diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/cmdline-opts/doh-cert-status.d | 4 | ||||
| -rw-r--r-- | docs/cmdline-opts/doh-insecure.d | 4 | ||||
| -rw-r--r-- | docs/cmdline-opts/doh-url.d | 6 | ||||
| -rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 8 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3 | 20 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3 | 12 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3 | 12 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_DOH_URL.3 | 14 | ||||
| -rw-r--r-- | docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 | 4 |
9 files changed, 42 insertions, 42 deletions
diff --git a/docs/cmdline-opts/doh-cert-status.d b/docs/cmdline-opts/doh-cert-status.d index c99c9c132..1442fc8a9 100644 --- a/docs/cmdline-opts/doh-cert-status.d +++ b/docs/cmdline-opts/doh-cert-status.d @@ -1,7 +1,7 @@ Long: doh-cert-status -Help: Verify the status of the DOH server cert via OCSP-staple +Help: Verify the status of the DoH server cert via OCSP-staple Protocols: all Added: 7.76.0 Category: dns tls --- -Same as --cert-status but used for DOH (DNS-over-HTTPS). +Same as --cert-status but used for DoH (DNS-over-HTTPS). diff --git a/docs/cmdline-opts/doh-insecure.d b/docs/cmdline-opts/doh-insecure.d index af254db70..fe399a2f9 100644 --- a/docs/cmdline-opts/doh-insecure.d +++ b/docs/cmdline-opts/doh-insecure.d @@ -1,7 +1,7 @@ Long: doh-insecure -Help: Allow insecure DOH server connections +Help: Allow insecure DoH server connections Protocols: all Added: 7.76.0 Category: dns tls --- -Same as --insecure but used for DOH (DNS-over-HTTPS). +Same as --insecure but used for DoH (DNS-over-HTTPS). diff --git a/docs/cmdline-opts/doh-url.d b/docs/cmdline-opts/doh-url.d index 090799440..612945afa 100644 --- a/docs/cmdline-opts/doh-url.d +++ b/docs/cmdline-opts/doh-url.d @@ -1,14 +1,14 @@ Long: doh-url Arg: <URL> -Help: Resolve host names over DOH +Help: Resolve host names over DoH Protocols: all Added: 7.62.0 Category: dns --- -Specifies which DNS-over-HTTPS (DOH) server to use to resolve hostnames, +Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames, instead of using the default name resolver mechanism. The URL must be HTTPS. -Some SSL options that you set for your transfer will apply to DOH since the +Some SSL options that you set for your transfer will apply to DoH since the name lookups take place over SSL. However, the certificate verification settings are not inherited and can be controlled separately via --doh-insecure and --doh-cert-status. diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index ecba0d5d4..cd1bf1c85 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -201,7 +201,7 @@ Timeout for DNS cache. See \fICURLOPT_DNS_CACHE_TIMEOUT(3)\fP .IP CURLOPT_DNS_USE_GLOBAL_CACHE OBSOLETE Enable global DNS cache. See \fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP .IP CURLOPT_DOH_URL -Use this DOH server for name resolves. See \fICURLOPT_DOH_URL(3)\fP +Use this DoH server for name resolves. See \fICURLOPT_DOH_URL(3)\fP .IP CURLOPT_BUFFERSIZE Ask for alternate buffer size. See \fICURLOPT_BUFFERSIZE(3)\fP .IP CURLOPT_PORT @@ -566,21 +566,21 @@ Proxy SSL version to use. See \fICURLOPT_PROXY_SSLVERSION(3)\fP .IP CURLOPT_SSL_VERIFYHOST Verify the host name in the SSL certificate. See \fICURLOPT_SSL_VERIFYHOST(3)\fP .IP CURLOPT_DOH_SSL_VERIFYHOST -Verify the host name in the DOH (DNS-over-HTTPS) SSL certificate. See +Verify the host name in the DoH (DNS-over-HTTPS) SSL certificate. See \fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP .IP CURLOPT_PROXY_SSL_VERIFYHOST Verify the host name in the proxy SSL certificate. See \fICURLOPT_PROXY_SSL_VERIFYHOST(3)\fP .IP CURLOPT_SSL_VERIFYPEER Verify the SSL certificate. See \fICURLOPT_SSL_VERIFYPEER(3)\fP .IP CURLOPT_DOH_SSL_VERIFYPEER -Verify the DOH (DNS-over-HTTPS) SSL certificate. See +Verify the DoH (DNS-over-HTTPS) SSL certificate. See \fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP .IP CURLOPT_PROXY_SSL_VERIFYPEER Verify the proxy SSL certificate. See \fICURLOPT_PROXY_SSL_VERIFYPEER(3)\fP .IP CURLOPT_SSL_VERIFYSTATUS Verify the SSL certificate's status. See \fICURLOPT_SSL_VERIFYSTATUS(3)\fP .IP CURLOPT_DOH_SSL_VERIFYSTATUS -Verify the DOH (DNS-over-HTTPS) SSL certificate's status. See +Verify the DoH (DNS-over-HTTPS) SSL certificate's status. See \fICURLOPT_DOH_SSL_VERIFYSTATUS(3)\fP .IP CURLOPT_CAINFO CA cert bundle. See \fICURLOPT_CAINFO(3)\fP diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3 b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3 index ce4a369ec..cf0886ba4 100644 --- a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3 +++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.3 @@ -22,25 +22,25 @@ .\" .TH CURLOPT_DOH_SSL_VERIFYHOST 3 "11 Feb 2021" "libcurl 7.76.0" "curl_easy_setopt options" .SH NAME -CURLOPT_DOH_SSL_VERIFYHOST \- verify the host name in the DOH SSL certificate +CURLOPT_DOH_SSL_VERIFYHOST \- verify the host name in the DoH SSL certificate .SH SYNOPSIS #include <curl/curl.h> CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYHOST, long verify); .SH DESCRIPTION -Pass a long set to 2L as asking curl to \fIverify\fP the DOH (DNS-over-HTTPS) +Pass a long set to 2L as asking curl to \fIverify\fP the DoH (DNS-over-HTTPS) server's certificate name fields against the host name. -This option is the DOH equivalent of \fICURLOPT_SSL_VERIFYHOST(3)\fP and -only affects requests to the DOH server. +This option is the DoH equivalent of \fICURLOPT_SSL_VERIFYHOST(3)\fP and +only affects requests to the DoH server. When \fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP is 2, the SSL certificate provided by -the DOH server must indicate that the server name is the same as the server +the DoH server must indicate that the server name is the same as the server name to which you meant to connect to, or the connection fails. -Curl considers the DOH server the intended one when the Common Name field or a +Curl considers the DoH server the intended one when the Common Name field or a Subject Alternate Name field in the certificate matches the host name in the -DOH URL to which you told Curl to connect. +DoH URL to which you told Curl to connect. When the \fIverify\fP value is set to 1L it is treated the same as 2L. However for consistency with the other VERIFYHOST options we suggest use 2 and not 1. @@ -49,14 +49,14 @@ When the \fIverify\fP value is set to 0L, the connection succeeds regardless of the names used in the certificate. Use that ability with caution! See also \fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP to verify the digital signature -of the DOH server certificate. If libcurl is built against NSS and +of the DoH server certificate. If libcurl is built against NSS and \fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP is zero, \fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP is also set to zero and cannot be overridden. .SH DEFAULT 2 .SH PROTOCOLS -DOH +DoH .SH EXAMPLE .nf CURL *curl = curl_easy_init(); @@ -65,7 +65,7 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_DOH_URL, "https://cloudflare-dns.com/dns-query"); - /* Disable host name verification of the DOH server */ + /* Disable host name verification of the DoH server */ curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYHOST, 0L); curl_easy_perform(curl); diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3 index 3f52595a7..3ef9374e6 100644 --- a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3 +++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.3 @@ -22,7 +22,7 @@ .\" .TH CURLOPT_DOH_SSL_VERIFYPEER 3 "11 Feb 2021" "libcurl 7.76.0" "curl_easy_setopt options" .SH NAME -CURLOPT_DOH_SSL_VERIFYPEER \- verify the DOH SSL certificate +CURLOPT_DOH_SSL_VERIFYPEER \- verify the DoH SSL certificate .SH SYNOPSIS #include <curl/curl.h> @@ -30,12 +30,12 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYPEER, long verify) .SH DESCRIPTION Pass a long as parameter set to 1L to enable or 0L to disable. -This option tells curl to verify the authenticity of the DOH (DNS-over-HTTPS) +This option tells curl to verify the authenticity of the DoH (DNS-over-HTTPS) server's certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't. -This option is the DOH equivalent of \fICURLOPT_SSL_VERIFYPEER(3)\fP and -only affects requests to the DOH server. +This option is the DoH equivalent of \fICURLOPT_SSL_VERIFYPEER(3)\fP and +only affects requests to the DoH server. When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. Curl verifies whether the certificate is authentic, @@ -65,7 +65,7 @@ the correct end-point. .SH DEFAULT 1 .SH PROTOCOLS -DOH +DoH .SH EXAMPLE .nf CURL *curl = curl_easy_init(); @@ -74,7 +74,7 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_DOH_URL, "https://cloudflare-dns.com/dns-query"); - /* Disable certificate verification of the DOH server */ + /* Disable certificate verification of the DoH server */ curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYPEER, 0L); curl_easy_perform(curl); diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3 b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3 index a22ad6764..3d87f1f10 100644 --- a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3 +++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.3 @@ -22,7 +22,7 @@ .\" .TH CURLOPT_DOH_SSL_VERIFYSTATUS 3 "11 Feb 2021" "libcurl 7.76.0" "curl_easy_setopt options" .SH NAME -CURLOPT_DOH_SSL_VERIFYSTATUS \- verify the DOH SSL certificate's status +CURLOPT_DOH_SSL_VERIFYSTATUS \- verify the DoH SSL certificate's status .SH SYNOPSIS #include <curl/curl.h> @@ -30,19 +30,19 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYSTATUS, long verif .SH DESCRIPTION Pass a long as parameter set to 1 to enable or 0 to disable. -This option determines whether libcurl verifies the status of the DOH +This option determines whether libcurl verifies the status of the DoH (DNS-over-HTTPS) server cert using the "Certificate Status Request" TLS extension (aka. OCSP stapling). -This option is the DOH equivalent of \fICURLOPT_SSL_VERIFYSTATUS(3)\fP and -only affects requests to the DOH server. +This option is the DoH equivalent of \fICURLOPT_SSL_VERIFYSTATUS(3)\fP and +only affects requests to the DoH server. Note that if this option is enabled but the server does not support the TLS extension, the verification will fail. .SH DEFAULT 0 .SH PROTOCOLS -DOH +DoH .SH EXAMPLE .nf CURL *curl = curl_easy_init(); @@ -51,7 +51,7 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_DOH_URL, "https://cloudflare-dns.com/dns-query"); - /* Ask for OCSP stapling when verifying the DOH server */ + /* Ask for OCSP stapling when verifying the DoH server */ curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYSTATUS, 1L); curl_easy_perform(curl); diff --git a/docs/libcurl/opts/CURLOPT_DOH_URL.3 b/docs/libcurl/opts/CURLOPT_DOH_URL.3 index 265cf37f8..ea164a3e3 100644 --- a/docs/libcurl/opts/CURLOPT_DOH_URL.3 +++ b/docs/libcurl/opts/CURLOPT_DOH_URL.3 @@ -28,7 +28,7 @@ CURLOPT_DOH_URL \- provide the DNS-over-HTTPS URL CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_URL, char *URL); .SH DESCRIPTION -Pass in a pointer to a \fIURL\fP for the DOH server to use for name +Pass in a pointer to a \fIURL\fP for the DoH server to use for name resolving. The parameter should be a char * to a null-terminated string which must be URL-encoded in the following format: "https://host:port/path". It MUST specify a HTTPS URL. @@ -39,19 +39,19 @@ still return \fICURLE_OK\fP. curl sends POST requests to the given DNS-over-HTTPS URL. -To find the DOH server itself, which might be specified using a name, libcurl +To find the DoH server itself, which might be specified using a name, libcurl will use the default name lookup function. You can bootstrap that by providing -the address for the DOH server with \fICURLOPT_RESOLVE(3)\fP. +the address for the DoH server with \fICURLOPT_RESOLVE(3)\fP. -Disable DOH use again by setting this option to NULL. +Disable DoH use again by setting this option to NULL. -\fBAdvanced:\fP The DOH lookups use SSL so some SSL settings from your transfer +\fBAdvanced:\fP The DoH lookups use SSL so some SSL settings from your transfer are inherited. The hostname and peer certificate verification settings are not inherited and can be controlled separately via \fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP and \fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP. Note \fICURLOPT_SSL_CTX_FUNCTION(3)\fP is inherited. .SH DEFAULT -NULL - there is no default DOH URL. If this option isn't set, libcurl will use +NULL - there is no default DoH URL. If this option isn't set, libcurl will use the default name resolver. .SH PROTOCOLS All @@ -71,7 +71,7 @@ Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient heap space. Note that \fIcurl_easy_setopt(3)\fP won't actually parse the given string so -given a bad DOH URL, curl will not detect a problem until it tries to resolve +given a bad DoH URL, curl will not detect a problem until it tries to resolve a name with it. .SH "SEE ALSO" .BR CURLOPT_VERBOSE "(3), " CURLOPT_RESOLVE "(3), " diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 index b7c596605..afc299b08 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 @@ -63,12 +63,12 @@ knowing anything about it, which then subsequently can lead to libcurl unknowingly reusing SSL connections with different properties. To remedy this you may set \fICURLOPT_FORBID_REUSE(3)\fP from the callback function. -WARNING: If you are using DNS-over-HTTPS (DOH) via \fICURLOPT_DOH_URL(3)\fP +WARNING: If you are using DNS-over-HTTPS (DoH) via \fICURLOPT_DOH_URL(3)\fP then the CTX callback will also be called for those transfers and the curl handle is set to an internal handle. \fBThis behavior is subject to change.\fP We recommend before performing your transfer set \fICURLOPT_PRIVATE(3)\fP on your curl handle so you can identify it in the CTX callback. If you have a -reason to modify DOH SSL context please let us know on the curl-library mailing +reason to modify DoH SSL context please let us know on the curl-library mailing list because we are considering removing this capability. .SH DEFAULT NULL |