mirror of
https://github.com/curl/curl.git
synced 2024-12-21 06:50:10 +08:00
ef305de95c
The keyword specifies how option works when specified multiple times: - single: the last provided value replaces the earlier ones - append: it supports being provided multiple times - boolean: on/off values - mutex: flag-like option that disable anoter flag The 'gen.pl' script then outputs the proper and unified language for each option's multi-use behavior in the generated man page. The multi: header is requires in each .d file and will cause build error if missing or set to an unknown value. Closes #9759
39 lines
1.7 KiB
D
39 lines
1.7 KiB
D
c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
SPDX-License-Identifier: curl
|
|
Long: cacert
|
|
Arg: <file>
|
|
Help: CA certificate to verify peer against
|
|
Protocols: TLS
|
|
Category: tls
|
|
See-also: capath insecure
|
|
Example: --cacert CA-file.txt $URL
|
|
Added: 7.5
|
|
Multi: single
|
|
---
|
|
Tells curl to use the specified certificate file to verify the peer. The file
|
|
may contain multiple CA certificates. The certificate(s) must be in PEM
|
|
format. Normally curl is built to use a default file for this, so this option
|
|
is typically used to alter that default file.
|
|
|
|
curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is
|
|
set, and uses the given path as a path to a CA cert bundle. This option
|
|
overrides that variable.
|
|
|
|
The windows version of curl will automatically look for a CA certs file named
|
|
'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the
|
|
Current Working Directory, or in any folder along your PATH.
|
|
|
|
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
|
|
(libnsspem.so) needs to be available for this option to work properly.
|
|
|
|
(iOS and macOS only) If curl is built against Secure Transport, then this
|
|
option is supported for backward compatibility with other SSL engines, but it
|
|
should not be set. If the option is not set, then curl will use the
|
|
certificates in the system and user Keychain to verify the peer, which is the
|
|
preferred method of verifying the peer's certificate chain.
|
|
|
|
(Schannel only) This option is supported for Schannel in Windows 7 or later
|
|
with libcurl 7.60 or later. This option is supported for backward
|
|
compatibility with other SSL engines; instead it is recommended to use
|
|
Windows' store of root certificates (the default for Schannel).
|