From 41b1f649bf63e3663fcf3d4a678fef37688e32b7 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 15 Nov 2016 23:44:58 +0100 Subject: cmdline-docs: more options converted over --- docs/cmdline-opts/cacert.d | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 docs/cmdline-opts/cacert.d (limited to 'docs/cmdline-opts/cacert.d') diff --git a/docs/cmdline-opts/cacert.d b/docs/cmdline-opts/cacert.d new file mode 100644 index 000000000..04e113980 --- /dev/null +++ b/docs/cmdline-opts/cacert.d @@ -0,0 +1,28 @@ +Long: cacert +Arg: +Help: CA certificate to verify peer against +Protocols: TLS +--- +Tells curl to use the specified certificate file to verify the peer. The file +may contain multiple CA certificates. The certificate(s) must be in PEM +format. Normally curl is built to use a default file for this, so this option +is typically used to alter that default file. + +curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is +set, and uses the given path as a path to a CA cert bundle. This option +overrides that variable. + +The windows version of curl will automatically look for a CA certs file named +\'curl-ca-bundle.crt\', either in the same directory as curl.exe, or in the +Current Working Directory, or in any folder along your PATH. + +If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module +(libnsspem.so) needs to be available for this option to work properly. + +(iOS and macOS only) If curl is built against Secure Transport, then this +option is supported for backward compatibility with other SSL engines, but it +should not be set. If the option is not set, then curl will use the +certificates in the system and user Keychain to verify the peer, which is the +preferred method of verifying the peer's certificate chain. + +If this option is used several times, the last one will be used. -- cgit v1.2.3