1*6236dae4SAndroid Build Coastguard Worker--- 2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 4*6236dae4SAndroid Build Coastguard WorkerLong: proxy-pinnedpubkey 5*6236dae4SAndroid Build Coastguard WorkerArg: <hashes> 6*6236dae4SAndroid Build Coastguard WorkerHelp: FILE/HASHES public key to verify proxy with 7*6236dae4SAndroid Build Coastguard WorkerProtocols: TLS 8*6236dae4SAndroid Build Coastguard WorkerCategory: proxy tls 9*6236dae4SAndroid Build Coastguard WorkerAdded: 7.59.0 10*6236dae4SAndroid Build Coastguard WorkerMulti: single 11*6236dae4SAndroid Build Coastguard WorkerSee-also: 12*6236dae4SAndroid Build Coastguard Worker - pinnedpubkey 13*6236dae4SAndroid Build Coastguard Worker - proxy 14*6236dae4SAndroid Build Coastguard WorkerExample: 15*6236dae4SAndroid Build Coastguard Worker - --proxy-pinnedpubkey keyfile $URL 16*6236dae4SAndroid Build Coastguard Worker - --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' $URL 17*6236dae4SAndroid Build Coastguard Worker--- 18*6236dae4SAndroid Build Coastguard Worker 19*6236dae4SAndroid Build Coastguard Worker# `--proxy-pinnedpubkey` 20*6236dae4SAndroid Build Coastguard Worker 21*6236dae4SAndroid Build Coastguard WorkerUse the specified public key file (or hashes) to verify the proxy. This can be 22*6236dae4SAndroid Build Coastguard Workera path to a file which contains a single public key in PEM or DER format, or 23*6236dae4SAndroid Build Coastguard Workerany number of base64 encoded sha256 hashes preceded by 'sha256//' and 24*6236dae4SAndroid Build Coastguard Workerseparated by ';'. 25*6236dae4SAndroid Build Coastguard Worker 26*6236dae4SAndroid Build Coastguard WorkerWhen negotiating a TLS or SSL connection, the server sends a certificate 27*6236dae4SAndroid Build Coastguard Workerindicating its identity. A public key is extracted from this certificate and 28*6236dae4SAndroid Build Coastguard Workerif it does not exactly match the public key provided to this option, curl 29*6236dae4SAndroid Build Coastguard Workeraborts the connection before sending or receiving any data. 30*6236dae4SAndroid Build Coastguard Worker 31*6236dae4SAndroid Build Coastguard WorkerBefore curl 8.10.0 this option did not work due to a bug. 32