From d2fe616e7e44a106ac976aaeaa441ad7d8a6df11 Mon Sep 17 00:00:00 2001
From: Nick Zitzmann <nickzman@gmail.com>
Date: Thu, 5 Sep 2013 18:57:06 -0500
Subject: darwinssl: add support for PKCS#12 files for client authentication

I also documented the fact that the OpenSSL engine also supports them.
---
 docs/libcurl/curl_easy_setopt.3 | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

(limited to 'docs/libcurl')

diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 0478fac54..f4084823d 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -2305,22 +2305,20 @@ timeout is set, the internal default of 60000 will be used. (Added in 7.24.0)
 .SH SSL and SECURITY OPTIONS
 .IP CURLOPT_SSLCERT
 Pass a pointer to a zero terminated string as parameter. The string should be
-the file name of your certificate. The default format is "PEM" and can be
-changed with \fICURLOPT_SSLCERTTYPE\fP.
-
-With NSS this can also be the nickname of the certificate you wish to
-authenticate with. If you want to use a file from the current directory, please
-precede it with "./" prefix, in order to avoid confusion with a nickname.
-
-(iOS and Mac OS X only) With Secure Transport, this string must match the name
-of a certificate that's in the system or user keychain. You should encode this
-string in UTF-8 format in case it contains non-ASCII characters. The private
-key corresponding to the certificate, and certificate chain (if any),  must
-also be present in the keychain. (Added in 7.31.0)
+the file name of your certificate. The default format is "P12" on Secure
+Transport and "PEM" on other engines, and can be changed with
+\fICURLOPT_SSLCERTTYPE\fP.
+
+With NSS or Secure Transport, this can also be the nickname of the certificate
+you wish to authenticate with as it is named in the security database. If you
+want to use a file from the current directory, please precede it with "./"
+prefix, in order to avoid confusion with a nickname.
 .IP CURLOPT_SSLCERTTYPE
 Pass a pointer to a zero terminated string as parameter. The string should be
-the format of your certificate. Supported formats are "PEM" and "DER".  (Added
-in 7.9.3)
+the format of your certificate. Supported formats are "PEM" and "DER", except
+with Secure Transport. OpenSSL (versions 0.9.3 and later) and Secure Transport
+(on iOS 5 or later, or OS X 10.6 or later) also support "P12" for
+PKCS#12-encoded files. (Added in 7.9.3)
 .IP CURLOPT_SSLKEY
 Pass a pointer to a zero terminated string as parameter. The string should be
 the file name of your private key. The default format is "PEM" and can be
@@ -2328,7 +2326,7 @@ changed with \fICURLOPT_SSLKEYTYPE\fP.
 
 (iOS and Mac OS X only) This option is ignored if curl was built against Secure
 Transport. Secure Transport expects the private key to be already present in
-the keychain containing the certificate.
+the keychain or PKCS#12 file containing the certificate.
 .IP CURLOPT_SSLKEYTYPE
 Pass a pointer to a zero terminated string as parameter. The string should be
 the format of your private key. Supported formats are "PEM", "DER" and "ENG".
-- 
cgit v1.2.3