| /curl/docs/cmdline-opts/ |
| H A D | cert.md | 6 Arg: <certificate[:password]>
7 Help: Client certificate file and password
22 Use the specified client certificate file when getting a file with HTTPS, FTPS
23 or another SSL-based protocol. The certificate must be in PKCS#12 format if
26 that this option assumes a certificate file that is the private key and the
27 client certificate concatenated. See --cert and --key to specify them
30 In the \<certificate\> portion of the argument, you must escape the character
43 a certificate located in a PKCS#11 device. A string beginning with `pkcs11:`
47 certificate string can either be the name of a certificate/private key in the
48 system or user keychain, or the path to a PKCS#12-encoded certificate and
[all …]
|
| H A D | ssl-auto-client-cert.md | 5 Help: Use auto client certificate (Schannel)
18 (Schannel) Automatically locate and use a client certificate for
20 certificate that supports client authentication in the OS certificate store it
|
| H A D | proxy-insecure.md | 25 proxy's TLS certificate before it continues: that the certificate contains the
26 right name which matches the hostname and that the certificate has been signed
27 by a CA certificate present in the cert store. See this online resource for
|
| H A D | proxy-cert.md | 6 Help: Set client certificate for proxy
20 Use the specified client certificate file when communicating with an HTTPS
21 proxy. The certificate must be in PKCS#12 format if using Secure Transport, or
|
| H A D | insecure.md | 26 server's TLS certificate before it continues: that the certificate contains
28 certificate has been signed by a CA certificate present in the cert store. See
|
| H A D | ftp-alternative-to-user.md | 22 client certificate, using "SITE AUTH" tells the server to retrieve the
23 username from the certificate.
|
| H A D | cacert.md | 6 Help: CA certificate to verify peer against
21 Use the specified certificate file to verify the peer. The file may contain
22 multiple CA certificates. The certificate(s) must be in PEM format. Normally
41 method of verifying the peer's certificate chain.
|
| /curl/docs/libcurl/opts/ |
| H A D | CURLOPT_PROXY_SSL_VERIFYPEER.md | 20 CURLOPT_PROXY_SSL_VERIFYPEER - verify the proxy's SSL certificate
36 certificate. A value of 1 means curl verifies; 0 (zero) means it does not.
41 When negotiating a TLS or SSL connection, the server sends a certificate
42 indicating its identity. Curl verifies whether the certificate is authentic,
43 i.e. that you can trust that the server is who the certificate says it is.
51 fails to prove that the certificate is authentic, the connection fails. When
52 the option is zero, the peer certificate verification succeeds regardless.
54 Authenticating the certificate is not enough to be sure about the server. You
57 hostname in the certificate is valid for the hostname you are connecting to is
60 WARNING: disabling verification of the certificate allows bad guys to
[all …]
|
| H A D | CURLOPT_SSL_VERIFYPEER.md | 23 CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate
38 certificate. A value of 1 means curl verifies; 0 (zero) means it does not.
40 When negotiating a TLS or SSL connection, the server sends a certificate
41 indicating its identity. Curl verifies whether the certificate is authentic,
42 i.e. that you can trust that the server is who the certificate says it is.
50 prove that the certificate is signed by a CA, the connection fails.
53 and the peer certificate verification is simply skipped.
55 Authenticating the certificate is not enough to be sure about the server. You
58 name in the certificate is valid for the hostname you are connecting to is
61 WARNING: disabling verification of the certificate allows bad guys to
[all …]
|
| H A D | CURLOPT_DOH_SSL_VERIFYPEER.md | 24 CURLOPT_DOH_SSL_VERIFYPEER - verify the DoH SSL certificate
40 server's certificate. A value of 1 means curl verifies; 0 (zero) means it
46 When negotiating a TLS or SSL connection, the server sends a certificate
47 indicating its identity. Curl verifies whether the certificate is authentic,
48 i.e. that you can trust that the server is who the certificate says it is.
56 prove that the certificate is authentic, the connection fails. When the option
57 is zero, the peer certificate verification succeeds regardless.
59 Authenticating the certificate is not enough to be sure about the server. You
62 hostname in the certificate is valid for the hostname you are connecting to
65 WARNING: disabling verification of the certificate allows bad guys to
[all …]
|
| H A D | CURLOPT_SSL_VERIFYHOST.md | 20 CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host
33 certificate.
35 When negotiating a TLS connection, the server sends a certificate indicating
38 When CURLOPT_SSL_VERIFYHOST(3) is set to 1 or 2, the server certificate must
41 certificate as is used in the URL you operate against.
44 Subject Alternate Name field in the certificate matches the hostname in the
48 in the certificate. Use that ability with caution,
52 the certificate is signed by a trusted Certificate Authority.
54 WARNING: disabling verification of the certificate allows bad guys to
67 A certificate can have the name as a wildcard. The only asterisk (`*`) must
[all …]
|
| H A D | CURLOPT_SSLCERT.md | 25 CURLOPT_SSLCERT - SSL client certificate
38 the filename of your client certificate. The default format is `P12` on Secure
42 With Secure Transport, this can also be the nickname of the certificate you
48 certificate store. (You can import *PFX* to a store first). You can use
49 "\<store location\>\\\<store name\>\\\<thumbprint\>" to refer to a certificate
52 string which you can see in certificate details. Following store locations are
55 **LocalMachineEnterprise**. Schannel also support P12 certificate file, with
58 When using a client certificate, you most likely also need to provide a
|
| H A D | CURLOPT_CA_CACHE_TIMEOUT.md | 25 CURLOPT_CA_CACHE_TIMEOUT - life-time for cached certificate stores
38 time any cached CA certificate store it has in memory may be kept and reused
40 requiring a CA certificate has to reload it.
42 Building a CA certificate store from a CURLOPT_CAINFO(3) file is a slow
43 operation so curl may cache the generated certificate store internally to
66 /* only reuse certificate stores for a short time */
|
| H A D | CURLOPT_PROXY_SSL_OPTIONS.md | 49 Tells libcurl to disable certificate revocation checks for those SSL backends
57 Tells libcurl to not accept "partial" certificate chains, which it otherwise
59 certificate verification if the chain ends with an intermediate certificate
64 Tells libcurl to ignore certificate revocation checks in case of missing or
72 Tell libcurl to use the operating system's native CA store for certificate
73 verification. If you set this option and also set a CA certificate file or
83 Tell libcurl to automatically locate and use a client certificate for
87 certificate that supports client authentication in the OS certificate store it
|
| H A D | CURLOPT_DOH_SSL_VERIFYHOST.md | 22 CURLOPT_DOH_SSL_VERIFYHOST - verify the hostname in the DoH SSL certificate
36 server's certificate name fields against the hostname.
41 When CURLOPT_DOH_SSL_VERIFYHOST(3) is 2, the SSL certificate provided by
46 Subject Alternate Name field in the certificate matches the hostname in the
54 the names used in the certificate. Use that ability with caution.
57 of the DoH server certificate.
|
| H A D | CURLOPT_ISSUERCERT.md | 21 CURLOPT_ISSUERCERT - issuer SSL certificate filename
34 certificate in PEM format. If the option is set, an additional check against
35 the peer certificate is performed to verify the issuer is indeed the one
36 associated with the certificate provided by the option. This additional check
38 certificate is from a specific branch of the tree.
46 mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3)
|
| H A D | CURLOPT_PROXY_ISSUERCERT.md | 23 CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename
36 certificate in PEM format. If the option is set, an additional check against
37 the peer certificate is performed to verify the issuer of the HTTPS proxy is
38 indeed the one associated with the certificate provided by the option. This
40 the peer certificate is from a specific branch of the tree.
48 mismatch with the issuer of peer certificate (CURLOPT_PROXY_SSL_VERIFYPEER(3)
|
| H A D | CURLOPT_PROXY_SSL_VERIFYHOST.md | 21 CURLOPT_PROXY_SSL_VERIFYHOST - verify the proxy certificate's name against host
35 certificate name fields against the proxy name.
40 When CURLOPT_PROXY_SSL_VERIFYHOST(3) is 2, the proxy certificate must
45 Subject Alternate Name field in the certificate matches the hostname in the
59 names used in the certificate. Use that ability with caution.
62 of the proxy certificate.
|
| H A D | CURLOPT_SSL_OPTIONS.md | 47 Tells libcurl to disable certificate revocation checks for those SSL backends
55 Tells libcurl to not accept "partial" certificate chains, which it otherwise
57 certificate verification if the chain ends with an intermediate certificate
62 Tells libcurl to ignore certificate revocation checks in case of missing or
70 Tell libcurl to use the operating system's native CA store for certificate
71 verification. If you set this option and also set a CA certificate file or
81 Tell libcurl to automatically locate and use a client certificate for
85 certificate that supports client authentication in the OS certificate store it
|
| H A D | CURLOPT_ISSUERCERT_BLOB.md | 21 CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob
35 and size) about a memory block with binary data of a CA certificate in PEM
36 format. If the option is set, an additional check against the peer certificate
38 certificate provided by the option. This additional check is useful in
39 multi-level PKI where one needs to enforce that the peer certificate is from a
48 mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3)
|
| H A D | CURLOPT_PROXY_ISSUERCERT_BLOB.md | 22 CURLOPT_PROXY_ISSUERCERT_BLOB - proxy issuer SSL certificate from memory blob
36 size) about a memory block with binary data of a CA certificate in PEM
37 format. If the option is set, an additional check against the peer certificate
39 associated with the certificate provided by the option. This additional check
41 certificate is from a specific branch of the tree.
49 mismatch with the issuer of peer certificate
|
| H A D | CURLINFO_CERTINFO.md | 23 CURLINFO_CERTINFO - get the TLS certificate chain
37 struct that holds info about the server's certificate chain, assuming you had
47 The *certinfo* struct member is an array of linked lists of certificate
49 which is the number of elements in the array. Each certificate's list has
52 the SSL backend and the certificate.
|
| H A D | CURLOPT_PINNEDPUBLICKEY.md | 44 When negotiating a TLS or SSL connection, the server sends a certificate
45 indicating its identity. A public key is extracted from this certificate and
88 server's certificate.
90 # retrieve the server's certificate if you do not already have it
92 # be sure to examine the certificate to see if it is what you expected
97 # - If you do not have sed, then just copy the certificate into a file:
103 # extract public key in pem format from certificate
|
| H A D | CURLOPT_PROXY_PINNEDPUBLICKEY.md | 43 When negotiating a TLS or SSL connection, the https proxy sends a certificate
44 indicating its identity. A public key is extracted from this certificate and
85 from the https proxy server's certificate.
87 # retrieve the server's certificate if you do not already have it
89 # be sure to examine the certificate to see if it is what you expected
94 # - If you do not have sed, then just copy the certificate into a file:
100 # extract public key in pem format from certificate
|
| H A D | CURLOPT_PROXY_SSLCERT.md | 25 CURLOPT_PROXY_SSLCERT - HTTPS proxy client certificate
40 the filename of your client certificate used to connect to the HTTPS proxy.
44 With Secure Transport, this can also be the nickname of the certificate you
49 When using a client certificate, you most likely also need to provide a
|
