Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: CURLOPT_PINNEDPUBLICKEY conflicting documentation
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 17 Oct 2025 12:28:11 -0400
On Fri, Oct 17, 2025 at 11:57 AM Daniel Stenberg via curl-library
<curl-library_at_lists.haxx.se> wrote:
>
> On Fri, 17 Oct 2025, curl.stunt430--- via curl-library wrote:
>
> > I hope this can be fixed to not be a source of confusion. Thanks!
>
> I think it would be a little against the point of this option to require
> certificate verification as well.
++. Host key pinning is a strong security control. I prefer it over
other forms that incorporate trust.
> Proposed fix, update the comment: https://github.com/curl/curl/pull/19105
Jeff
Date: Fri, 17 Oct 2025 12:28:11 -0400
On Fri, Oct 17, 2025 at 11:57 AM Daniel Stenberg via curl-library
<curl-library_at_lists.haxx.se> wrote:
>
> On Fri, 17 Oct 2025, curl.stunt430--- via curl-library wrote:
>
> > I hope this can be fixed to not be a source of confusion. Thanks!
>
> I think it would be a little against the point of this option to require
> certificate verification as well.
++. Host key pinning is a strong security control. I prefer it over
other forms that incorporate trust.
> Proposed fix, update the comment: https://github.com/curl/curl/pull/19105
Jeff
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-10-17