From be1a5051890b7ad9339b0208424b94aa32c64776 Mon Sep 17 00:00:00 2001 From: moparisthebest Date: Mon, 24 Nov 2014 19:30:09 +0100 Subject: SSL: Add PEM format support for public key pinning --- docs/curl.1 | 4 ++-- docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'docs') diff --git a/docs/curl.1 b/docs/curl.1 index 5f88cffb8..7d914645d 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -539,14 +539,14 @@ If this option is set, the default capath value will be ignored, and if it is used several times, the last one will be used. .IP "--pinnedpubkey " (SSL) Tells curl to use the specified public key file to verify the peer. The -file must contain a single public key in DER format. +file must contain a single public key in PEM or DER format. When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data. -This is currently only implemented in the OpenSSL and GnuTLS backends. +This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends. If this option is used several times, the last one will be used. (Added in 7.39.0) diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 index d7c6932e3..2d8639275 100644 --- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 +++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 @@ -29,7 +29,7 @@ CURLOPT_PINNEDPUBLICKEY \- set pinned public key CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey); .SH DESCRIPTION Pass a pointer to a zero terminated string as parameter. The string should be -the file name of your pinned public key. The format expected is "DER". +the file name of your pinned public key. The format expected is "PEM" or "DER". When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and -- cgit v1.2.3