From e171968ba3ae44cae618c75b24cf7fd19a124be2 Mon Sep 17 00:00:00 2001
From: Nick Zitzmann <nickzman@gmail.com>
Date: Sun, 28 Aug 2016 16:46:59 -0500
Subject: [PATCH] darwinssl: add documentation stating that the --cainfo option
 is intended for backward compatibility only

In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
---
 docs/curl.1                        | 8 +++++++-
 docs/libcurl/opts/CURLOPT_CAINFO.3 | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/docs/curl.1 b/docs/curl.1
index c573ff952..f0ce3a791 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -520,7 +520,7 @@ nickname contains ":", it needs to be preceded by "\\" so that it is not
 recognized as password delimiter.  If the nickname contains "\\", it needs to
 be escaped as "\\\\" so that it is not recognized as an escape character.
 
-(iOS and Mac OS X only) If curl is built against Secure Transport, then the
+(iOS and macOS only) If curl is built against Secure Transport, then the
 certificate string can either be the name of a certificate/private key in the
 system or user keychain, or the path to a PKCS#12-encoded certificate and
 private key. If you want to use a file from the current directory, please
@@ -569,6 +569,12 @@ Current Working Directory, or in any folder along your PATH.
 If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
 (libnsspem.so) needs to be available for this option to work properly.
 
+(iOS and macOS only) If curl is built against Secure Transport, then this
+option is supported for backward compatibility with other SSL engines, but it
+should not be set. If the option is not set, then curl will use the
+certificates in the system and user Keychain to verify the peer, which is the
+preferred method of verifying the peer's certificate chain.
+
 If this option is used several times, the last one will be used.
 .IP "--capath <CA certificate directory>"
 (SSL) Tells curl to use the specified certificate directory to verify the
diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.3 b/docs/libcurl/opts/CURLOPT_CAINFO.3
index a05f5c0cf..7db50a8fa 100644
--- a/docs/libcurl/opts/CURLOPT_CAINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CAINFO.3
@@ -40,6 +40,12 @@ is assumed to be stored, as established at build time.
 
 If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
 (libnsspem.so) needs to be available for this option to work properly.
+
+(iOS and macOS only) If curl is built against Secure Transport, then this
+option is supported for backward compatibility with other SSL engines, but it
+should not be set. If the option is not set, then curl will use the
+certificates in the system and user Keychain to verify the peer, which is the
+preferred method of verifying the peer's certificate chain.
 .SH DEFAULT
 Built-in system specific
 .SH PROTOCOLS