curl/docs/cmdline-opts/cacert.d

c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Long: cacert
Arg: <file>
Help: CA certificate to verify peer against
Protocols: TLS
Category: tls
See-also: capath insecure
Example: --cacert CA-file.txt $URL
Added: 7.5
Multi: single
---
Tells curl to use the specified certificate file to verify the peer. The file
may contain multiple CA certificates. The certificate(s) must be in PEM
format. Normally curl is built to use a default file for this, so this option
is typically used to alter that default file.

curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is
set, and uses the given path as a path to a CA cert bundle. This option
overrides that variable.

The windows version of curl will automatically look for a CA certs file named
'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the
Current Working Directory, or in any folder along your PATH.

If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
(libnsspem.so) needs to be available for this option to work properly.

(iOS and macOS only) If curl is built against Secure Transport, then this
option is supported for backward compatibility with other SSL engines, but it
should not be set. If the option is not set, then curl will use the
certificates in the system and user Keychain to verify the peer, which is the
preferred method of verifying the peer's certificate chain.

(Schannel only) This option is supported for Schannel in Windows 7 or later
with libcurl 7.60 or later. This option is supported for backward
compatibility with other SSL engines; instead it is recommended to use
Windows' store of root certificates (the default for Schannel).
docs/cmdline-opts: add copyright and license identifier to each file gen.pl now insists on C: and SPDX-License-Identifier: fields to be present in all files. Closes #9002 2022-06-14 06:12:03 +08:00			`c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.`
			`SPDX-License-Identifier: curl`
cmdline-docs: more options converted over 2016-11-16 06:44:58 +08:00			`Long: cacert`
zsh.pl: produce a working completion script again Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to produce a broken completion script: % curl --<TAB> _curl:10: no such file or directory: seconds Closes #1779 2017-08-14 22:13:32 +08:00			`Arg: <file>`
cmdline-docs: more options converted over 2016-11-16 06:44:58 +08:00			`Help: CA certificate to verify peer against`
			`Protocols: TLS`
docs: add categories to all cmdline opts Adapted gen.pl with 'listcats' This commit is a part of "--help me if you can" Closes #5680 2020-07-13 20:15:04 +08:00			`Category: tls`
curl.1: require "see also" for every documented option gen.pl now generates a warning if the "See Also" field is not filled in for a command line option All command line options now provide one or more related options. 167 "See alsos" added! Closes #8019 2021-11-15 22:58:20 +08:00			`See-also: capath insecure`
curl.1: provide examples for each option The file format for each option now features a "Example:" header that can provide one or more examples that get rendered appropriately in the output. All options MUST have at least one example or gen.pl complains at build-time. This fix also does a few other minor format and consistency cleanups. Closes #7654 2021-08-31 22:37:14 +08:00			`Example: --cacert CA-file.txt $URL`
cmdline-opts: made the 'Added:' field mandatory Since "too old" versions are no longer included in the generated man page, this field is now mandatory so that it won't be forgotten and then not included in the documentation. Closes #7786 2021-09-28 17:50:07 +08:00			`Added: 7.5`
cmdline/docs: add a required 'multi' keyword for each option The keyword specifies how option works when specified multiple times: - single: the last provided value replaces the earlier ones - append: it supports being provided multiple times - boolean: on/off values - mutex: flag-like option that disable anoter flag The 'gen.pl' script then outputs the proper and unified language for each option's multi-use behavior in the generated man page. The multi: header is requires in each .d file and will cause build error if missing or set to an unknown value. Closes #9759 2022-10-18 16:39:43 +08:00			`Multi: single`
cmdline-docs: more options converted over 2016-11-16 06:44:58 +08:00			`---`
			`Tells curl to use the specified certificate file to verify the peer. The file`
			`may contain multiple CA certificates. The certificate(s) must be in PEM`
			`format. Normally curl is built to use a default file for this, so this option`
			`is typically used to alter that default file.`

			`curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is`
			`set, and uses the given path as a path to a CA cert bundle. This option`
			`overrides that variable.`

			`The windows version of curl will automatically look for a CA certs file named`
gen.pl: replace leading single quotes with \(aq ... and allow single quotes to be used "normally" in the .d files. Makes the output curl.1 use better nroff. Reported-by: Sergio Durigan Junior Ref: #7928 Closes #7933 2021-11-01 16:55:28 +08:00			`'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the`
cmdline-docs: more options converted over 2016-11-16 06:44:58 +08:00			`Current Working Directory, or in any folder along your PATH.`

			`If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module`
			`(libnsspem.so) needs to be available for this option to work properly.`

			`(iOS and macOS only) If curl is built against Secure Transport, then this`
			`option is supported for backward compatibility with other SSL engines, but it`
			`should not be set. If the option is not set, then curl will use the`
			`certificates in the system and user Keychain to verify the peer, which is the`
			`preferred method of verifying the peer's certificate chain.`

curl.1: provide examples for each option The file format for each option now features a "Example:" header that can provide one or more examples that get rendered appropriately in the output. All options MUST have at least one example or gen.pl complains at build-time. This fix also does a few other minor format and consistency cleanups. Closes #7654 2021-08-31 22:37:14 +08:00			`(Schannel only) This option is supported for Schannel in Windows 7 or later`
			`with libcurl 7.60 or later. This option is supported for backward`
			`compatibility with other SSL engines; instead it is recommended to use`
			`Windows' store of root certificates (the default for Schannel).`