generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: fix a bug in handling of CURLOPT_CAPATH

Browse Source 
... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.

Bug: https://bugzilla.redhat.com/669702
This commit is contained in:
Kamil Dudka
2011-01-18 13:53:43 +01:00
parent ef46fcdd90
commit fc77790bcd
4 changed files with 67 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/curl.1
View File

@@ -394,11 +394,11 @@ may be loaded.
If this option is used several times, the last one will be used.
.IP "--capath <CA certificate directory>"
(SSL) Tells curl to use the specified certificate directory to verify the
peer. The certificates must be in PEM format, and the directory must have been
processed using the c_rehash utility supplied with openssl. Using
\fI--capath\fP can allow curl to make SSL-connections much more efficiently
than using \fI--cacert\fP if the \fI--cacert\fP file contains many CA
certificates.
peer. The certificates must be in PEM format, and if curl is built against
OpenSSL, the directory must have been processed using the c_rehash utility
supplied with OpenSSL. Using \fI--capath\fP can allow OpenSSL-powered curl to
make SSL-connections much more efficiently than using \fI--cacert\fP if the
\fI--cacert\fP file contains many CA certificates.
If this option is used several times, the last one will be used.
.IP "-f/--fail"

16
docs/libcurl/curl_easy_setopt.3
View File

@@ -1924,13 +1924,15 @@ mismatch with the issuer of peer certificate (\fICURLOPT_SSL_VERIFYPEER\fP has
to be set too for the check to fail). (Added in 7.19.0)
.IP CURLOPT_CAPATH
Pass a char * to a zero terminated string naming a directory holding multiple
CA certificates to verify the peer with. The certificate directory must be
prepared using the openssl c_rehash utility. This makes sense only when used
in combination with the \fICURLOPT_SSL_VERIFYPEER\fP option. If
\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_CAPATH\fP need not even
indicate an accessible path. The \fICURLOPT_CAPATH\fP function apparently
does not work in Windows due to some limitation in openssl. This option is
OpenSSL-specific and does nothing if libcurl is built to use GnuTLS.
CA certificates to verify the peer with. If libcurl is built against OpenSSL,
the certificate directory must be prepared using the openssl c_rehash utility.
This makes sense only when used in combination with the
\fICURLOPT_SSL_VERIFYPEER\fP option. If \fICURLOPT_SSL_VERIFYPEER\fP is zero,
\fICURLOPT_CAPATH\fP need not even indicate an accessible path. The
\fICURLOPT_CAPATH\fP function apparently does not work in Windows due to some
limitation in openssl. This option is OpenSSL-specific and does nothing if
libcurl is built to use GnuTLS. NSS-powered libcurl provides the option only
for backward compatibility.
.IP CURLOPT_CRLFILE
Pass a char * to a zero terminated string naming a file with the concatenation
of CRL (in PEM format) to use in the certificate validation that occurs during