diff options
author | moparisthebest <admin@moparisthebest.com> | 2014-09-30 22:31:17 -0400 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-10-07 14:44:19 +0200 |
commit | 93e450793ce289925dfd1d5e3b2d14e781f8dfd4 (patch) | |
tree | 3ceea898922e067a4a692204f6388ab633deebef /src/tool_help.c | |
parent | d1b56d00439ab26d7fc43e37ab18ae331ddc400d (diff) |
SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).
Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
Diffstat (limited to 'src/tool_help.c')
-rw-r--r-- | src/tool_help.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/tool_help.c b/src/tool_help.c index c255be0b9..2b26c58af 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -152,6 +152,7 @@ static const char *const helptext[] = { " --oauth2-bearer TOKEN OAuth 2 Bearer Token (IMAP, POP3, SMTP)", " -o, --output FILE Write to FILE instead of stdout", " --pass PASS Pass phrase for the private key (SSL/SSH)", + " --pinnedpubkey FILE Public key (DER) to verify peer against (OpenSSL)", " --post301 " "Do not switch to GET after following a 301 redirect (H)", " --post302 " |