Mercurial > hgrepos > Python2 > PyMuPDF
comparison mupdf-source/thirdparty/curl/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3 @ 2:b50eed0cc0ef upstream
ADD: MuPDF v1.26.7: the MuPDF source as downloaded by a default build of PyMuPDF 1.26.4.
The directory name has changed: no version number in the expanded directory now.
| author | Franz Glasner <fzglas.hg@dom66.de> |
|---|---|
| date | Mon, 15 Sep 2025 11:43:07 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 1:1d09e1dec1d9 | 2:b50eed0cc0ef |
|---|---|
| 1 .\" ************************************************************************** | |
| 2 .\" * _ _ ____ _ | |
| 3 .\" * Project ___| | | | _ \| | | |
| 4 .\" * / __| | | | |_) | | | |
| 5 .\" * | (__| |_| | _ <| |___ | |
| 6 .\" * \___|\___/|_| \_\_____| | |
| 7 .\" * | |
| 8 .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. | |
| 9 .\" * | |
| 10 .\" * This software is licensed as described in the file COPYING, which | |
| 11 .\" * you should have received as part of this distribution. The terms | |
| 12 .\" * are also available at https://curl.haxx.se/docs/copyright.html. | |
| 13 .\" * | |
| 14 .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell | |
| 15 .\" * copies of the Software, and permit persons to whom the Software is | |
| 16 .\" * furnished to do so, under the terms of the COPYING file. | |
| 17 .\" * | |
| 18 .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | |
| 19 .\" * KIND, either express or implied. | |
| 20 .\" * | |
| 21 .\" ************************************************************************** | |
| 22 .\" | |
| 23 .TH CURLOPT_PROXY_PINNEDPUBLICKEY 3 "24 Nov 2016" "libcurl 7.52.0" "curl_easy_setopt options" | |
| 24 .SH NAME | |
| 25 CURLOPT_PROXY_PINNEDPUBLICKEY \- set pinned public key for https proxy | |
| 26 .SH SYNOPSIS | |
| 27 #include <curl/curl.h> | |
| 28 | |
| 29 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_PINNEDPUBLICKEY, char *pinnedpubkey); | |
| 30 .SH DESCRIPTION | |
| 31 Pass a pointer to a zero terminated string as parameter. The string can be the | |
| 32 file name of your pinned public key. The file format expected is "PEM" or "DER". | |
| 33 The string can also be any number of base64 encoded sha256 hashes preceded by | |
| 34 "sha256//" and separated by ";" | |
| 35 | |
| 36 When negotiating a TLS or SSL connection, the https proxy sends a certificate | |
| 37 indicating its identity. A public key is extracted from this certificate and | |
| 38 if it does not exactly match the public key provided to this option, curl will | |
| 39 abort the connection before sending or receiving any data. | |
| 40 | |
| 41 On mismatch, \fICURLE_SSL_PINNEDPUBKEYNOTMATCH\fP is returned. | |
| 42 | |
| 43 The application does not have to keep the string around after setting this | |
| 44 option. | |
| 45 .SH DEFAULT | |
| 46 NULL | |
| 47 .SH PROTOCOLS | |
| 48 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. | |
| 49 .SH EXAMPLE | |
| 50 .nf | |
| 51 CURL *curl = curl_easy_init(); | |
| 52 if(curl) { | |
| 53 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); | |
| 54 curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy:443"); | |
| 55 curl_easy_setopt(curl, CURLOPT_PROXY_PINNEDPUBLICKEY, | |
| 56 "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno="); | |
| 57 | |
| 58 /* Perform the request */ | |
| 59 curl_easy_perform(curl); | |
| 60 } | |
| 61 .fi | |
| 62 .SH PUBLIC KEY EXTRACTION | |
| 63 If you do not have the https proxy server's public key file you can extract it | |
| 64 from the https proxy server's certificate. | |
| 65 .nf | |
| 66 # retrieve the server's certificate if you don't already have it | |
| 67 # | |
| 68 # be sure to examine the certificate to see if it is what you expected | |
| 69 # | |
| 70 # Windows-specific: | |
| 71 # - Use NUL instead of /dev/null. | |
| 72 # - OpenSSL may wait for input instead of disconnecting. Hit enter. | |
| 73 # - If you don't have sed, then just copy the certificate into a file: | |
| 74 # Lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----. | |
| 75 # | |
| 76 openssl s_client -servername www.example.com -connect www.example.com:443 < /dev/null | sed -n "/-----BEGIN/,/-----END/p" > www.example.com.pem | |
| 77 | |
| 78 # extract public key in pem format from certificate | |
| 79 openssl x509 -in www.example.com.pem -pubkey -noout > www.example.com.pubkey.pem | |
| 80 | |
| 81 # convert public key from pem to der | |
| 82 openssl asn1parse -noout -inform pem -in www.example.com.pubkey.pem -out www.example.com.pubkey.der | |
| 83 | |
| 84 # sha256 hash and base64 encode der to string for use | |
| 85 openssl dgst -sha256 -binary www.example.com.pubkey.der | openssl base64 | |
| 86 .fi | |
| 87 The public key in PEM format contains a header, base64 data and a | |
| 88 footer: | |
| 89 .nf | |
| 90 -----BEGIN PUBLIC KEY----- | |
| 91 [BASE 64 DATA] | |
| 92 -----END PUBLIC KEY----- | |
| 93 .fi | |
| 94 .SH AVAILABILITY | |
| 95 PEM/DER support: | |
| 96 | |
| 97 7.52.0: GSKit, GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL | |
| 98 | |
| 99 sha256 support: | |
| 100 | |
| 101 7.52.0: GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL | |
| 102 | |
| 103 Other SSL backends not supported. | |
| 104 .SH RETURN VALUE | |
| 105 Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or | |
| 106 CURLE_OUT_OF_MEMORY if there was insufficient heap space. | |
| 107 .SH "SEE ALSO" | |
| 108 .BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), " | |
| 109 .BR CURLOPT_PROXY_SSL_VERIFYHOST "(3), " | |
| 110 .BR CURLOPT_PROXY_CAINFO "(3), " | |
| 111 .BR CURLOPT_PROXY_CAPATH "(3), " |