Hallo folks,

Today I had some time to write some documantation.

I hope you can use it...

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

diff -ru curl-7.9.3-pre1/docs/curl_easy_setopt.3 curl-7.9.3-pre1_patch/docs/curl_easy_setopt.3
--- curl-7.9.3-pre1/docs/curl_easy_setopt.3 Mon Dec 10 08:46:43 2001
+++ curl-7.9.3-pre1_patch/docs/curl_easy_setopt.3 Fri Jan 11 15:16:00 2002
@@ -319,13 +319,54 @@
 .TP
 .B CURLOPT_SSLCERT
 Pass a pointer to a zero terminated string as parameter. The string should be
-the file name of your certificate in PEM format.
+the file name of your certificate. The default format is "PEM" and can be
+changed with \fICURLOPT_SSLCERTTYPE\fP.
+.TP
+.B CURLOPT_SSLCERTTYPE
+Pass a pointer to a zero terminated string as parameter. The string should be
+the format of your certificate. Supported formats are "PEM" and "DER".
 .TP
 .B CURLOPT_SSLCERTPASSWD
 Pass a pointer to a zero terminated string as parameter. It will be used as
 the password required to use the CURLOPT_SSLCERT certificate. If the password
 is not supplied, you will be prompted for it. \fICURLOPT_PASSWDFUNCTION\fP can
 be used to set your own prompt function.
+
+\fBNOTE:\fPThis option is replaced by \fICURLOPT_SSLKEYPASSWD\fP and only
+cept for backward compatibility. You never needed a pass phrase to load
+a certificate but you need one to load your private key.
+.TP
+.B CURLOPT_SSLKEY
+Pass a pointer to a zero terminated string as parameter. The string should be
+the file name of your private key. The default format is "PEM" and can be
+changed with \fICURLOPT_SSLKEYTYPE\fP.
+.TP
+.B CURLOPT_SSLKEYTYPE
+Pass a pointer to a zero terminated string as parameter. The string should be
+the format of your private key. Supported formats are "PEM", "DER" and "ENG".
+
+\fBNOTE:\fPThe format "ENG" enables you to load the private key from a crypto
+engine. in this case \fICURLOPT_SSLKEY\fP is used as an identifier passed to
+the engine. You have to set the crypto engine with \fICURLOPT_SSL_ENGINE\fP.
+.TP
+.B CURLOPT_SSLKEYASSWD
+Pass a pointer to a zero terminated string as parameter. It will be used as
+the password required to use the \fICURLOPT_SSLKEY\fP private key. If the password
+is not supplied, you will be prompted for it. \fICURLOPT_PASSWDFUNCTION\fP can
+be used to set your own prompt function.
+.TP
+.B CURLOPT_SSL_ENGINE
+Pass a pointer to a zero terminated string as parameter. It will be used as
+the identifier for the crypto engine you want to use for your private key.
+
+\fBNOTE:\fPIf the crypto device cannot be loaded, \fICURLE_SSL_ENGINE_NOTFOUND\fP
+is returned.
+.TP
+.B CURLOPT_SSL_ENGINEDEFAULT
+Sets the actual crypto engine as the default for (asymetric) crypto operations.
+
+\fBNOTE:\fPIf the crypto device cannot be set, \fICURLE_SSL_ENGINE_SETFAILED\fP
+is returned.
 .TP
 .B CURLOPT_CRLF
 Convert Unix newlines to CRLF newlines on FTP uploads.
diff -ru curl-7.9.3-pre1/docs/examples/simplessl.c curl-7.9.3-pre1_patch/docs/examples/simplessl.c
--- curl-7.9.3-pre1/docs/examples/simplessl.c Tue Dec 18 11:13:41 2001
+++ curl-7.9.3-pre1_patch/docs/examples/simplessl.c Fri Jan 11 15:22:34 2002
@@ -37,6 +37,7 @@
   FILE *headerfile;
 
   const char *pCertFile = "testcert.pem";
+ const char *pCACertFile="cacert.pem"
 
   const char *pKeyName;
   const char *pKeyType;
@@ -96,6 +97,10 @@
        curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,pKeyType);
                                 /* set the private key (file or ID in engine) */
        curl_easy_setopt(curl,CURLOPT_SSLKEY,pKeyName);
+ /* set the file with the certs vaildating the server */
+ curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);
+ /* disconnect if we can't validate server's cert */
+ curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1);
        
        res = curl_easy_perform(curl);
        break; /* we are done... */