/curl/docs/cmdline-opts/ |
H A D | cert.md | 6 Arg: <certificate[:password]> 7 Help: Client certificate file and password 22 Use the specified client certificate file when getting a file with HTTPS, FTPS 23 or another SSL-based protocol. The certificate must be in PKCS#12 format if 26 that this option assumes a certificate file that is the private key and the 27 client certificate concatenated. See --cert and --key to specify them 30 In the \<certificate\> portion of the argument, you must escape the character 36 then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in 43 certificate string can either be the name of a certificate/private key in the 44 system or user keychain, or the path to a PKCS#12-encoded certificate and [all …]
|
H A D | ssl-auto-client-cert.md | 5 Help: Use auto client certificate (Schannel) 18 (Schannel) Automatically locate and use a client certificate for 20 certificate that supports client authentication in the OS certificate store it
|
H A D | proxy-insecure.md | 25 proxy's TLS certificate before it continues: that the certificate contains the 26 right name which matches the hostname and that the certificate has been signed 27 by a CA certificate present in the cert store. See this online resource for
|
H A D | proxy-cert.md | 6 Help: Set client certificate for proxy 20 Use the specified client certificate file when communicating with an HTTPS 21 proxy. The certificate must be in PKCS#12 format if using Secure Transport, or
|
H A D | insecure.md | 26 server's TLS certificate before it continues: that the certificate contains 28 certificate has been signed by a CA certificate present in the cert store. See
|
H A D | cacert.md | 6 Help: CA certificate to verify peer against 20 Use the specified certificate file to verify the peer. The file may contain 21 multiple CA certificates. The certificate(s) must be in PEM format. Normally 37 method of verifying the peer's certificate chain.
|
H A D | ftp-alternative-to-user.md | 22 client certificate, using "SITE AUTH" tells the server to retrieve the 23 username from the certificate.
|
/curl/docs/libcurl/opts/ |
H A D | CURLOPT_SSL_VERIFYPEER.md | 22 CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate 37 certificate. A value of 1 means curl verifies; 0 (zero) means it does not. 39 When negotiating a TLS or SSL connection, the server sends a certificate 40 indicating its identity. Curl verifies whether the certificate is authentic, 41 i.e. that you can trust that the server is who the certificate says it is. 49 prove that the certificate is signed by a CA, the connection fails. 52 and the peer certificate verification is simply skipped. 54 Authenticating the certificate is not enough to be sure about the server. You 57 name in the certificate is valid for the hostname you are connecting to is 60 WARNING: disabling verification of the certificate allows bad guys to [all …]
|
H A D | CURLOPT_PROXY_SSL_VERIFYPEER.md | 19 CURLOPT_PROXY_SSL_VERIFYPEER - verify the proxy's SSL certificate 35 certificate. A value of 1 means curl verifies; 0 (zero) means it does not. 40 When negotiating a TLS or SSL connection, the server sends a certificate 41 indicating its identity. Curl verifies whether the certificate is authentic, 42 i.e. that you can trust that the server is who the certificate says it is. 50 fails to prove that the certificate is authentic, the connection fails. When 51 the option is zero, the peer certificate verification succeeds regardless. 53 Authenticating the certificate is not enough to be sure about the server. You 56 hostname in the certificate is valid for the hostname you are connecting to is 59 WARNING: disabling verification of the certificate allows bad guys to [all …]
|
H A D | CURLOPT_DOH_SSL_VERIFYPEER.md | 23 CURLOPT_DOH_SSL_VERIFYPEER - verify the DoH SSL certificate 39 server's certificate. A value of 1 means curl verifies; 0 (zero) means it 45 When negotiating a TLS or SSL connection, the server sends a certificate 46 indicating its identity. Curl verifies whether the certificate is authentic, 47 i.e. that you can trust that the server is who the certificate says it is. 55 prove that the certificate is authentic, the connection fails. When the option 56 is zero, the peer certificate verification succeeds regardless. 58 Authenticating the certificate is not enough to be sure about the server. You 61 hostname in the certificate is valid for the hostname you are connecting to 64 WARNING: disabling verification of the certificate allows bad guys to [all …]
|
H A D | CURLOPT_SSLCERT.md | 24 CURLOPT_SSLCERT - SSL client certificate 37 the filename of your client certificate. The default format is `P12` on Secure 41 With Secure Transport, this can also be the nickname of the certificate you 47 certificate store. (You can import *PFX* to a store first). You can use 48 "\<store location\>\\\<store name\>\\\<thumbprint\>" to refer to a certificate 51 SHA-1 hex string which you can see in certificate details. Following store 55 P12 certificate file, with the string `P12` specified with 58 When using a client certificate, you most likely also need to provide a
|
H A D | CURLOPT_SSL_VERIFYHOST.md | 19 CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host 36 When negotiating TLS and SSL connections, the server sends a certificate 39 When CURLOPT_SSL_VERIFYHOST(3) is 2, that certificate must indicate that 41 fails. Simply put, it means it has to have the same name in the certificate as 45 Subject Alternate Name field in the certificate matches the hostname in the 59 names in the certificate. Use that ability with caution! 63 This option controls checking the server's certificate's claimed identity. 66 WARNING: disabling verification of the certificate allows bad guys to 74 certificate verification can make libcurl trust and use such information from 81 information to do such things as sending back a specific certificate for the
|
H A D | CURLOPT_CA_CACHE_TIMEOUT.md | 24 CURLOPT_CA_CACHE_TIMEOUT - life-time for cached certificate stores 37 time any cached CA certificate store it has in memory may be kept and reused 39 requiring a CA certificate has to reload it. 41 Building a CA certificate store from a CURLOPT_CAINFO(3) file is a slow 42 operation so curl may cache the generated certificate store internally to 63 /* only reuse certificate stores for a short time */
|
H A D | CURLOPT_PROXY_SSL_OPTIONS.md | 48 Tells libcurl to disable certificate revocation checks for those SSL backends 56 Tells libcurl to not accept "partial" certificate chains, which it otherwise 58 certificate verification if the chain ends with an intermediate certificate 63 Tells libcurl to ignore certificate revocation checks in case of missing or 71 Tell libcurl to use the operating system's native CA store for certificate 72 verification. If you set this option and also set a CA certificate file or 82 Tell libcurl to automatically locate and use a client certificate for 86 certificate that supports client authentication in the OS certificate store it
|
H A D | CURLOPT_SSL_OPTIONS.md | 46 Tells libcurl to disable certificate revocation checks for those SSL backends 54 Tells libcurl to not accept "partial" certificate chains, which it otherwise 56 certificate verification if the chain ends with an intermediate certificate 61 Tells libcurl to ignore certificate revocation checks in case of missing or 69 Tell libcurl to use the operating system's native CA store for certificate 70 verification. If you set this option and also set a CA certificate file or 80 Tell libcurl to automatically locate and use a client certificate for 84 certificate that supports client authentication in the OS certificate store it
|
H A D | CURLOPT_ISSUERCERT.md | 20 CURLOPT_ISSUERCERT - issuer SSL certificate filename 33 certificate in PEM format. If the option is set, an additional check against 34 the peer certificate is performed to verify the issuer is indeed the one 35 associated with the certificate provided by the option. This additional check 37 certificate is from a specific branch of the tree. 45 mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3)
|
H A D | CURLOPT_PROXY_SSL_VERIFYHOST.md | 20 CURLOPT_PROXY_SSL_VERIFYHOST - verify the proxy certificate's name against host 34 certificate name fields against the proxy name. 39 When CURLOPT_PROXY_SSL_VERIFYHOST(3) is 2, the proxy certificate must 44 Subject Alternate Name field in the certificate matches the hostname in the 58 names used in the certificate. Use that ability with caution! 61 of the proxy certificate.
|
H A D | CURLOPT_DOH_SSL_VERIFYHOST.md | 21 CURLOPT_DOH_SSL_VERIFYHOST - verify the hostname in the DoH SSL certificate 35 server's certificate name fields against the hostname. 40 When CURLOPT_DOH_SSL_VERIFYHOST(3) is 2, the SSL certificate provided by 45 Subject Alternate Name field in the certificate matches the hostname in the 53 the names used in the certificate. Use that ability with caution! 56 of the DoH server certificate.
|
H A D | CURLOPT_PROXY_ISSUERCERT.md | 22 CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename 35 certificate in PEM format. If the option is set, an additional check against 36 the peer certificate is performed to verify the issuer of the HTTPS proxy is 37 indeed the one associated with the certificate provided by the option. This 39 the peer certificate is from a specific branch of the tree. 47 mismatch with the issuer of peer certificate
|
H A D | CURLOPT_ISSUERCERT_BLOB.md | 20 CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob 34 and size) about a memory block with binary data of a CA certificate in PEM 35 format. If the option is set, an additional check against the peer certificate 37 certificate provided by the option. This additional check is useful in 38 multi-level PKI where one needs to enforce that the peer certificate is from a 47 mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3)
|
H A D | CURLOPT_PROXY_ISSUERCERT_BLOB.md | 21 CURLOPT_PROXY_ISSUERCERT_BLOB - proxy issuer SSL certificate from memory blob 35 size) about a memory block with binary data of a CA certificate in PEM 36 format. If the option is set, an additional check against the peer certificate 38 associated with the certificate provided by the option. This additional check 40 certificate is from a specific branch of the tree. 48 mismatch with the issuer of peer certificate
|
H A D | CURLINFO_CERTINFO.md | 22 CURLINFO_CERTINFO - get the TLS certificate chain 36 struct that holds info about the server's certificate chain, assuming you had 46 The *certinfo* struct member is an array of linked lists of certificate 48 which is the number of elements in the array. Each certificate's list has 51 the SSL backend and the certificate.
|
H A D | CURLOPT_PROXY_PINNEDPUBLICKEY.md | 42 When negotiating a TLS or SSL connection, the https proxy sends a certificate 43 indicating its identity. A public key is extracted from this certificate and 79 from the https proxy server's certificate. 81 # retrieve the server's certificate if you do not already have it 83 # be sure to examine the certificate to see if it is what you expected 88 # - If you do not have sed, then just copy the certificate into a file: 94 # extract public key in pem format from certificate
|
H A D | CURLOPT_PINNEDPUBLICKEY.md | 43 When negotiating a TLS or SSL connection, the server sends a certificate 44 indicating its identity. A public key is extracted from this certificate and 85 server's certificate. 87 # retrieve the server's certificate if you do not already have it 89 # be sure to examine the certificate to see if it is what you expected 94 # - If you do not have sed, then just copy the certificate into a file: 100 # extract public key in pem format from certificate
|
H A D | CURLOPT_PROXY_SSLCERT.md | 24 CURLOPT_PROXY_SSLCERT - HTTPS proxy client certificate 39 the filename of your client certificate used to connect to the HTTPS proxy. 43 With Secure Transport, this can also be the nickname of the certificate you 48 When using a client certificate, you most likely also need to provide a
|