Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
CURLOPT_PINNEDPUBLICKEY conflicting documentation
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: curl.stunt430--- via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 17 Oct 2025 08:00:38 +0000
The CURLOPT_PINNEDPUBLICKEY option has conflicting documentation in the source code and the documentation at https://curl.se
```c
/* The public key in DER form used to validate the peer public key
this option is used only if SSL_VERIFYPEER is true */ CURLOPT(CURLOPT_PINNEDPUBLICKEY, CURLOPTTYPE_STRINGPOINT, 230),
```
The above snippet is retrieved from [curl.h](https://github.com/curl/curl/blob/f91be14bfb79021e3b9ba769955c1f2c4351e9bf/include/curl/curl.h#L1958) from the GitHub repo. The comment above says that the CURLOPT_PINNEDPUBLICKEY option is used only if SSL_VERIFYPEER is true. This is in direct contradiction to the documentation [here](https://curl.se/libcurl/c/CURLOPT_PINNEDPUBLICKEY.html). The documentation says this:
- This option is independent of option [CURLOPT_SSL_VERIFYPEER](https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html). If you turn off that option then the peer is still verified by public key.
I hope this can be fixed to not be a source of confusion. Thanks!
Date: Fri, 17 Oct 2025 08:00:38 +0000
The CURLOPT_PINNEDPUBLICKEY option has conflicting documentation in the source code and the documentation at https://curl.se
```c
/* The public key in DER form used to validate the peer public key
this option is used only if SSL_VERIFYPEER is true */ CURLOPT(CURLOPT_PINNEDPUBLICKEY, CURLOPTTYPE_STRINGPOINT, 230),
```
The above snippet is retrieved from [curl.h](https://github.com/curl/curl/blob/f91be14bfb79021e3b9ba769955c1f2c4351e9bf/include/curl/curl.h#L1958) from the GitHub repo. The comment above says that the CURLOPT_PINNEDPUBLICKEY option is used only if SSL_VERIFYPEER is true. This is in direct contradiction to the documentation [here](https://curl.se/libcurl/c/CURLOPT_PINNEDPUBLICKEY.html). The documentation says this:
- This option is independent of option [CURLOPT_SSL_VERIFYPEER](https://curl.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html). If you turn off that option then the peer is still verified by public key.
I hope this can be fixed to not be a source of confusion. Thanks!
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-10-17