Index: curl-7.18.1/docs/libcurl/curl_easy_setopt.3 =================================================================== --- curl-7.18.1.orig/docs/libcurl/curl_easy_setopt.3 2008-06-02 09:45:57.958168400 +0200 +++ curl-7.18.1/docs/libcurl/curl_easy_setopt.3 2008-06-02 09:46:08.022160908 +0200 @@ -1433,6 +1433,22 @@ When built against NSS this is the directory that the NSS certificate database resides in. +.IP CURLOPT_ISSUERCERT +Pass a char * to a zero terminated string naming a file holding a CA +certificate in PEM format. If the option is set, an additional check +against the peer certificate is performed to verify the issuer is indeed +the one associated with the certificate provided by the option. This +additional check is useful in multi-level PKI where one need to enforce +the peer certificate is from a specific branch of the tree. + +This option makes sense only when used in combination with the +\fICURLOPT_SSL_VERIFYPEER\fP option. Otherwise, the result of the check +is not considered as failure. + +A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, +which is returned if the setup of the SSL/TLS session has failed due to +a mismatch with the issuer of peer certificate (\fICURLOPT_SSL_VERIFYPEER\fP +has to be set too for the check to fail). .IP CURLOPT_CAPATH Pass a char * to a zero terminated string naming a directory holding multiple CA certificates to verify the peer with. The certificate directory must be Index: curl-7.18.1/docs/libcurl/libcurl-errors.3 =================================================================== --- curl-7.18.1.orig/docs/libcurl/libcurl-errors.3 2008-06-02 09:45:57.958168400 +0200 +++ curl-7.18.1/docs/libcurl/libcurl-errors.3 2008-06-02 09:46:08.022160908 +0200 @@ -210,6 +210,8 @@ Failed to shut down the SSL connection .IP "CURLE_SSL_CRL_BADFILE (81)" Failed to load CRL file +.IP "CURLE_SSL_ISSUER_ERROR (82)" +Issuer check failed .IP "CURLE_OBSOLETE*" These error codes will never be returned. They used to be used in an old libcurl version and are currently unused.