curl: add --proxy-pinnedpubkey

To verify a proxy's public key. For when using HTTPS proxies. Fixes #2192 Closes #2268
author: Daniel Stenberg <daniel@haxx.se> 2018-01-28 14:15:56 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2018-01-30 08:00:31 +0100
commit: fecec1d8aefb3cc89925cffb83d4de6bc95540bb (patch)
tree: b493edaeace16e6bddfd97d63614917f767dc223 /docs/cmdline-opts/proxy-pinnedpubkey.d
parent: b7db2842666286bb66111b1da46e707bf5d417b4 (diff)
download: curl-fecec1d8aefb3cc89925cffb83d4de6bc95540bb.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/docs/cmdline-opts/proxy-pinnedpubkey.d b/docs/cmdline-opts/proxy-pinnedpubkey.d
new file mode 100644
index 000000000..abd6dc4aa
--- /dev/null
+++ b/docs/cmdline-opts/proxy-pinnedpubkey.d
@@ -0,0 +1,16 @@
+Long: proxy-pinnedpubkey
+Arg: <hashes>
+Help: FILE/HASHES public key to verify proxy with
+Protocols: TLS
+---
+Tells curl to use the specified public key file (or hashes) to verify the
+proxy. This can be a path to a file which contains a single public key in PEM
+or DER format, or any number of base64 encoded sha256 hashes preceded by
+\'sha256//\' and separated by \';\'
+
+When negotiating a TLS or SSL connection, the server sends a certificate
+indicating its identity. A public key is extracted from this certificate and
+if it does not exactly match the public key provided to this option, curl will
+abort the connection before sending or receiving any data.
+
+If this option is used several times, the last one will be used.
author	Daniel Stenberg <daniel@haxx.se>	2018-01-28 14:15:56 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2018-01-30 08:00:31 +0100
commit	fecec1d8aefb3cc89925cffb83d4de6bc95540bb (patch)
tree	b493edaeace16e6bddfd97d63614917f767dc223 /docs/cmdline-opts/proxy-pinnedpubkey.d
parent	b7db2842666286bb66111b1da46e707bf5d417b4 (diff)
download	curl-fecec1d8aefb3cc89925cffb83d4de6bc95540bb.tar.gz