xref: /aosp_15_r20/external/curl/docs/cmdline-opts/proxy-pinnedpubkey.md (revision 6236dae45794135f37c4eb022389c904c8b0090d)
1*6236dae4SAndroid Build Coastguard Worker---
2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al.
3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl
4*6236dae4SAndroid Build Coastguard WorkerLong: proxy-pinnedpubkey
5*6236dae4SAndroid Build Coastguard WorkerArg: <hashes>
6*6236dae4SAndroid Build Coastguard WorkerHelp: FILE/HASHES public key to verify proxy with
7*6236dae4SAndroid Build Coastguard WorkerProtocols: TLS
8*6236dae4SAndroid Build Coastguard WorkerCategory: proxy tls
9*6236dae4SAndroid Build Coastguard WorkerAdded: 7.59.0
10*6236dae4SAndroid Build Coastguard WorkerMulti: single
11*6236dae4SAndroid Build Coastguard WorkerSee-also:
12*6236dae4SAndroid Build Coastguard Worker  - pinnedpubkey
13*6236dae4SAndroid Build Coastguard Worker  - proxy
14*6236dae4SAndroid Build Coastguard WorkerExample:
15*6236dae4SAndroid Build Coastguard Worker  - --proxy-pinnedpubkey keyfile $URL
16*6236dae4SAndroid Build Coastguard Worker  - --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' $URL
17*6236dae4SAndroid Build Coastguard Worker---
18*6236dae4SAndroid Build Coastguard Worker
19*6236dae4SAndroid Build Coastguard Worker# `--proxy-pinnedpubkey`
20*6236dae4SAndroid Build Coastguard Worker
21*6236dae4SAndroid Build Coastguard WorkerUse the specified public key file (or hashes) to verify the proxy. This can be
22*6236dae4SAndroid Build Coastguard Workera path to a file which contains a single public key in PEM or DER format, or
23*6236dae4SAndroid Build Coastguard Workerany number of base64 encoded sha256 hashes preceded by 'sha256//' and
24*6236dae4SAndroid Build Coastguard Workerseparated by ';'.
25*6236dae4SAndroid Build Coastguard Worker
26*6236dae4SAndroid Build Coastguard WorkerWhen negotiating a TLS or SSL connection, the server sends a certificate
27*6236dae4SAndroid Build Coastguard Workerindicating its identity. A public key is extracted from this certificate and
28*6236dae4SAndroid Build Coastguard Workerif it does not exactly match the public key provided to this option, curl
29*6236dae4SAndroid Build Coastguard Workeraborts the connection before sending or receiving any data.
30*6236dae4SAndroid Build Coastguard Worker
31*6236dae4SAndroid Build Coastguard WorkerBefore curl 8.10.0 this option did not work due to a bug.
32