2023-01-02 20:51:48 +08:00
|
|
|
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
2022-06-14 06:12:03 +08:00
|
|
|
SPDX-License-Identifier: curl
|
2016-11-16 06:44:58 +08:00
|
|
|
Long: pinnedpubkey
|
|
|
|
Arg: <hashes>
|
|
|
|
Help: FILE/HASHES Public key to verify peer against
|
|
|
|
Protocols: TLS
|
2020-07-13 20:15:04 +08:00
|
|
|
Category: tls
|
2021-08-31 22:37:14 +08:00
|
|
|
Example: --pinnedpubkey keyfile $URL
|
|
|
|
Example: --pinnedpubkey 'sha256//ce118b51897f4452dc' $URL
|
2021-09-28 17:50:07 +08:00
|
|
|
Added: 7.39.0
|
2021-11-15 22:58:20 +08:00
|
|
|
See-also: hostpubsha256
|
2022-10-18 16:39:43 +08:00
|
|
|
Multi: single
|
2016-11-16 06:44:58 +08:00
|
|
|
---
|
|
|
|
Tells curl to use the specified public key file (or hashes) to verify the
|
|
|
|
peer. This can be a path to a file which contains a single public key in PEM
|
|
|
|
or DER format, or any number of base64 encoded sha256 hashes preceded by
|
2021-11-01 16:55:28 +08:00
|
|
|
'sha256//' and separated by ';'.
|
2016-11-16 06:44:58 +08:00
|
|
|
|
|
|
|
When negotiating a TLS or SSL connection, the server sends a certificate
|
|
|
|
indicating its identity. A public key is extracted from this certificate and
|
|
|
|
if it does not exactly match the public key provided to this option, curl will
|
|
|
|
abort the connection before sending or receiving any data.
|
|
|
|
|
|
|
|
PEM/DER support:
|
2021-07-04 05:11:00 +08:00
|
|
|
|
|
|
|
7.39.0: OpenSSL, GnuTLS and GSKit
|
|
|
|
|
|
|
|
7.43.0: NSS and wolfSSL
|
|
|
|
|
|
|
|
7.47.0: mbedtls
|
|
|
|
|
2016-11-16 06:44:58 +08:00
|
|
|
sha256 support:
|
2021-07-04 05:11:00 +08:00
|
|
|
|
|
|
|
7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
|
|
|
|
|
|
|
|
7.47.0: mbedtls
|
|
|
|
|
2016-11-16 06:44:58 +08:00
|
|
|
Other SSL backends not supported.
|