diff options
author | moparisthebest <admin@moparisthebest.com> | 2014-11-24 19:30:09 +0100 |
---|---|---|
committer | Patrick Monnerat <pm@datasphere.ch> | 2014-11-24 19:30:09 +0100 |
commit | be1a5051890b7ad9339b0208424b94aa32c64776 (patch) | |
tree | d98e121223d1959808a8446e9000ecacaf70a1c8 /docs | |
parent | 2008c92513cee98ded80ed9ffaf984edc0c97c33 (diff) |
SSL: Add PEM format support for public key pinning
Diffstat (limited to 'docs')
-rw-r--r-- | docs/curl.1 | 4 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/docs/curl.1 b/docs/curl.1 index 5f88cffb8..7d914645d 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -539,14 +539,14 @@ If this option is set, the default capath value will be ignored, and if it is used several times, the last one will be used. .IP "--pinnedpubkey <pinned public key>" (SSL) Tells curl to use the specified public key file to verify the peer. The -file must contain a single public key in DER format. +file must contain a single public key in PEM or DER format. When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data. -This is currently only implemented in the OpenSSL and GnuTLS backends. +This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends. If this option is used several times, the last one will be used. (Added in 7.39.0) diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 index d7c6932e3..2d8639275 100644 --- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 +++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 @@ -29,7 +29,7 @@ CURLOPT_PINNEDPUBLICKEY \- set pinned public key CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey); .SH DESCRIPTION Pass a pointer to a zero terminated string as parameter. The string should be -the file name of your pinned public key. The format expected is "DER". +the file name of your pinned public key. The format expected is "PEM" or "DER". When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and |