mirror of
https://github.com/curl/curl.git
synced 2024-12-09 06:30:06 +08:00
docs/opts: Mention Schannel client cert type is P12
Schannel backend code behaves same as Secure Transport, it expects a P12 certificate file or the name of a certificate already in the user's OS key store. Also, both backends ignore CURLOPT_SSLKEY (tool: --key) because they expect the private key to already be available from the keystore or P12 certificate. Ref: https://github.com/curl/curl/discussions/8581#discussioncomment-2337260 Closes https://github.com/curl/curl/pull/8587
This commit is contained in:
parent
ba4a8fa4d1
commit
cabcf403ed
@ -1,13 +1,17 @@
|
|||||||
Long: cert-type
|
Long: cert-type
|
||||||
Protocols: TLS
|
Protocols: TLS
|
||||||
Arg: <type>
|
Arg: <type>
|
||||||
Help: Certificate type (DER/PEM/ENG)
|
Help: Certificate type (DER/PEM/ENG/P12)
|
||||||
See-also: cert key key-type
|
See-also: cert key key-type
|
||||||
Category: tls
|
Category: tls
|
||||||
Example: --cert-type PEM --cert file $URL
|
Example: --cert-type PEM --cert file $URL
|
||||||
Added: 7.9.3
|
Added: 7.9.3
|
||||||
---
|
---
|
||||||
Tells curl what type the provided client certificate is using. PEM, DER, ENG
|
Tells curl what type the provided client certificate is using. PEM, DER, ENG
|
||||||
and P12 are recognized types. If not specified, PEM is assumed.
|
and P12 are recognized types.
|
||||||
|
|
||||||
|
The default type depends on the TLS backend and is usually PEM, however for
|
||||||
|
Secure Transport and Schannel it is P12. If --cert is a pkcs11: URI then ENG is
|
||||||
|
the default type.
|
||||||
|
|
||||||
If this option is used several times, the last one will be used.
|
If this option is used several times, the last one will be used.
|
||||||
|
@ -18,4 +18,9 @@ PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set
|
|||||||
as "pkcs11" if none was provided and the --key-type option will be set as
|
as "pkcs11" if none was provided and the --key-type option will be set as
|
||||||
"ENG" if none was provided.
|
"ENG" if none was provided.
|
||||||
|
|
||||||
|
If curl is built against Secure Transport or Schannel then this option is
|
||||||
|
ignored for TLS protocols (HTTPS, etc). Those backends expect the private key
|
||||||
|
to be already present in the keychain or PKCS#12 file containing the
|
||||||
|
certificate.
|
||||||
|
|
||||||
If this option is used several times, the last one will be used.
|
If this option is used several times, the last one will be used.
|
||||||
|
@ -33,9 +33,10 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERTTYPE, char *type);
|
|||||||
Pass a pointer to a null-terminated string as parameter. The string should be
|
Pass a pointer to a null-terminated string as parameter. The string should be
|
||||||
the format of your client certificate used when connecting to an HTTPS proxy.
|
the format of your client certificate used when connecting to an HTTPS proxy.
|
||||||
|
|
||||||
Supported formats are "PEM" and "DER", except with Secure Transport. OpenSSL
|
Supported formats are "PEM" and "DER", except with Secure Transport or
|
||||||
(versions 0.9.3 and later) and Secure Transport (on iOS 5 or later, or OS X
|
Schannel. OpenSSL (versions 0.9.3 and later), Secure Transport (on iOS 5 or
|
||||||
10.7 or later) also support "P12" for PKCS#12-encoded files.
|
later, or OS X 10.7 or later) and Schannel support "P12" for PKCS#12-encoded
|
||||||
|
files.
|
||||||
|
|
||||||
The application does not have to keep the string around after setting this
|
The application does not have to keep the string around after setting this
|
||||||
option.
|
option.
|
||||||
|
@ -35,9 +35,9 @@ the file name of your private key used for connecting to the HTTPS proxy. The
|
|||||||
default format is "PEM" and can be changed with
|
default format is "PEM" and can be changed with
|
||||||
\fICURLOPT_PROXY_SSLKEYTYPE(3)\fP.
|
\fICURLOPT_PROXY_SSLKEYTYPE(3)\fP.
|
||||||
|
|
||||||
(iOS and Mac OS X only) This option is ignored if curl was built against
|
(Windows, iOS and Mac OS X) This option is ignored by Secure Transport and
|
||||||
Secure Transport. Secure Transport expects the private key to be already
|
Schannel SSL backends because they expect the private key to be already present
|
||||||
present in the keychain or PKCS#12 file containing the certificate.
|
in the keychain or PKCS#12 file containing the certificate.
|
||||||
|
|
||||||
The application does not have to keep the string around after setting this
|
The application does not have to keep the string around after setting this
|
||||||
option.
|
option.
|
||||||
|
@ -31,10 +31,12 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLCERTTYPE, char *type);
|
|||||||
.fi
|
.fi
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
Pass a pointer to a null-terminated string as parameter. The string should be
|
Pass a pointer to a null-terminated string as parameter. The string should be
|
||||||
the format of your certificate. Supported formats are "PEM" and "DER", except
|
the format of your certificate.
|
||||||
with Secure Transport. OpenSSL (versions 0.9.3 and later) and Secure Transport
|
|
||||||
(on iOS 5 or later, or OS X 10.7 or later) also support "P12" for
|
Supported formats are "PEM" and "DER", except with Secure Transport or
|
||||||
PKCS#12-encoded files.
|
Schannel. OpenSSL (versions 0.9.3 and later), Secure Transport (on iOS 5 or
|
||||||
|
later, or OS X 10.7 or later) and Schannel support "P12" for PKCS#12-encoded
|
||||||
|
files.
|
||||||
|
|
||||||
The application does not have to keep the string around after setting this
|
The application does not have to keep the string around after setting this
|
||||||
option.
|
option.
|
||||||
|
@ -34,9 +34,9 @@ Pass a pointer to a null-terminated string as parameter. The string should be
|
|||||||
the file name of your private key. The default format is "PEM" and can be
|
the file name of your private key. The default format is "PEM" and can be
|
||||||
changed with \fICURLOPT_SSLKEYTYPE(3)\fP.
|
changed with \fICURLOPT_SSLKEYTYPE(3)\fP.
|
||||||
|
|
||||||
(iOS and Mac OS X only) This option is ignored if curl was built against
|
(Windows, iOS and Mac OS X) This option is ignored by Secure Transport and
|
||||||
Secure Transport. Secure Transport expects the private key to be already
|
Schannel SSL backends because they expect the private key to be already present
|
||||||
present in the keychain or PKCS#12 file containing the certificate.
|
in the keychain or PKCS#12 file containing the certificate.
|
||||||
|
|
||||||
The application does not have to keep the string around after setting this
|
The application does not have to keep the string around after setting this
|
||||||
option.
|
option.
|
||||||
|
@ -62,7 +62,7 @@ const struct helptxt helptext[] = {
|
|||||||
"Verify the status of the server cert via OCSP-staple",
|
"Verify the status of the server cert via OCSP-staple",
|
||||||
CURLHELP_TLS},
|
CURLHELP_TLS},
|
||||||
{" --cert-type <type>",
|
{" --cert-type <type>",
|
||||||
"Certificate type (DER/PEM/ENG)",
|
"Certificate type (DER/PEM/ENG/P12)",
|
||||||
CURLHELP_TLS},
|
CURLHELP_TLS},
|
||||||
{" --ciphers <list of ciphers>",
|
{" --ciphers <list of ciphers>",
|
||||||
"SSL ciphers to use",
|
"SSL ciphers to use",
|
||||||
|
Loading…
Reference in New Issue
Block a user