diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/TODO | 12 | ||||
| -rw-r--r-- | docs/cmdline-opts/cacert.d | 5 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_CAINFO.3 | 5 |
3 files changed, 10 insertions, 12 deletions
@@ -121,7 +121,6 @@ 15. WinSSL/SChannel 15.1 Add support for client certificate authentication - 15.2 Add support for custom server certificate validation 15.3 Add support for the --ciphers option 16. SASL @@ -823,17 +822,6 @@ that doesn't exist on the server, just like --ftp-create-dirs. - Getting a Certificate for Schannel https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx -15.2 Add support for custom server certificate validation - - WinSSL/SChannel currently makes use of the OS-level system and user - certificate trust store. This does not allow the application or user to - customize the server certificate validation process using curl or libcurl. - - Therefore support for the existing --cacert or --capath options should be - implemented by supplying a custom certificate to the SChannel APIs, see: - - Getting a Certificate for Schannel - https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx - 15.3 Add support for the --ciphers option The cipher suites used by WinSSL/SChannel are configured on an OS-level diff --git a/docs/cmdline-opts/cacert.d b/docs/cmdline-opts/cacert.d index b2ecf9088..073ad3a9a 100644 --- a/docs/cmdline-opts/cacert.d +++ b/docs/cmdline-opts/cacert.d @@ -25,4 +25,9 @@ should not be set. If the option is not set, then curl will use the certificates in the system and user Keychain to verify the peer, which is the preferred method of verifying the peer's certificate chain. +(Schannel/WinSSL only) This option is supported for WinSSL in Windows 7 or +later with libcurl 7.60 or later. This option is supported for backward +compatibility with other SSL engines; instead it is recommended to use Windows' +store of root certificates (the default for WinSSL). + If this option is used several times, the last one will be used. diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.3 b/docs/libcurl/opts/CURLOPT_CAINFO.3 index bc094ef00..4e7db0448 100644 --- a/docs/libcurl/opts/CURLOPT_CAINFO.3 +++ b/docs/libcurl/opts/CURLOPT_CAINFO.3 @@ -52,6 +52,11 @@ should not be set. If the option is not set, then curl will use the certificates in the system and user Keychain to verify the peer, which is the preferred method of verifying the peer's certificate chain. +(Schannel/WinSSL only) This option is supported for WinSSL in Windows 7 or +later with libcurl 7.60 or later. This option is supported for backward +compatibility with other SSL engines; instead it is recommended to use Windows' +store of root certificates (the default for WinSSL). + The application does not have to keep the string around after setting this option. .SH DEFAULT |