLE_OBSOLETE*" These error codes will never be returned. They used to be used in an old libcurl version and are currently unused. |