docs: indicate http.sslCertType and sslKeyType

0a01d41ee4 (http: add support for different sslcert and sslkey types.,
2023-03-20) added useful SSL config options, but did not document them.

Signed-off-by: Andrew Carter <andrew@emailcarter.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/Documentation/config/http.txt b/Documentation/config/http.txt
index 162b33fc52f9672cc14808c77e7e90e53c2da889..ed11ddcd02ca73f973346af104eb359cfa92fb45 100644 (file)
--- a/Documentation/config/http.txt
+++ b/Documentation/config/http.txt
@@ -216,6 +216,21 @@ http.sslBackend::
        This option is ignored if cURL lacks support for choosing the SSL
        backend at runtime.
 
+http.sslCertType::
+       Type of client certificate used when fetching or pushing over HTTPS.
+       "PEM", "DER" are supported when using openssl or gnutls backends. "P12"
+       is supported on "openssl", "schannel", "securetransport", and gnutls 8.11+.
+       See also libcurl `CURLOPT_SSLCERTTYPE`. Can be overridden by the
+       `GIT_SSL_CERT_TYPE` environment variable.
+
+http.sslKeyType::
+       Type of client private key used when fetching or pushing over HTTPS. (e.g.
+       "PEM", "DER", or "ENG"). Only applicable when using "openssl" backend. "DER"
+       is not supported with openssl. Particularly useful when set to "ENG" for
+       authenticating with PKCS#11 tokens, with a PKCS#11 URL in sslCert option.
+       See also libcurl `CURLOPT_SSLKEYTYPE`. Can be overridden by the
+       `GIT_SSL_KEY_TYPE` environment variable.
+
 http.schannelCheckRevoke::
        Used to enforce or disable certificate revocation checks in cURL
        when http.sslBackend is set to "schannel". Defaults to `true` if