aboutsummaryrefslogtreecommitdiff
path: root/docs/curl.1
diff options
context:
space:
mode:
Diffstat (limited to 'docs/curl.1')
-rw-r--r--docs/curl.115
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/curl.1 b/docs/curl.1
index 4d97227af..90b284288 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -530,6 +530,19 @@ OpenSSL-powered curl to make SSL-connections much more efficiently than using
If this option is set, the default capath value will be ignored, and if it is
used several times, the last one will be used.
+.IP "--pinnedpubkey <pinned public key>"
+(SSL) Tells curl to use the specified public key file to verify the peer. The
+file must contain a single public key in DER format.
+
+When negotiating a TLS or SSL connection, the server sends a certificate
+indicating its identity. A public key is extracted from this certificate
+and if it does not exactly match the public key provided to this option,
+curl will abort the connection before sending or receiving any data.
+
+This is currently only implemented in the OpenSSL backend, with more backends
+expected to follow shortly.
+
+If this option is used several times, the last one will be used.
.IP "-f, --fail"
(HTTP) Fail silently (no output at all) on server errors. This is mostly done
to better enable scripts etc to better deal with failed attempts. In
@@ -2180,6 +2193,8 @@ unable to parse FTP file list
FTP chunk callback reported error
.IP 89
No connection available, the session will be queued
+.IP 90
+SSL public key does not matched pinned public key
.IP XX
More error codes will appear here in future releases. The existing ones
are meant to never change.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 11:00:59 +0000