diff options
author | Daniel Stenberg <daniel@haxx.se> | 2016-10-24 10:24:27 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-10-24 10:24:27 +0200 |
commit | f435308cfa897277acc398f2dc64282c3638622d (patch) | |
tree | 3bde7e60515aa15990563a4f4aa1453c85af6533 /docs/mk-ca-bundle.1 | |
parent | 1ad2bdcf110266c33eea70b895cb8c150eeac790 (diff) | |
download | curl-f435308cfa897277acc398f2dc64282c3638622d.tar.gz |
mk-ca-bundle.1: document -k
Brought in 1ad2bdcf110266c. Now does HTTPS by default and needs -k to
fall back to plain HTTP.
Diffstat (limited to 'docs/mk-ca-bundle.1')
-rw-r--r-- | docs/mk-ca-bundle.1 | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/docs/mk-ca-bundle.1 b/docs/mk-ca-bundle.1 index b1ded4427..c8f5177e1 100644 --- a/docs/mk-ca-bundle.1 +++ b/docs/mk-ca-bundle.1 @@ -20,18 +20,18 @@ .\" * .\" ************************************************************************** .\" -.TH mk-ca-bundle 1 "5 Jan 2013" "version 1.20" "mk-ca-bundle manual" +.TH mk-ca-bundle 1 "24 Oct 2016" "version 1.27" "mk-ca-bundle manual" .SH NAME mk-ca-bundle \- convert mozilla's certdata.txt to PEM format .SH SYNOPSIS -mk-ca-bundle [bilnpqstuv] +mk-ca-bundle [options] .I [outputfile] .SH DESCRIPTION The mk-ca-bundle tool downloads the certdata.txt file from Mozilla's source -tree over HTTP, then parses certdata.txt and extracts certificates -into PEM format. By default, only CA root certificates trusted to issue SSL -server authentication certificates are extracted. These are then processed with -the OpenSSL commandline tool to produce the final ca-bundle file. +tree over HTTPS, then parses certdata.txt and extracts certificates into PEM +format. By default, only CA root certificates trusted to issue SSL server +authentication certificates are extracted. These are then processed with the +OpenSSL commandline tool to produce the final ca-bundle file. The default \fIoutputfile\fP name is \fBca-bundle.crt\fP. By setting it to '-' (a single dash) you will get the output sent to STDOUT instead of a file. @@ -51,6 +51,10 @@ shortcuts for which source tree to get the cert data from. force rebuild even if certdata.txt is current (Added in version 1.17) .IP -i print version info about used modules +.IP -k +Allow insecure data transfer. By default (since 1.27) this command will fail +if the HTTPS transfer fails. This overrides that decision (and opens for +man-in-the-middle attacks). .IP -l print license info about certdata.txt .IP -m |