mirror of
https://github.com/curl/curl.git
synced 2026-04-11 12:01:42 +08:00
40dcf5567c
curl passes down the capath directly to the backends. OpenSSL will then delimiter-separate this path internally to support multiple directories (using its certificate hash scheme). However, the other backends (wolfSSL, mbedTLS, gnutls) only expect a single directory (and do not use the hash scheme, preferring to iterate the directory and load all files). This adjusts the `--capath` documentation to reflect that multiple paths is an OpenSSL-specific feature. Alternatively, curl could delimiter-separate these itself, but I'm not sure it's worth it. Ref https://github.com/JuliaLang/NetworkOptions.jl/issues/41 Closes #17737
1003 B
1003 B
| c | SPDX-License-Identifier | Long | Arg | Help | Protocols | Category | Added | Multi | See-also | Example | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. | curl | capath | <dir> | CA directory to verify peer against | TLS | tls | 7.9.8 | single |
|
|
--capath
Use the specified certificate directory to verify the peer. If curl is built against
OpenSSL, multiple paths can be provided by separating them with the appropriate platform-specific
separator (e.g. path1:path2:path3 on Unix-style platforms for path1;path2;path3 on Windows).
The certificates must be in PEM format, and if curl is built against OpenSSL, the directory must have been processed using the c_rehash utility supplied with OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections much more efficiently than using --cacert if the --cacert file contains many CA certificates.
If this option is set, the default capath value is ignored.