SSLCERTS.md: mention HTTPS proxies and their separate options

author Daniel Stenberg <daniel@haxx.se>

Thu, 16 Mar 2017 22:00:24 +0000 (23:00 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 16 Mar 2017 22:00:24 +0000 (23:00 +0100)
author Daniel Stenberg <daniel@haxx.se>
Thu, 16 Mar 2017 22:00:24 +0000 (23:00 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 16 Mar 2017 22:00:24 +0000 (23:00 +0100)
diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md

index 7755609c4f46e7065cc24c71cb878179d79f7013..3fcd345b006a1bcbcad2273bc543dba4d8a4f4e8 100644 (file)
--- a/docs/SSLCERTS.md
+++ b/docs/SSLCERTS.md
@@ -161,3 +161,13 @@ disabled. Secure Transport on iOS will run OCSP checks on certificates unless
  peer verification is disabled. Secure Transport on OS X will run either OCSP
  or CRL checks on certificates if those features are enabled, and this behavior
  can be adjusted in the preferences of Keychain Access.
+
+HTTPS proxy
+-----------
+
+Since version 7.52.0, curl can do HTTPS to the proxy separately from the
+connection to the server. This TLS connection is handled separately from the
+server connection so instead of `--insecure` and `--cacert` to control the
+certificate verification, you use `--proxy-insecure` and `--proxy-cacert`.
+With these options, you make sure that the TLS connection and the trust of the
+proxy can be kept totally separate from the TLS connection to the server.
author	Daniel Stenberg <daniel@haxx.se>
	Thu, 16 Mar 2017 22:00:24 +0000 (23:00 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 16 Mar 2017 22:00:24 +0000 (23:00 +0100)