diff options
| author | Nick Zitzmann <nickzman@gmail.com> | 2013-04-27 23:15:07 -0600 |
|---|---|---|
| committer | Nick Zitzmann <nickzman@gmail.com> | 2013-04-27 23:15:07 -0600 |
| commit | a5c0e209392f39ccbbac6568a9635583a64d31eb (patch) | |
| tree | b837914bf246a75a6f187122358f1fd81c91e11f /docs | |
| parent | 128517649c73cc767a1bbe4e3f5d256797c7a80b (diff) | |
darwinssl: add TLS crypto authentication
Users using the Secure Transport (darwinssl) back-end can now use a
certificate and private key to authenticate with a site using TLS. Because
Apple's security system is based around the keychain and does not have any
non-public function to create a SecIdentityRef data structure from data
loaded outside of the Keychain, the certificate and private key have to be
loaded into the Keychain first (using the certtool command line tool or
the Security framework's C API) before we can find it and use it.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/curl.1 | 2 | ||||
| -rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/docs/curl.1 b/docs/curl.1 index 1aeeb4650..c4cce98d6 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -390,6 +390,8 @@ NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname. +(iOS and Mac OS X only) If curl is built against Secure Transport, then the certificate string must match the name of a certificate that's in the system or user keychain. The private key corresponding to the certificate, and certificate chain (if any), must also be present in the keychain. + If this option is used several times, the last one will be used. .IP "--engine <name>" Select the OpenSSL crypto engine to use for cipher diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index f828cb7cb..30bdd3a3f 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -2239,6 +2239,8 @@ changed with \fICURLOPT_SSLCERTTYPE\fP. With NSS this can also be the nickname of the certificate you wish to authenticate with. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname. + +(iOS and Mac OS X only) With Secure Transport, this string must match the name of a certificate that's in the system or user keychain. You should encode this string in UTF-8 format in case it contains non-ASCII characters. The private key corresponding to the certificate, and certificate chain (if any), must also be present in the keychain. .IP CURLOPT_SSLCERTTYPE Pass a pointer to a zero terminated string as parameter. The string should be the format of your certificate. Supported formats are "PEM" and "DER". (Added @@ -2247,6 +2249,8 @@ in 7.9.3) Pass a pointer to a zero terminated string as parameter. The string should be the file name of your private key. The default format is "PEM" and can be changed with \fICURLOPT_SSLKEYTYPE\fP. + +(iOS and Mac OS X only) This option is ignored if curl was built against Secure Transport. Secure Transport expects the private key to be already present in the keychain containing the certificate. .IP CURLOPT_SSLKEYTYPE Pass a pointer to a zero terminated string as parameter. The string should be the format of your private key. Supported formats are "PEM", "DER" and "ENG". |