mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-09 06:30:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
f0b374f662
curl/docs/cmdline-opts/cacert.d
Daniel Stenberg ef305de95c
cmdline/docs: add a required 'multi' keyword for each option 
The keyword specifies how option works when specified multiple times:

 - single: the last provided value replaces the earlier ones
 - append: it supports being provided multiple times
 - boolean: on/off values
 - mutex: flag-like option that disable anoter flag

The 'gen.pl' script then outputs the proper and unified language for
each option's multi-use behavior in the generated man page.

The multi: header is requires in each .d file and will cause build error
if missing or set to an unknown value.

Closes #9759
2022-10-18 18:50:25 +02:00

39 lines
1.7 KiB
D
Raw Blame History

c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Long: cacert
Arg: <file>
Help: CA certificate to verify peer against
Protocols: TLS
Category: tls
See-also: capath insecure
Example: --cacert CA-file.txt $URL
Added: 7.5
Multi: single
---
Tells curl to use the specified certificate file to verify the peer. The file
may contain multiple CA certificates. The certificate(s) must be in PEM
format. Normally curl is built to use a default file for this, so this option
is typically used to alter that default file.
curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is
set, and uses the given path as a path to a CA cert bundle. This option
overrides that variable.
The windows version of curl will automatically look for a CA certs file named
'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the
Current Working Directory, or in any folder along your PATH.
If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
(libnsspem.so) needs to be available for this option to work properly.
(iOS and macOS only) If curl is built against Secure Transport, then this
option is supported for backward compatibility with other SSL engines, but it
should not be set. If the option is not set, then curl will use the
certificates in the system and user Keychain to verify the peer, which is the
preferred method of verifying the peer's certificate chain.
(Schannel only) This option is supported for Schannel in Windows 7 or later
with libcurl 7.60 or later. This option is supported for backward
compatibility with other SSL engines; instead it is recommended to use
Windows' store of root certificates (the default for Schannel).
Reference in New Issue View Git Blame Copy Permalink