quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

cert.md (2264B)

      1 ---
      2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
      3 SPDX-License-Identifier: curl
      4 Short: E
      5 Long: cert
      6 Arg: <certificate[:password]>
      7 Help: Client certificate file and password
      8 Protocols: TLS
      9 Category: tls
     10 Added: 5.0
     11 Multi: single
     12 See-also:
     13   - cert-type
     14   - key
     15   - key-type
     16 Example:
     17   - --cert certfile --key keyfile $URL
     18 ---
     19 
     20 # `--cert`
     21 
     22 Use the specified client certificate file when getting a file with HTTPS, FTPS
     23 or another SSL-based protocol. The certificate must be PEM format. If the
     24 optional password is not specified, it is queried for on the terminal. Note
     25 that this option assumes a certificate file that is the private key and the
     26 client certificate concatenated. See --cert and --key to specify them
     27 independently.
     28 
     29 In the \<certificate\> portion of the argument, you must escape the character
     30 `:` as `\:` so that it is not recognized as the password delimiter. Similarly,
     31 you must escape the double quote character as \" so that it is not recognized
     32 as an escape character.
     33 
     34 If curl is built against OpenSSL, and the engine pkcs11 or pkcs11
     35 provider is available, then a PKCS#11 URI (RFC 7512) can be used to specify a
     36 certificate located in a PKCS#11 device. A string beginning with `pkcs11:` is
     37 interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine
     38 option is set as `pkcs11` if none was provided and the --cert-type option is
     39 set as `ENG` or `PROV` if none was provided (depending on OpenSSL version).
     40 
     41 If curl is built against GnuTLS, a PKCS#11 URI can be used to specify
     42 a certificate located in a PKCS#11 device. A string beginning with `pkcs11:`
     43 is interpreted as a PKCS#11 URI.
     44 
     45 (Schannel) Client certificates must be specified by a path expression to a
     46 certificate store. (Loading *PFX* is not supported; you can import it to a
     47 store first). You can use "\<store location\>\\<store name\>\\<thumbprint\>"
     48 to refer to a certificate in the system certificates store, for example,
     49 *"CurrentUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a"*. Thumbprint is
     50 usually a SHA-1 hex string which you can see in certificate details. Following
     51 store locations are supported: *CurrentUser*, *LocalMachine*,
     52 *CurrentService*, *Services*, *CurrentUserGroupPolicy*,
     53 *LocalMachineGroupPolicy* and *LocalMachineEnterprise*.