From fecec1d8aefb3cc89925cffb83d4de6bc95540bb Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 28 Jan 2018 14:15:56 +0100 Subject: curl: add --proxy-pinnedpubkey To verify a proxy's public key. For when using HTTPS proxies. Fixes #2192 Closes #2268 --- docs/cmdline-opts/Makefile.inc | 2 +- docs/cmdline-opts/proxy-pinnedpubkey.d | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 docs/cmdline-opts/proxy-pinnedpubkey.d (limited to 'docs/cmdline-opts') diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc index e8f46410b..9891f3717 100644 --- a/docs/cmdline-opts/Makefile.inc +++ b/docs/cmdline-opts/Makefile.inc @@ -34,7 +34,7 @@ DPAGES = abstract-unix-socket.d anyauth.d append.d basic.d cacert.d capath.d cer remote-name-all.d remote-name.d remote-time.d request.d resolve.d \ retry-connrefused.d retry.d retry-delay.d retry-max-time.d sasl-ir.d \ service-name.d show-error.d silent.d socks4a.d socks4.d socks5.d \ - socks5-basic.d socks5-gssapi.d \ + socks5-basic.d socks5-gssapi.d proxy-pinnedpubkey.d \ socks5-gssapi-nec.d socks5-gssapi-service.d socks5-hostname.d \ speed-limit.d speed-time.d ssl-allow-beast.d ssl.d ssl-no-revoke.d \ ssl-reqd.d sslv2.d sslv3.d stderr.d suppress-connect-headers.d \ diff --git a/docs/cmdline-opts/proxy-pinnedpubkey.d b/docs/cmdline-opts/proxy-pinnedpubkey.d new file mode 100644 index 000000000..abd6dc4aa --- /dev/null +++ b/docs/cmdline-opts/proxy-pinnedpubkey.d @@ -0,0 +1,16 @@ +Long: proxy-pinnedpubkey +Arg: +Help: FILE/HASHES public key to verify proxy with +Protocols: TLS +--- +Tells curl to use the specified public key file (or hashes) to verify the +proxy. This can be a path to a file which contains a single public key in PEM +or DER format, or any number of base64 encoded sha256 hashes preceded by +\'sha256//\' and separated by \';\' + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl will +abort the connection before sending or receiving any data. + +If this option is used several times, the last one will be used. -- cgit v1.2.3