mirror of
https://github.com/TorqueGameEngines/Torque3D.git
synced 2026-07-12 15:14:35 +00:00
Update libcurl
This commit is contained in:
parent
20eb0a911a
commit
01a719ee58
3439 changed files with 529259 additions and 41492 deletions
121
Engine/lib/curl/docs/mk-ca-bundle.1
Normal file
121
Engine/lib/curl/docs/mk-ca-bundle.1
Normal file
|
|
@ -0,0 +1,121 @@
|
|||
.\" **************************************************************************
|
||||
.\" * _ _ ____ _
|
||||
.\" * Project ___| | | | _ \| |
|
||||
.\" * / __| | | | |_) | |
|
||||
.\" * | (__| |_| | _ <| |___
|
||||
.\" * \___|\___/|_| \_\_____|
|
||||
.\" *
|
||||
.\" * Copyright (C) 2008 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
.\" *
|
||||
.\" * This software is licensed as described in the file COPYING, which
|
||||
.\" * you should have received as part of this distribution. The terms
|
||||
.\" * are also available at https://curl.se/docs/copyright.html.
|
||||
.\" *
|
||||
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
||||
.\" * copies of the Software, and permit persons to whom the Software is
|
||||
.\" * furnished to do so, under the terms of the COPYING file.
|
||||
.\" *
|
||||
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
||||
.\" * KIND, either express or implied.
|
||||
.\" *
|
||||
.\" * SPDX-License-Identifier: curl
|
||||
.\" *
|
||||
.\" **************************************************************************
|
||||
.\"
|
||||
.TH mk-ca-bundle 1 "24 Oct 2016" "version 1.27" "mk-ca-bundle manual"
|
||||
.SH NAME
|
||||
mk-ca-bundle \- convert mozilla's certdata.txt to PEM format
|
||||
.SH SYNOPSIS
|
||||
mk-ca-bundle [options]
|
||||
.I [outputfile]
|
||||
.SH DESCRIPTION
|
||||
The mk-ca-bundle tool downloads the certdata.txt file from Mozilla's source
|
||||
tree over HTTPS, then parses certdata.txt and extracts certificates into PEM
|
||||
format. By default, only CA root certificates trusted to issue SSL server
|
||||
authentication certificates are extracted. These are then processed with the
|
||||
OpenSSL commandline tool to produce the final ca-bundle file.
|
||||
|
||||
The default \fIoutputfile\fP name is \fBca-bundle.crt\fP. By setting it to '-'
|
||||
(a single dash) you will get the output sent to STDOUT instead of a file.
|
||||
|
||||
The PEM format this scripts uses for output makes the result readily available
|
||||
for use by just about all OpenSSL or GnuTLS powered applications, such as
|
||||
curl, wget and more.
|
||||
.SH OPTIONS
|
||||
The following options are supported:
|
||||
.IP -b
|
||||
backup an existing version of \fIoutputfilename\fP
|
||||
.IP "-d [name]"
|
||||
specify which Mozilla tree to pull certdata.txt from (or a custom URL). Valid
|
||||
names are: aurora, beta, central, mozilla, nss, release (default). They are
|
||||
shortcuts for which source tree to get the cert data from.
|
||||
.IP -f
|
||||
force rebuild even if certdata.txt is current (Added in version 1.17)
|
||||
.IP -i
|
||||
print version info about used modules
|
||||
.IP -k
|
||||
Allow insecure data transfer. By default (since 1.27) this command will fail
|
||||
if the HTTPS transfer fails. This overrides that decision (and opens for
|
||||
man-in-the-middle attacks).
|
||||
.IP -l
|
||||
print license info about certdata.txt
|
||||
.IP -m
|
||||
(Added in 1.26) Include meta data comments in the output. The meta data is
|
||||
specific information about each certificate that is stored in the original
|
||||
file as comments and using this option will make those comments get passed on
|
||||
to the output file. The meta data is not parsed in any way by mk-ca-bundle.
|
||||
.IP -n
|
||||
no download of certdata.txt (to use existing)
|
||||
.IP "-p [purposes]:[levels]"
|
||||
list of Mozilla trust purposes and levels for certificates to include in output.
|
||||
Takes the form of a comma separated list of purposes, a colon, and a comma
|
||||
separated list of levels. The default is to include all certificates trusted
|
||||
to issue SSL Server certificates (SERVER_AUTH:TRUSTED_DELEGATOR).
|
||||
|
||||
(Added in version 1.21, Perl only)
|
||||
|
||||
Valid purposes are:
|
||||
.RS
|
||||
ALL, DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT,
|
||||
DATA_ENCIPHERMENT, KEY_AGREEMENT, KEY_CERT_SIGN, CRL_SIGN,
|
||||
SERVER_AUTH (default), CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION,
|
||||
IPSEC_END_SYSTEM, IPSEC_TUNNEL, IPSEC_USER, TIME_STAMPING, STEP_UP_APPROVED
|
||||
.RE
|
||||
.IP
|
||||
Valid trust levels are:
|
||||
.RS
|
||||
ALL, TRUSTED_DELEGATOR (default), NOT_TRUSTED, MUST_VERIFY_TRUST, TRUSTED
|
||||
.RE
|
||||
.IP -q
|
||||
be really quiet (no progress output at all)
|
||||
.IP -t
|
||||
include plain text listing of certificates
|
||||
.IP "-s [algorithms]"
|
||||
comma separated list of signature algorithms with which to hash/fingerprint
|
||||
each certificate and output when run in plain text mode.
|
||||
|
||||
(Added in version 1.21, Perl only)
|
||||
|
||||
Valid algorithms are:
|
||||
.RS
|
||||
ALL, NONE, MD5 (default), SHA1, SHA256, SHA384, SHA512
|
||||
.RE
|
||||
.IP -u
|
||||
unlink (remove) certdata.txt after processing
|
||||
.IP -v
|
||||
be verbose and print out processed CAs
|
||||
.SH EXIT STATUS
|
||||
Returns 0 on success. Returns 1 if it fails to download data.
|
||||
.SH CERTDATA FORMAT
|
||||
The file format used by Mozilla for this trust information seems to be documented here:
|
||||
.nf
|
||||
https://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-existing.html
|
||||
.fi
|
||||
.SH SEE ALSO
|
||||
.BR curl (1)
|
||||
.SH HISTORY
|
||||
\fBmk-ca-bundle\fP is a command line tool that is shipped as part of every
|
||||
curl and libcurl release (see https://curl.se/). It was originally based
|
||||
on the parse-certs script written by Roland Krikava and was later much
|
||||
improved by Guenter Knauf. This manual page was initially written by Jan
|
||||
Schaumann \&<jschauma@netmeister.org>.
|
||||
Loading…
Add table
Add a link
Reference in a new issue