moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

SSLCERTS.md: mention HTTPS proxies and their separate options

This commit is contained in:
Daniel Stenberg 2017-03-16 23:00:24 +01:00
parent 280e8c6e37
commit c5357b7b99
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/SSLCERTS.md
View File

@ -161,3 +161,13 @@ disabled. Secure Transport on iOS will run OCSP checks on certificates unless
peer verification is disabled. Secure Transport on OS X will run either OCSP peer verification is disabled. Secure Transport on OS X will run either OCSP
or CRL checks on certificates if those features are enabled, and this behavior or CRL checks on certificates if those features are enabled, and this behavior
can be adjusted in the preferences of Keychain Access. can be adjusted in the preferences of Keychain Access.
HTTPS proxy
-----------
Since version 7.52.0, curl can do HTTPS to the proxy separately from the
connection to the server. This TLS connection is handled separately from the
server connection so instead of `--insecure` and `--cacert` to control the
certificate verification, you use `--proxy-insecure` and `--proxy-cacert`.
With these options, you make sure that the TLS connection and the trust of the
proxy can be kept totally separate from the TLS connection to the server.