Loading docs/curl.1 +11 −1 Original line number Diff line number Diff line Loading @@ -211,7 +211,17 @@ certificate concatenated! If this option is used several times, the last one will be used. .IP "--cacert <CA certificate>" (HTTPS) Tells curl to use the specified certificate file to verify the peer. The certificate must be in PEM format. peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. If this option is used several times, the last one will be used. .IP "--capath <CA certificate directory>" (HTTPS) Tells curl to use the specified certificate directory to verify the peer. The certificates must be in PEM format, and the directory must have been processed using the c_rehash utility supplied with openssl. Certificate directories are not supported under Windows (because c_rehash uses symbolink links to create them). Using --capath can allow curl to make https connections much more efficiently than using --cacert if the --cacert file contains many CA certificates. If this option is used several times, the last one will be used. .IP "-f/--fail" Loading docs/libcurl/curl_easy_setopt.3 +12 −4 Original line number Diff line number Diff line Loading @@ -514,12 +514,20 @@ argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP. .B CURLOPT_SSL_VERIFYPEER Pass a long that is set to a non-zero value to make curl verify the peer's certificate. The certificate to verify against must be specified with the CURLOPT_CAINFO option. (Added in 7.4.2) CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified with the CURLOPT_CAPATH option (Added in 7.9.8). .TP .B CURLOPT_CAINFO Pass a char * to a zero terminated file naming holding the certificate to verify the peer with. This only makes sense when used in combination with the CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2) Pass a char * to a zero terminated string naming a file holding one or more certificates to verify the peer with. This only makes sense when used in combination with the CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2) .TP .B CURLOPT_CAPATH Pass a char * to a zero terminated string naming a directory holding multiple CA certificates to verify the peer with. The certificate directory must be prepared using the openssl c_rehash utility. This only makes sense when used in combination with the CURLOPT_SSL_VERIFYPEER option. The CAPATH function apparently does not work in Windows due to some limitation in openssl. (Added in 7.9.8) .TP .B CURLOPT_PASSWDFUNCTION Pass a pointer to a \fIcurl_passwd_callback\fP function that will be called Loading include/curl/curl.h +6 −2 Original line number Diff line number Diff line Loading @@ -545,6 +545,10 @@ typedef enum { /* mark this as start of a cookie session */ CINIT(COOKIESESSION, LONG, 96), /* The CApath directory used to validate the peer certificate this option is used only if SSL_VERIFYPEER is true */ CINIT(CAPATH, OBJECTPOINT, 97), CURLOPT_LASTENTRY /* the last unusued */ } CURLoption; Loading Loading @@ -728,8 +732,8 @@ CURLcode curl_global_init(long flags); void curl_global_cleanup(void); /* This is the version number */ #define LIBCURL_VERSION "7.9.7" #define LIBCURL_VERSION_NUM 0x070907 #define LIBCURL_VERSION "7.9.8-pre1" #define LIBCURL_VERSION_NUM 0x070908 /* linked-list structure for the CURLOPT_QUOTE option (and other) */ struct curl_slist { Loading lib/url.c +7 −1 Original line number Diff line number Diff line Loading @@ -981,7 +981,13 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...) * Set CA info for SSL connection. Specify file name of the CA certificate */ data->set.ssl.CAfile = va_arg(param, char *); data->set.ssl.CApath = NULL; /*This does not work on windows.*/ break; case CURLOPT_CAPATH: /* * Set CA path info for SSL connection. Specify directory name of the CA certificates * which have been prepared using openssl c_rehash utility. */ data->set.ssl.CApath = va_arg(param, char *); /*This does not work on windows.*/ break; case CURLOPT_TELNETOPTIONS: /* Loading src/main.c +12 −2 Original line number Diff line number Diff line Loading @@ -345,6 +345,7 @@ static void help(void) " --pass <pass> Specifies your passphrase for the private key (HTTPS)"); puts(" --engine <eng> Specifies the crypto engine to use (HTTPS)\n" " --cacert <file> CA certifciate to verify peer against (SSL)\n" " --capath <directory> CA directory (made using c_rehash) to verify peer against (SSL, NOT Windows)\n" " --ciphers <list> What SSL ciphers to use (SSL)\n" " --connect-timeout <seconds> Maximum time allowed for connection\n" " -f/--fail Fail silently (no output at all) on errors (H)\n" Loading Loading @@ -454,6 +455,7 @@ struct Configurable { char *cert; char *cert_type; char *cacert; char *capath; char *key; char *key_type; char *key_passwd; Loading Loading @@ -999,6 +1001,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ {"Ed","key-type", TRUE}, {"Ee","pass", TRUE}, {"Ef","engine", TRUE}, {"Eg","capath ", TRUE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"g", "globoff", FALSE}, Loading Loading @@ -1335,6 +1338,10 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ case 'f': /* crypto engine */ GetStr(&config->engine, nextarg); break; case 'g': /* CA info PEM file */ /* CA cert directory */ GetStr(&config->capath, nextarg); break; default: /* certificate file */ { char *ptr = strchr(nextarg, ':'); Loading Loading @@ -2082,6 +2089,8 @@ void free_config_fields(struct Configurable *config) curl_formfree(config->httppost); if(config->cacert) free(config->cacert); if(config->capath) free(config->capath); if(config->cookiejar) free(config->cookiejar); Loading Loading @@ -2558,8 +2567,9 @@ operate(struct Configurable *config, int argc, char *argv[]) curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, config->key_type); curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd); if(config->cacert) { curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert); if(config->cacert || config->capath) { if (config->cacert) curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert); if (config->capath) curl_easy_setopt(curl, CURLOPT_CAPATH, config->capath); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); } Loading Loading
docs/curl.1 +11 −1 Original line number Diff line number Diff line Loading @@ -211,7 +211,17 @@ certificate concatenated! If this option is used several times, the last one will be used. .IP "--cacert <CA certificate>" (HTTPS) Tells curl to use the specified certificate file to verify the peer. The certificate must be in PEM format. peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. If this option is used several times, the last one will be used. .IP "--capath <CA certificate directory>" (HTTPS) Tells curl to use the specified certificate directory to verify the peer. The certificates must be in PEM format, and the directory must have been processed using the c_rehash utility supplied with openssl. Certificate directories are not supported under Windows (because c_rehash uses symbolink links to create them). Using --capath can allow curl to make https connections much more efficiently than using --cacert if the --cacert file contains many CA certificates. If this option is used several times, the last one will be used. .IP "-f/--fail" Loading
docs/libcurl/curl_easy_setopt.3 +12 −4 Original line number Diff line number Diff line Loading @@ -514,12 +514,20 @@ argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP. .B CURLOPT_SSL_VERIFYPEER Pass a long that is set to a non-zero value to make curl verify the peer's certificate. The certificate to verify against must be specified with the CURLOPT_CAINFO option. (Added in 7.4.2) CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified with the CURLOPT_CAPATH option (Added in 7.9.8). .TP .B CURLOPT_CAINFO Pass a char * to a zero terminated file naming holding the certificate to verify the peer with. This only makes sense when used in combination with the CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2) Pass a char * to a zero terminated string naming a file holding one or more certificates to verify the peer with. This only makes sense when used in combination with the CURLOPT_SSL_VERIFYPEER option. (Added in 7.4.2) .TP .B CURLOPT_CAPATH Pass a char * to a zero terminated string naming a directory holding multiple CA certificates to verify the peer with. The certificate directory must be prepared using the openssl c_rehash utility. This only makes sense when used in combination with the CURLOPT_SSL_VERIFYPEER option. The CAPATH function apparently does not work in Windows due to some limitation in openssl. (Added in 7.9.8) .TP .B CURLOPT_PASSWDFUNCTION Pass a pointer to a \fIcurl_passwd_callback\fP function that will be called Loading
include/curl/curl.h +6 −2 Original line number Diff line number Diff line Loading @@ -545,6 +545,10 @@ typedef enum { /* mark this as start of a cookie session */ CINIT(COOKIESESSION, LONG, 96), /* The CApath directory used to validate the peer certificate this option is used only if SSL_VERIFYPEER is true */ CINIT(CAPATH, OBJECTPOINT, 97), CURLOPT_LASTENTRY /* the last unusued */ } CURLoption; Loading Loading @@ -728,8 +732,8 @@ CURLcode curl_global_init(long flags); void curl_global_cleanup(void); /* This is the version number */ #define LIBCURL_VERSION "7.9.7" #define LIBCURL_VERSION_NUM 0x070907 #define LIBCURL_VERSION "7.9.8-pre1" #define LIBCURL_VERSION_NUM 0x070908 /* linked-list structure for the CURLOPT_QUOTE option (and other) */ struct curl_slist { Loading
lib/url.c +7 −1 Original line number Diff line number Diff line Loading @@ -981,7 +981,13 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, ...) * Set CA info for SSL connection. Specify file name of the CA certificate */ data->set.ssl.CAfile = va_arg(param, char *); data->set.ssl.CApath = NULL; /*This does not work on windows.*/ break; case CURLOPT_CAPATH: /* * Set CA path info for SSL connection. Specify directory name of the CA certificates * which have been prepared using openssl c_rehash utility. */ data->set.ssl.CApath = va_arg(param, char *); /*This does not work on windows.*/ break; case CURLOPT_TELNETOPTIONS: /* Loading
src/main.c +12 −2 Original line number Diff line number Diff line Loading @@ -345,6 +345,7 @@ static void help(void) " --pass <pass> Specifies your passphrase for the private key (HTTPS)"); puts(" --engine <eng> Specifies the crypto engine to use (HTTPS)\n" " --cacert <file> CA certifciate to verify peer against (SSL)\n" " --capath <directory> CA directory (made using c_rehash) to verify peer against (SSL, NOT Windows)\n" " --ciphers <list> What SSL ciphers to use (SSL)\n" " --connect-timeout <seconds> Maximum time allowed for connection\n" " -f/--fail Fail silently (no output at all) on errors (H)\n" Loading Loading @@ -454,6 +455,7 @@ struct Configurable { char *cert; char *cert_type; char *cacert; char *capath; char *key; char *key_type; char *key_passwd; Loading Loading @@ -999,6 +1001,7 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ {"Ed","key-type", TRUE}, {"Ee","pass", TRUE}, {"Ef","engine", TRUE}, {"Eg","capath ", TRUE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"g", "globoff", FALSE}, Loading Loading @@ -1335,6 +1338,10 @@ static ParameterError getparameter(char *flag, /* f or -long-flag */ case 'f': /* crypto engine */ GetStr(&config->engine, nextarg); break; case 'g': /* CA info PEM file */ /* CA cert directory */ GetStr(&config->capath, nextarg); break; default: /* certificate file */ { char *ptr = strchr(nextarg, ':'); Loading Loading @@ -2082,6 +2089,8 @@ void free_config_fields(struct Configurable *config) curl_formfree(config->httppost); if(config->cacert) free(config->cacert); if(config->capath) free(config->capath); if(config->cookiejar) free(config->cookiejar); Loading Loading @@ -2558,8 +2567,9 @@ operate(struct Configurable *config, int argc, char *argv[]) curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, config->key_type); curl_easy_setopt(curl, CURLOPT_SSLKEYPASSWD, config->key_passwd); if(config->cacert) { curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert); if(config->cacert || config->capath) { if (config->cacert) curl_easy_setopt(curl, CURLOPT_CAINFO, config->cacert); if (config->capath) curl_easy_setopt(curl, CURLOPT_CAPATH, config->capath); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, TRUE); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); } Loading