Mercurial > hgrepos > Python2 > PyMuPDF

comparison mupdf-source/thirdparty/curl/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 @ 2:b50eed0cc0ef upstream

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ADD: MuPDF v1.26.7: the MuPDF source as downloaded by a default build of PyMuPDF 1.26.4. The directory name has changed: no version number in the expanded directory now.
author Franz Glasner <fzglas.hg@dom66.de>
date Mon, 15 Sep 2025 11:43:07 +0200
parents
children
comparison
equal deleted inserted replaced
1:1d09e1dec1d9 2:b50eed0cc0ef
1 .\" **************************************************************************
2 .\" * _ _ ____ _
3 .\" * Project ___| | | | _ \| |
4 .\" * / __| | | | |_) | |
5 .\" * | (__| |_| | _ <| |___
6 .\" * \___|\___/|_| \_\_____|
7 .\" *
8 .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
9 .\" *
10 .\" * This software is licensed as described in the file COPYING, which
11 .\" * you should have received as part of this distribution. The terms
12 .\" * are also available at https://curl.haxx.se/docs/copyright.html.
13 .\" *
14 .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 .\" * copies of the Software, and permit persons to whom the Software is
16 .\" * furnished to do so, under the terms of the COPYING file.
17 .\" *
18 .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 .\" * KIND, either express or implied.
20 .\" *
21 .\" **************************************************************************
22 .\"
23 .TH CURLOPT_PINNEDPUBLICKEY 3 "27 Aug 2014" "libcurl 7.38.0" "curl_easy_setopt options"
24 .SH NAME
25 CURLOPT_PINNEDPUBLICKEY \- set pinned public key
26 .SH SYNOPSIS
27 #include <curl/curl.h>
28
29 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey);
30 .SH DESCRIPTION
31 Pass a pointer to a zero terminated string as parameter. The string can be the
32 file name of your pinned public key. The file format expected is "PEM" or "DER".
33 The string can also be any number of base64 encoded sha256 hashes preceded by
34 "sha256//" and separated by ";"
35
36 When negotiating a TLS or SSL connection, the server sends a certificate
37 indicating its identity. A public key is extracted from this certificate and
38 if it does not exactly match the public key provided to this option, curl will
39 abort the connection before sending or receiving any data.
40
41 On mismatch, \fICURLE_SSL_PINNEDPUBKEYNOTMATCH\fP is returned.
42
43 The application does not have to keep the string around after setting this
44 option.
45 .SH DEFAULT
46 NULL
47 .SH PROTOCOLS
48 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
49 .SH EXAMPLE
50 .nf
51 CURL *curl = curl_easy_init();
52 if(curl) {
53 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
54 curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der");
55 /* OR
56 curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno=");
57 */
58
59 /* Perform the request */
60 curl_easy_perform(curl);
61 }
62 .fi
63 .SH PUBLIC KEY EXTRACTION
64 If you do not have the server's public key file you can extract it from the
65 server's certificate.
66 .nf
67 # retrieve the server's certificate if you don't already have it
68 #
69 # be sure to examine the certificate to see if it is what you expected
70 #
71 # Windows-specific:
72 # - Use NUL instead of /dev/null.
73 # - OpenSSL may wait for input instead of disconnecting. Hit enter.
74 # - If you don't have sed, then just copy the certificate into a file:
75 # Lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.
76 #
77 openssl s_client -servername www.example.com -connect www.example.com:443 < /dev/null | sed -n "/-----BEGIN/,/-----END/p" > www.example.com.pem
78
79 # extract public key in pem format from certificate
80 openssl x509 -in www.example.com.pem -pubkey -noout > www.example.com.pubkey.pem
81
82 # convert public key from pem to der
83 openssl asn1parse -noout -inform pem -in www.example.com.pubkey.pem -out www.example.com.pubkey.der
84
85 # sha256 hash and base64 encode der to string for use
86 openssl dgst -sha256 -binary www.example.com.pubkey.der | openssl base64
87 .fi
88 The public key in PEM format contains a header, base64 data and a
89 footer:
90 .nf
91 -----BEGIN PUBLIC KEY-----
92 [BASE 64 DATA]
93 -----END PUBLIC KEY-----
94 .fi
95 .SH AVAILABILITY
96 PEM/DER support:
97
98 7.39.0: OpenSSL, GnuTLS
99
100 7.39.0-7.48.0,7.58.1+: GSKit
101
102 7.43.0: NSS and wolfSSL
103
104 7.47.0: mbedtls
105
106 7.54.1: SecureTransport on macOS 10.7+/iOS 10+
107
108 7.58.1: SChannel
109
110 sha256 support:
111
112 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL
113
114 7.47.0: mbedtls
115
116 7.54.1: SecureTransport on macOS 10.7+/iOS 10+
117
118 7.58.1: SChannel Windows XP SP3+
119
120 Other SSL backends not supported.
121 .SH RETURN VALUE
122 Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or
123 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
124 .SH "SEE ALSO"
125 .BR CURLOPT_SSL_VERIFYPEER "(3), "
126 .BR CURLOPT_SSL_VERIFYHOST "(3), "
127 .BR CURLOPT_CAINFO "(3), "
128 .BR CURLOPT_CAPATH "(3), "