Document certificate bundle situation, closes #355

author: Oleg Pudeyev <oleg@bsdpower.com> 2016-01-15 01:51:49 -0500
committer: Oleg Pudeyev <oleg@bsdpower.com> 2016-01-15 01:51:49 -0500
commit: 63382fb06967070bac312d18389852baf3b5c51a (patch)
tree: 83dd68bc0ef1121f2b69770e18a894a389d18bce /INSTALL.rst
parent: e06a6dc378b747a8292e11eabc2c4cb513753973 (diff)
download: pycurl-63382fb06967070bac312d18389852baf3b5c51a.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/INSTALL.rst b/INSTALL.rst
index f566496..311c98e 100644
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -311,3 +311,19 @@ backend, you can try rebuilding libcurl and PycURL against another SSL backend.
 
 .. _reported: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515200
 .. _problems: https://bugs.launchpad.net/ubuntu/+source/pycurl/+bug/1111673
+
+
+SSL Certificate Bundle
+----------------------
+
+libcurl, and PycURL, by default verify validity of HTTPS servers' SSL
+certificates. Doing so requires a CA certificate bundle, which libcurl
+and most SSL libraries do not provide.
+
+Here_ is a good resource on how to build your own certificate bundle.
+certifie.com also has a `prebuilt certificate bundle`_.
+To use the certificate bundle, use ``CAINFO`` or ``CAPPATH`` PycURL
+options.
+
+.. _Here: http://certifie.com/ca-bundle/
+.. _prebuilt certificate bundle: http://certifie.com/ca-bundle/ca-bundle.crt.txt
author	Oleg Pudeyev <oleg@bsdpower.com>	2016-01-15 01:51:49 -0500
committer	Oleg Pudeyev <oleg@bsdpower.com>	2016-01-15 01:51:49 -0500
commit	63382fb06967070bac312d18389852baf3b5c51a (patch)
tree	83dd68bc0ef1121f2b69770e18a894a389d18bce /INSTALL.rst
parent	e06a6dc378b747a8292e11eabc2c4cb513753973 (diff)
download	pycurl-63382fb06967070bac312d18389852baf3b5c51a.tar.gz