lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | Long: pinnedpubkey |
| 2 | Arg: <hashes> |
| 3 | Help: FILE/HASHES Public key to verify peer against |
| 4 | Protocols: TLS |
| 5 | --- |
| 6 | Tells curl to use the specified public key file (or hashes) to verify the |
| 7 | peer. This can be a path to a file which contains a single public key in PEM |
| 8 | or DER format, or any number of base64 encoded sha256 hashes preceded by |
| 9 | \'sha256//\' and separated by \';\' |
| 10 | |
| 11 | When negotiating a TLS or SSL connection, the server sends a certificate |
| 12 | indicating its identity. A public key is extracted from this certificate and |
| 13 | if it does not exactly match the public key provided to this option, curl will |
| 14 | abort the connection before sending or receiving any data. |
| 15 | |
| 16 | PEM/DER support: |
| 17 | 7.39.0: OpenSSL, GnuTLS and GSKit |
| 18 | 7.43.0: NSS and wolfSSL/CyaSSL |
| 19 | 7.47.0: mbedtls |
| 20 | 7.49.0: PolarSSL |
| 21 | sha256 support: |
| 22 | 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. |
| 23 | 7.47.0: mbedtls |
| 24 | 7.49.0: PolarSSL |
| 25 | Other SSL backends not supported. |
| 26 | |
| 27 | If this option is used several times, the last one will be used. |