diff options
author | Kamil Dudka <kdudka@redhat.com> | 2017-04-10 17:40:30 +0200 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2017-04-25 13:24:24 +0200 |
commit | e3e8d0204b72509cfd63d97a159d1ac3fdea703b (patch) | |
tree | 7803d08fadd1e54fdb747a3284982c97c4de83ba /docs | |
parent | fab3d1ec650e17fd15cf8b6d4ffa5bfd523501dc (diff) |
nss: load libnssckbi.so if no other trust is specified
The module contains a more comprehensive set of trust information than
supported by nss-pem, because libnssckbi.so also includes information
about distrusted certificates.
Reviewed-by: Kai Engert
Closes #1414
Diffstat (limited to 'docs')
-rw-r--r-- | docs/libcurl/opts/CURLOPT_CAINFO.3 | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.3 b/docs/libcurl/opts/CURLOPT_CAINFO.3 index 127b90443..43a4901f0 100644 --- a/docs/libcurl/opts/CURLOPT_CAINFO.3 +++ b/docs/libcurl/opts/CURLOPT_CAINFO.3 @@ -40,6 +40,11 @@ is assumed to be stored, as established at build time. If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module (libnsspem.so) needs to be available for this option to work properly. +Starting with curl-7.55.0, if both \fICURLOPT_CAINFO(3)\fP and +\fICURLOPT_CAPATH(3)\fP are unset, NSS-linked libcurl tries to load +libnssckbi.so, which contains a more comprehensive set of trust information +than supported by nss-pem, because libnssckbi.so also includes information +about distrusted certificates. (iOS and macOS only) If curl is built against Secure Transport, then this option is supported for backward compatibility with other SSL engines, but it |