Loading docs/libcurl/curl_easy_setopt.3 +22 −19 Original line number Original line Diff line number Diff line Loading @@ -1888,12 +1888,14 @@ CA certificates and you can specify alternate certificates with the When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification fails to When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification fails to prove that the certificate is authentic, the connection fails. When the prove that the certificate is authentic, the connection fails. When the option is zero, the connection succeeds regardless. option is zero, the peer certificate verification succeeds regardless. Authenticating the certificate is not by itself very useful. You typically Authenticating the certificate is not by itself very useful. You typically want to ensure that the server, as authentically identified by its want to ensure that the server, as authentically identified by its certificate, is the server you mean to be talking to. Use certificate, is the server you mean to be talking to. Use \fICURLOPT_SSL_VERIFYHOST\fP to control that. \fICURLOPT_SSL_VERIFYHOST\fP to control that. The check that the host name in the certificate is valid for the host name you're connecting to is done independently of the \fICURLOPT_SSL_VERIFYPEER\fP option. .IP CURLOPT_CAINFO .IP CURLOPT_CAINFO Pass a char * to a zero terminated string naming a file holding one or more Pass a char * to a zero terminated string naming a file holding one or more certificates to verify the peer with. This makes sense only when used in certificates to verify the peer with. This makes sense only when used in Loading Loading @@ -1951,20 +1953,6 @@ A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the option. It is returned when the SSL exchange fails because the CRL file cannot be loaded. is returned when the SSL exchange fails because the CRL file cannot be loaded. A failure in certificate verification due to a revocation information found in A failure in certificate verification due to a revocation information found in the CRL does not trigger this specific error. (Added in 7.19.0) the CRL does not trigger this specific error. (Added in 7.19.0) .IP CURLOPT_CERTINFO Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With this enabled, libcurl (if built with OpenSSL) will extract lots of information and data about the certificates in the certificate chain used in the SSL connection. This data is then possible to extract after a transfer using \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in 7.19.1) .IP CURLOPT_RANDOM_FILE Pass a char * to a zero terminated file name. The file will be used to read from to seed the random engine for SSL. The more random the specified file is, the more secure the SSL connection will become. .IP CURLOPT_EGDSOCKET Pass a char * to the zero terminated path name to the Entropy Gathering Daemon socket. It will be used to seed the random engine for SSL. .IP CURLOPT_SSL_VERIFYHOST .IP CURLOPT_SSL_VERIFYHOST Pass a long as parameter. Pass a long as parameter. Loading @@ -1988,10 +1976,25 @@ doesn't matter what name it says. (This is not ordinarily a useful setting). When the value is 0, the connection succeeds regardless of the names in the When the value is 0, the connection succeeds regardless of the names in the certificate. certificate. The default, since 7.10, is 2. The default value for this option is 2. This option controls checking the server's claimed identity. The server could This option controls checking the server's certificate's claimed identity. be lying. To control lying, see \fICURLOPT_SSL_VERIFYPEER\fP. The server could be lying. To control lying, see \fICURLOPT_SSL_VERIFYPEER\fP. .IP CURLOPT_CERTINFO Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With this enabled, libcurl (if built with OpenSSL) will extract lots of information and data about the certificates in the certificate chain used in the SSL connection. This data is then possible to extract after a transfer using \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in 7.19.1) .IP CURLOPT_RANDOM_FILE Pass a char * to a zero terminated file name. The file will be used to read from to seed the random engine for SSL. The more random the specified file is, the more secure the SSL connection will become. .IP CURLOPT_EGDSOCKET Pass a char * to the zero terminated path name to the Entropy Gathering Daemon socket. It will be used to seed the random engine for SSL. .IP CURLOPT_SSL_CIPHER_LIST .IP CURLOPT_SSL_CIPHER_LIST Pass a char *, pointing to a zero terminated string holding the list of Pass a char *, pointing to a zero terminated string holding the list of ciphers to use for the SSL connection. The list must be syntactically correct, ciphers to use for the SSL connection. The list must be syntactically correct, Loading Loading
docs/libcurl/curl_easy_setopt.3 +22 −19 Original line number Original line Diff line number Diff line Loading @@ -1888,12 +1888,14 @@ CA certificates and you can specify alternate certificates with the When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification fails to When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification fails to prove that the certificate is authentic, the connection fails. When the prove that the certificate is authentic, the connection fails. When the option is zero, the connection succeeds regardless. option is zero, the peer certificate verification succeeds regardless. Authenticating the certificate is not by itself very useful. You typically Authenticating the certificate is not by itself very useful. You typically want to ensure that the server, as authentically identified by its want to ensure that the server, as authentically identified by its certificate, is the server you mean to be talking to. Use certificate, is the server you mean to be talking to. Use \fICURLOPT_SSL_VERIFYHOST\fP to control that. \fICURLOPT_SSL_VERIFYHOST\fP to control that. The check that the host name in the certificate is valid for the host name you're connecting to is done independently of the \fICURLOPT_SSL_VERIFYPEER\fP option. .IP CURLOPT_CAINFO .IP CURLOPT_CAINFO Pass a char * to a zero terminated string naming a file holding one or more Pass a char * to a zero terminated string naming a file holding one or more certificates to verify the peer with. This makes sense only when used in certificates to verify the peer with. This makes sense only when used in Loading Loading @@ -1951,20 +1953,6 @@ A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the option. It is returned when the SSL exchange fails because the CRL file cannot be loaded. is returned when the SSL exchange fails because the CRL file cannot be loaded. A failure in certificate verification due to a revocation information found in A failure in certificate verification due to a revocation information found in the CRL does not trigger this specific error. (Added in 7.19.0) the CRL does not trigger this specific error. (Added in 7.19.0) .IP CURLOPT_CERTINFO Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With this enabled, libcurl (if built with OpenSSL) will extract lots of information and data about the certificates in the certificate chain used in the SSL connection. This data is then possible to extract after a transfer using \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in 7.19.1) .IP CURLOPT_RANDOM_FILE Pass a char * to a zero terminated file name. The file will be used to read from to seed the random engine for SSL. The more random the specified file is, the more secure the SSL connection will become. .IP CURLOPT_EGDSOCKET Pass a char * to the zero terminated path name to the Entropy Gathering Daemon socket. It will be used to seed the random engine for SSL. .IP CURLOPT_SSL_VERIFYHOST .IP CURLOPT_SSL_VERIFYHOST Pass a long as parameter. Pass a long as parameter. Loading @@ -1988,10 +1976,25 @@ doesn't matter what name it says. (This is not ordinarily a useful setting). When the value is 0, the connection succeeds regardless of the names in the When the value is 0, the connection succeeds regardless of the names in the certificate. certificate. The default, since 7.10, is 2. The default value for this option is 2. This option controls checking the server's claimed identity. The server could This option controls checking the server's certificate's claimed identity. be lying. To control lying, see \fICURLOPT_SSL_VERIFYPEER\fP. The server could be lying. To control lying, see \fICURLOPT_SSL_VERIFYPEER\fP. .IP CURLOPT_CERTINFO Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With this enabled, libcurl (if built with OpenSSL) will extract lots of information and data about the certificates in the certificate chain used in the SSL connection. This data is then possible to extract after a transfer using \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in 7.19.1) .IP CURLOPT_RANDOM_FILE Pass a char * to a zero terminated file name. The file will be used to read from to seed the random engine for SSL. The more random the specified file is, the more secure the SSL connection will become. .IP CURLOPT_EGDSOCKET Pass a char * to the zero terminated path name to the Entropy Gathering Daemon socket. It will be used to seed the random engine for SSL. .IP CURLOPT_SSL_CIPHER_LIST .IP CURLOPT_SSL_CIPHER_LIST Pass a char *, pointing to a zero terminated string holding the list of Pass a char *, pointing to a zero terminated string holding the list of ciphers to use for the SSL connection. The list must be syntactically correct, ciphers to use for the SSL connection. The list must be syntactically correct, Loading
