diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/curl.1 | 12 | ||||
| -rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 16 |
2 files changed, 23 insertions, 5 deletions
diff --git a/docs/curl.1 b/docs/curl.1 index 01b89fb50..10ff68f4a 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -211,7 +211,17 @@ certificate concatenated! If this option is used several times, the last one will be used. .IP "--cacert <CA certificate>" (HTTPS) Tells curl to use the specified certificate file to verify the -peer. The certificate must be in PEM format. +peer. The file may contain multiple CA certificates. The certificate(s) must +be in PEM format. + +If this option is used several times, the last one will be used. +.IP "--capath <CA certificate directory>" +(HTTPS) Tells curl to use the specified certificate directory to verify the +peer. The certificates must be in PEM format, and the directory must have been +processed using the c_rehash utility supplied with openssl. Certificate directories +are not supported under Windows (because c_rehash uses symbolink links to +create them). Using --capath can allow curl to make https connections much +more efficiently than using --cacert if the --cacert file contains many CA certificates. If this option is used several times, the last one will be used. .IP "-f/--fail" diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index 5635ebdb4..a118a15d6 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -514,12 +514,20 @@ argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP. .B CURLOPT_SSL_VERIFYPEER Pass a long that is set to a non-zero value to make curl verify the peer's certificate. The certificate to verify against must be specified with the -CURLOPT_CAINFO option. (Added in 7.4.2) +CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified +with the CURLOPT_CAPATH option (Added in 7.9.8). .TP .B CURLOPT_CAINFO -Pass a char * to a zero terminated file naming holding the certificate to -verify the peer with. This only makes sense when used in combination with the -CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2) +Pass a char * to a zero terminated string naming a file holding one or more +certificates to verify the peer with. This only makes sense when used in +combination with the CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2) +.TP +.B CURLOPT_CAPATH +Pass a char * to a zero terminated string naming a directory holding multiple CA +certificates to verify the peer with. The certificate directory must be prepared using +the openssl c_rehash utility. This only makes sense when used in combination with the +CURLOPT_SSL_VERIFYPEER option. The CAPATH function apparently does not work in Windows +due to some limitation in openssl. (Added in 7.9.8) .TP .B CURLOPT_PASSWDFUNCTION Pass a pointer to a \fIcurl_passwd_callback\fP function that will be called |