diff options
Diffstat (limited to 'docs/libcurl/opts/CURLOPT_CRLFILE.3')
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_CRLFILE.3 | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/docs/libcurl/opts/CURLOPT_CRLFILE.3 b/docs/libcurl/opts/CURLOPT_CRLFILE.3 index de9d4373a..b8995d2d8 100644 --- a/docs/libcurl/opts/CURLOPT_CRLFILE.3 +++ b/docs/libcurl/opts/CURLOPT_CRLFILE.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -20,7 +20,7 @@ .\" * .\" ************************************************************************** .\" -.TH CURLOPT_CRLFILE 3 "May 31, 2017" "libcurl 7.67.0" "curl_easy_setopt options" +.TH CURLOPT_CRLFILE 3 "June 25, 2020" "libcurl 7.73.0" "curl_easy_setopt options" .SH NAME CURLOPT_CRLFILE \- specify a Certificate Revocation List file @@ -29,15 +29,18 @@ CURLOPT_CRLFILE \- specify a Certificate Revocation List file CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file); .SH DESCRIPTION -Pass a char * to a zero terminated string naming a \fIfile\fP with the +Pass a char * to a null-terminated string naming a \fIfile\fP with the concatenation of CRL (in PEM format) to use in the certificate validation that occurs during the SSL exchange. When curl is built to use NSS or GnuTLS, there is no way to influence the use -of CRL passed to help in the verification process. When libcurl is built with -OpenSSL support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both -set, requiring CRL check against all the elements of the certificate chain if -a CRL file is passed. +of CRL passed to help in the verification process. + +When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and +X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the +elements of the certificate chain if a CRL file is passed. Also note that +\fICURLOPT_CRLFILE(3)\fP will imply \fBCURLSSLOPT_NO_PARTIALCHAIN\fP (see +\fICURLOPT_SSL_OPTIONS(3)\fP) since curl 7.71.0 due to an OpenSSL bug. This option makes sense only when used in combination with the \fICURLOPT_SSL_VERIFYPEER(3)\fP option. |