summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2017-03-16 23:00:24 +0100
committerDaniel Stenberg <daniel@haxx.se>2017-03-16 23:00:24 +0100
commitc5357b7b992ac6bda05a605815f43a13c78eca17 (patch)
treedc60d8a5a4ca1edb06c073099611da2d4175df99
parent280e8c6e371ebd0f2e0a907e016ab44d6c9549af (diff)
downloadcurl-c5357b7b992ac6bda05a605815f43a13c78eca17.tar.gz
SSLCERTS.md: mention HTTPS proxies and their separate options
-rw-r--r--docs/SSLCERTS.md10
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md
index 7755609c4..3fcd345b0 100644
--- a/docs/SSLCERTS.md
+++ b/docs/SSLCERTS.md
@@ -161,3 +161,13 @@ disabled. Secure Transport on iOS will run OCSP checks on certificates unless
peer verification is disabled. Secure Transport on OS X will run either OCSP
or CRL checks on certificates if those features are enabled, and this behavior
can be adjusted in the preferences of Keychain Access.
+
+HTTPS proxy
+-----------
+
+Since version 7.52.0, curl can do HTTPS to the proxy separately from the
+connection to the server. This TLS connection is handled separately from the
+server connection so instead of `--insecure` and `--cacert` to control the
+certificate verification, you use `--proxy-insecure` and `--proxy-cacert`.
+With these options, you make sure that the TLS connection and the trust of the
+proxy can be kept totally separate from the TLS connection to the server.