1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Long: proxy-pinnedpubkey 5Arg: <hashes> 6Help: FILE/HASHES public key to verify proxy with 7Protocols: TLS 8Category: proxy tls 9Added: 7.59.0 10Multi: single 11See-also: 12 - pinnedpubkey 13 - proxy 14Example: 15 - --proxy-pinnedpubkey keyfile $URL 16 - --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' $URL 17--- 18 19# `--proxy-pinnedpubkey` 20 21Use the specified public key file (or hashes) to verify the proxy. This can be 22a path to a file which contains a single public key in PEM or DER format, or 23any number of base64 encoded sha256 hashes preceded by 'sha256//' and 24separated by ';'. 25 26When negotiating a TLS or SSL connection, the server sends a certificate 27indicating its identity. A public key is extracted from this certificate and 28if it does not exactly match the public key provided to this option, curl 29aborts the connection before sending or receiving any data. 30
