aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2017-04-10 17:40:30 +0200
committerKamil Dudka <kdudka@redhat.com>2017-04-25 13:24:24 +0200
commite3e8d0204b72509cfd63d97a159d1ac3fdea703b (patch)
tree7803d08fadd1e54fdb747a3284982c97c4de83ba /docs
parentfab3d1ec650e17fd15cf8b6d4ffa5bfd523501dc (diff)
nss: load libnssckbi.so if no other trust is specified
The module contains a more comprehensive set of trust information than supported by nss-pem, because libnssckbi.so also includes information about distrusted certificates. Reviewed-by: Kai Engert Closes #1414
Diffstat (limited to 'docs')
-rw-r--r--docs/libcurl/opts/CURLOPT_CAINFO.35
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.3 b/docs/libcurl/opts/CURLOPT_CAINFO.3
index 127b90443..43a4901f0 100644
--- a/docs/libcurl/opts/CURLOPT_CAINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CAINFO.3
@@ -40,6 +40,11 @@ is assumed to be stored, as established at build time.
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
(libnsspem.so) needs to be available for this option to work properly.
+Starting with curl-7.55.0, if both \fICURLOPT_CAINFO(3)\fP and
+\fICURLOPT_CAPATH(3)\fP are unset, NSS-linked libcurl tries to load
+libnssckbi.so, which contains a more comprehensive set of trust information
+than supported by nss-pem, because libnssckbi.so also includes information
+about distrusted certificates.
(iOS and macOS only) If curl is built against Secure Transport, then this
option is supported for backward compatibility with other SSL engines, but it