1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 09:08:49 -05:00

CURLOPT_CAINFO.3: polished wording

Clarify the functionality when built to use Schannel and Secure
Transport and stop calling it the "recommended" or "preferred" way and
instead rather call it the default.

Removed the reference to the ssl comparison table as it isn't necessary.

Reported-by: Richard Alcock
Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
Closes #4005
This commit is contained in:
Daniel Stenberg 2019-06-10 09:10:14 +02:00
parent b9a6130dc5
commit 027c065f3c
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -46,22 +46,20 @@ libnssckbi.so, which contains a more comprehensive set of trust information
than supported by nss-pem, because libnssckbi.so also includes information than supported by nss-pem, because libnssckbi.so also includes information
about distrusted certificates. about distrusted certificates.
(iOS and macOS) If curl is built against Secure Transport, then this (iOS and macOS) When curl uses Secure Transport this option is supported. If
option is supported for backward compatibility with other SSL engines, but it the option is not set, then curl will use the certificates in the system and
should not be set. If the option is not set, then curl will use the user Keychain to verify the peer.
certificates in the system and user Keychain to verify the peer, which is the
preferred method of verifying the peer's certificate chain.
(Schannel) This option is supported for Schannel in Windows 7 or later but we (Schannel) This option is supported for Schannel in Windows 7 or later but we
recommend not using it until Windows 8 since it works better starting then. recommend not using it until Windows 8 since it works better starting then.
Added in libcurl 7.60. This option is supported for backward compatibility If the option is not set, then curl will use the certificates in the Windows'
with other SSL engines; instead it is recommended to use Windows' store of store of root certificates (the default for Schannel).
root certificates (the default for Schannel).
The application does not have to keep the string around after setting this The application does not have to keep the string around after setting this
option. option.
.SH DEFAULT .SH DEFAULT
Built-in system specific Built-in system specific. When curl is built with Secure Transport or
Schannel, this option is not set by default.
.SH PROTOCOLS .SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
.SH EXAMPLE .SH EXAMPLE
@ -75,8 +73,8 @@ if(curl) {
} }
.fi .fi
.SH AVAILABILITY .SH AVAILABILITY
For SSL engines that don't support certificate files the CURLOPT_CAINFO option For the SSL engines that don't support certificate files the CURLOPT_CAINFO
is ignored. Refer to https://curl.haxx.se/docs/ssl-compared.html option is ignored. Schannel support added in libcurl 7.60.
.SH RETURN VALUE .SH RETURN VALUE
Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
CURLE_OUT_OF_MEMORY if there was insufficient heap space. CURLE_OUT_OF_MEMORY if there was insufficient heap space.