summaryrefslogtreecommitdiff
path: root/lib/ssl.xml
blob: c3a1aca584a666f1f088e7fe23e8827d748214e5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<?xml version="1.0" encoding="utf-8"?>
<dl>
  <dt><code>-p</code> <var>privkey.pem</var></dt>
  <dt><code>--private-key=</code><var>privkey.pem</var></dt>
  <dd>
    Specifies a PEM file containing the private key used as
    identity for outgoing SSL connections.
  </dd>

  <dt><code>-c</code> <var>cert.pem</var></dt>
  <dt><code>--certificate=</code><var>cert.pem</var></dt>
  <dd>
    Specifies a PEM file containing a certificate that certifies the
    private key specified on <code>-p</code> or <code>--private-key</code> to be
    trustworthy.  The certificate must be signed by the certificate
    authority (CA) that the peer in SSL connections will use to verify it.
  </dd>

  <dt><code>-C</code> <var>cacert.pem</var></dt>
  <dt><code>--ca-cert=</code><var>cacert.pem</var></dt>
  <dd>
    Specifies a PEM file containing the CA certificate for
    verifying certificates presented to this program by SSL peers.  (This
    may be the same certificate that SSL peers use to verify the
    certificate specified on <code>-c</code> or <code>--certificate</code>, or it may
    be a different one, depending on the PKI design in use.)
  </dd>

  <dt><code>-C none</code></dt>
  <dt><code>--ca-cert=none</code></dt>
  <dd>
    Disables verification of certificates presented by SSL peers.  This
    introduces a security risk, because it means that certificates cannot
    be verified to be those of known trusted hosts.
  </dd>
</dl>