| /curl/docs/cmdline-opts/ |
| H A D | cert.md | 6 Arg: <certificate[:password]>
7 Help: Client certificate file and password
22 Use the specified client certificate file when getting a file with HTTPS, FTPS
23 or another SSL-based protocol. The certificate must be in PKCS#12 format if
26 that this option assumes a certificate file that is the private key and the
27 client certificate concatenated. See --cert and --key to specify them
30 In the \<certificate\> portion of the argument, you must escape the character
36 then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
43 certificate string can either be the name of a certificate/private key in the
44 system or user keychain, or the path to a PKCS#12-encoded certificate and
[all …]
|
| H A D | ssl-auto-client-cert.md | 5 Help: Use auto client certificate (Schannel)
18 (Schannel) Automatically locate and use a client certificate for
20 certificate that supports client authentication in the OS certificate store it
|
| H A D | proxy-insecure.md | 25 proxy's TLS certificate before it continues: that the certificate contains the
26 right name which matches the hostname and that the certificate has been signed
27 by a CA certificate present in the cert store. See this online resource for
|
| H A D | proxy-cert.md | 6 Help: Set client certificate for proxy
20 Use the specified client certificate file when communicating with an HTTPS
21 proxy. The certificate must be in PKCS#12 format if using Secure Transport, or
|
| H A D | insecure.md | 26 server's TLS certificate before it continues: that the certificate contains
28 certificate has been signed by a CA certificate present in the cert store. See
|
| H A D | cacert.md | 6 Help: CA certificate to verify peer against
20 Use the specified certificate file to verify the peer. The file may contain
21 multiple CA certificates. The certificate(s) must be in PEM format. Normally
37 method of verifying the peer's certificate chain.
|
| H A D | ftp-alternative-to-user.md | 22 client certificate, using "SITE AUTH" tells the server to retrieve the
23 username from the certificate.
|
| /curl/docs/libcurl/opts/ |
| H A D | CURLOPT_SSL_VERIFYPEER.md | 22 CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate
37 certificate. A value of 1 means curl verifies; 0 (zero) means it does not.
39 When negotiating a TLS or SSL connection, the server sends a certificate
40 indicating its identity. Curl verifies whether the certificate is authentic,
41 i.e. that you can trust that the server is who the certificate says it is.
49 prove that the certificate is signed by a CA, the connection fails.
52 and the peer certificate verification is simply skipped.
54 Authenticating the certificate is not enough to be sure about the server. You
57 name in the certificate is valid for the hostname you are connecting to is
60 WARNING: disabling verification of the certificate allows bad guys to
[all …]
|
| H A D | CURLOPT_PROXY_SSL_VERIFYPEER.md | 19 CURLOPT_PROXY_SSL_VERIFYPEER - verify the proxy's SSL certificate
35 certificate. A value of 1 means curl verifies; 0 (zero) means it does not.
40 When negotiating a TLS or SSL connection, the server sends a certificate
41 indicating its identity. Curl verifies whether the certificate is authentic,
42 i.e. that you can trust that the server is who the certificate says it is.
50 fails to prove that the certificate is authentic, the connection fails. When
51 the option is zero, the peer certificate verification succeeds regardless.
53 Authenticating the certificate is not enough to be sure about the server. You
56 hostname in the certificate is valid for the hostname you are connecting to is
59 WARNING: disabling verification of the certificate allows bad guys to
[all …]
|
| H A D | CURLOPT_DOH_SSL_VERIFYPEER.md | 23 CURLOPT_DOH_SSL_VERIFYPEER - verify the DoH SSL certificate
39 server's certificate. A value of 1 means curl verifies; 0 (zero) means it
45 When negotiating a TLS or SSL connection, the server sends a certificate
46 indicating its identity. Curl verifies whether the certificate is authentic,
47 i.e. that you can trust that the server is who the certificate says it is.
55 prove that the certificate is authentic, the connection fails. When the option
56 is zero, the peer certificate verification succeeds regardless.
58 Authenticating the certificate is not enough to be sure about the server. You
61 hostname in the certificate is valid for the hostname you are connecting to
64 WARNING: disabling verification of the certificate allows bad guys to
[all …]
|
| H A D | CURLOPT_SSLCERT.md | 24 CURLOPT_SSLCERT - SSL client certificate
37 the filename of your client certificate. The default format is `P12` on Secure
41 With Secure Transport, this can also be the nickname of the certificate you
47 certificate store. (You can import *PFX* to a store first). You can use
48 "\<store location\>\\\<store name\>\\\<thumbprint\>" to refer to a certificate
51 SHA-1 hex string which you can see in certificate details. Following store
55 P12 certificate file, with the string `P12` specified with
58 When using a client certificate, you most likely also need to provide a
|
| H A D | CURLOPT_SSL_VERIFYHOST.md | 19 CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host
36 When negotiating TLS and SSL connections, the server sends a certificate
39 When CURLOPT_SSL_VERIFYHOST(3) is 2, that certificate must indicate that
41 fails. Simply put, it means it has to have the same name in the certificate as
45 Subject Alternate Name field in the certificate matches the hostname in the
59 names in the certificate. Use that ability with caution!
63 This option controls checking the server's certificate's claimed identity.
66 WARNING: disabling verification of the certificate allows bad guys to
74 certificate verification can make libcurl trust and use such information from
81 information to do such things as sending back a specific certificate for the
|
| H A D | CURLOPT_CA_CACHE_TIMEOUT.md | 24 CURLOPT_CA_CACHE_TIMEOUT - life-time for cached certificate stores
37 time any cached CA certificate store it has in memory may be kept and reused
39 requiring a CA certificate has to reload it.
41 Building a CA certificate store from a CURLOPT_CAINFO(3) file is a slow
42 operation so curl may cache the generated certificate store internally to
63 /* only reuse certificate stores for a short time */
|
| H A D | CURLOPT_PROXY_SSL_OPTIONS.md | 48 Tells libcurl to disable certificate revocation checks for those SSL backends
56 Tells libcurl to not accept "partial" certificate chains, which it otherwise
58 certificate verification if the chain ends with an intermediate certificate
63 Tells libcurl to ignore certificate revocation checks in case of missing or
71 Tell libcurl to use the operating system's native CA store for certificate
72 verification. If you set this option and also set a CA certificate file or
82 Tell libcurl to automatically locate and use a client certificate for
86 certificate that supports client authentication in the OS certificate store it
|
| H A D | CURLOPT_SSL_OPTIONS.md | 46 Tells libcurl to disable certificate revocation checks for those SSL backends
54 Tells libcurl to not accept "partial" certificate chains, which it otherwise
56 certificate verification if the chain ends with an intermediate certificate
61 Tells libcurl to ignore certificate revocation checks in case of missing or
69 Tell libcurl to use the operating system's native CA store for certificate
70 verification. If you set this option and also set a CA certificate file or
80 Tell libcurl to automatically locate and use a client certificate for
84 certificate that supports client authentication in the OS certificate store it
|
| H A D | CURLOPT_ISSUERCERT.md | 20 CURLOPT_ISSUERCERT - issuer SSL certificate filename
33 certificate in PEM format. If the option is set, an additional check against
34 the peer certificate is performed to verify the issuer is indeed the one
35 associated with the certificate provided by the option. This additional check
37 certificate is from a specific branch of the tree.
45 mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3)
|
| H A D | CURLOPT_PROXY_SSL_VERIFYHOST.md | 20 CURLOPT_PROXY_SSL_VERIFYHOST - verify the proxy certificate's name against host
34 certificate name fields against the proxy name.
39 When CURLOPT_PROXY_SSL_VERIFYHOST(3) is 2, the proxy certificate must
44 Subject Alternate Name field in the certificate matches the hostname in the
58 names used in the certificate. Use that ability with caution!
61 of the proxy certificate.
|
| H A D | CURLOPT_DOH_SSL_VERIFYHOST.md | 21 CURLOPT_DOH_SSL_VERIFYHOST - verify the hostname in the DoH SSL certificate
35 server's certificate name fields against the hostname.
40 When CURLOPT_DOH_SSL_VERIFYHOST(3) is 2, the SSL certificate provided by
45 Subject Alternate Name field in the certificate matches the hostname in the
53 the names used in the certificate. Use that ability with caution!
56 of the DoH server certificate.
|
| H A D | CURLOPT_PROXY_ISSUERCERT.md | 22 CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename
35 certificate in PEM format. If the option is set, an additional check against
36 the peer certificate is performed to verify the issuer of the HTTPS proxy is
37 indeed the one associated with the certificate provided by the option. This
39 the peer certificate is from a specific branch of the tree.
47 mismatch with the issuer of peer certificate
|
| H A D | CURLOPT_ISSUERCERT_BLOB.md | 20 CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob
34 and size) about a memory block with binary data of a CA certificate in PEM
35 format. If the option is set, an additional check against the peer certificate
37 certificate provided by the option. This additional check is useful in
38 multi-level PKI where one needs to enforce that the peer certificate is from a
47 mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3)
|
| H A D | CURLOPT_PROXY_ISSUERCERT_BLOB.md | 21 CURLOPT_PROXY_ISSUERCERT_BLOB - proxy issuer SSL certificate from memory blob
35 size) about a memory block with binary data of a CA certificate in PEM
36 format. If the option is set, an additional check against the peer certificate
38 associated with the certificate provided by the option. This additional check
40 certificate is from a specific branch of the tree.
48 mismatch with the issuer of peer certificate
|
| H A D | CURLINFO_CERTINFO.md | 22 CURLINFO_CERTINFO - get the TLS certificate chain
36 struct that holds info about the server's certificate chain, assuming you had
46 The *certinfo* struct member is an array of linked lists of certificate
48 which is the number of elements in the array. Each certificate's list has
51 the SSL backend and the certificate.
|
| H A D | CURLOPT_PROXY_PINNEDPUBLICKEY.md | 42 When negotiating a TLS or SSL connection, the https proxy sends a certificate
43 indicating its identity. A public key is extracted from this certificate and
79 from the https proxy server's certificate.
81 # retrieve the server's certificate if you do not already have it
83 # be sure to examine the certificate to see if it is what you expected
88 # - If you do not have sed, then just copy the certificate into a file:
94 # extract public key in pem format from certificate
|
| H A D | CURLOPT_PINNEDPUBLICKEY.md | 43 When negotiating a TLS or SSL connection, the server sends a certificate
44 indicating its identity. A public key is extracted from this certificate and
85 server's certificate.
87 # retrieve the server's certificate if you do not already have it
89 # be sure to examine the certificate to see if it is what you expected
94 # - If you do not have sed, then just copy the certificate into a file:
100 # extract public key in pem format from certificate
|
| H A D | CURLOPT_PROXY_SSLCERT.md | 24 CURLOPT_PROXY_SSLCERT - HTTPS proxy client certificate
39 the filename of your client certificate used to connect to the HTTPS proxy.
43 With Secure Transport, this can also be the nickname of the certificate you
48 When using a client certificate, you most likely also need to provide a
|
