mirror of
https://github.com/curl/curl.git
synced 2024-12-27 06:59:43 +08:00
2bc1d775f5
- they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
39 lines
1.7 KiB
D
39 lines
1.7 KiB
D
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
SPDX-License-Identifier: curl
|
|
Long: cacert
|
|
Arg: <file>
|
|
Help: CA certificate to verify peer against
|
|
Protocols: TLS
|
|
Category: tls
|
|
See-also: capath insecure
|
|
Example: --cacert CA-file.txt $URL
|
|
Added: 7.5
|
|
Multi: single
|
|
---
|
|
Tells curl to use the specified certificate file to verify the peer. The file
|
|
may contain multiple CA certificates. The certificate(s) must be in PEM
|
|
format. Normally curl is built to use a default file for this, so this option
|
|
is typically used to alter that default file.
|
|
|
|
curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is
|
|
set, and uses the given path as a path to a CA cert bundle. This option
|
|
overrides that variable.
|
|
|
|
The windows version of curl will automatically look for a CA certs file named
|
|
'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the
|
|
Current Working Directory, or in any folder along your PATH.
|
|
|
|
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
|
|
(libnsspem.so) needs to be available for this option to work properly.
|
|
|
|
(iOS and macOS only) If curl is built against Secure Transport, then this
|
|
option is supported for backward compatibility with other SSL engines, but it
|
|
should not be set. If the option is not set, then curl will use the
|
|
certificates in the system and user Keychain to verify the peer, which is the
|
|
preferred method of verifying the peer's certificate chain.
|
|
|
|
(Schannel only) This option is supported for Schannel in Windows 7 or later
|
|
with libcurl 7.60 or later. This option is supported for backward
|
|
compatibility with other SSL engines; instead it is recommended to use
|
|
Windows' store of root certificates (the default for Schannel).
|