From 0675abbc7572ff6d711a1f325d9b812f98bce78f Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Sun, 5 Apr 2015 01:48:16 -0400
Subject: cyassl: Implement public key pinning

Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
---
 docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'docs/libcurl/opts')

diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
index 4cc68b1d3..94cad31f0 100644
--- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
+++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
@@ -50,11 +50,22 @@ if(curl) {
   curl_easy_perform(curl);
 }
 .fi
+.SH PUBLIC KEY EXTRACTION
+If you do not have the server's public key file you can extract it from the
+server's certificate.
+.nf
+openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem
+.fi
+The public key is output in PEM format and contains a header, base64 data and a
+footer:
+.nf
+-----BEGIN PUBLIC KEY-----
+[BASE 64 DATA]
+-----END PUBLIC KEY-----
+.fi
 .SH AVAILABILITY
-If built TLS enabled. This is currently only implemented in the OpenSSL,
-GnuTLS, NSS and GSKit backends.
-
-Added in libcurl 7.39.0
+Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for
+NSS and wolfSSL/CyaSSL. Other SSL backends not supported.
 .SH RETURN VALUE
 Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
-- 
cgit v1.2.3