From 74af81ca030752da5859dfa93382d6c6011a87dd Mon Sep 17 00:00:00 2001 From: Jacob Tolar Date: Mon, 22 Aug 2022 17:18:59 -0500 Subject: [PATCH] cert.d: clarify that escape character works for file paths Closes #9349 --- docs/cmdline-opts/cert.d | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d index a584975b70..27690eb97a 100644 --- a/docs/cmdline-opts/cert.d +++ b/docs/cmdline-opts/cert.d @@ -14,19 +14,23 @@ Tells curl to use the specified client certificate file when getting a file with HTTPS, FTPS or another SSL-based protocol. The certificate must be in PKCS#12 format if using Secure Transport, or PEM format if using any other engine. If the optional password is not specified, it will be queried for on -the terminal. Note that this option assumes a "certificate" file that is the -private key and the client certificate concatenated! See --cert and --key to +the terminal. Note that this option assumes a certificate file that is the +private key and the client certificate concatenated. See --cert and --key to specify them independently. +In the portion of the argument, you must escape the character ":" +as "\\:" so that it is not recognized as the password delimiter. Similarly, you +must escape the character "\\" as "\\\\" so that it is not recognized as an +escape character. + If curl is built against the NSS SSL library then this option can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be -loaded. If you want to use a file from the current directory, please precede -it with "./" prefix, in order to avoid confusion with a nickname. If the -nickname contains ":", it needs to be preceded by "\\" so that it is not -recognized as password delimiter. If the nickname contains "\\", it needs to -be escaped as "\\\\" so that it is not recognized as an escape character. +loaded. + +If you provide a path relative to the current directory, you must prefix the +path with "./" in order to avoid confusion with an NSS database nickname. If curl is built against OpenSSL library, and the engine pkcs11 is available, then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in -- 2.47.3