Search…
README
How to read this book
The cURL project
Network and protocols
Install curl
Source code
Build curl
Command line basics
Using curl
Verbose
Version
Persistent connections
Downloads
Uploads
Transfer controls
Connections
Timeouts
.netrc
Proxies
Exit status
SCP and SFTP
Reading email
Sending email
MQTT
TFTP
TELNET
DICT
TLS
Ciphers
Enable TLS
TLS versions
Verifying server certificates
Certificate pinning
OCSP stapling
Client certificates
TLS auth
TLS backends
SSLKEYLOGFILE
Copy as curl
HTTP with curl
FTP with curl
Using libcurl
HTTP with libcurl
Bindings
libcurl internals
Index
Powered By GitBook
Certificate pinning
TLS certificate pinning is a way to verify that the public key used to sign the servers certificate has not changed. It is "pinned".
When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data.
You tell curl a file name to read the sha256 value from, or you specify the base64 encoded hash directly in the command line with a sha256// prefix. You can specify one or more hashes like that, separated with semicolons (;).
curl --pinnedpubkey "sha256//83d34tasd3rt…" https://example.com/
This feature is not supported by all TLS backends.
Previous
Verifying server certificates
Next
OCSP stapling
Last modified 4mo ago
Export as PDF
Copy link
Edit on GitHub