$ curl --tlsauthtype SRP --list-only
curl: option --tlsauthtype: the installed libcurl version doesn't support this
curl: try 'curl --help' or 'curl --manual' for more information
$ curl --help | grep tls
-1, --tlsv1 Use => TLSv1 (SSL)
--tlsv1.0 Use TLSv1.0 (SSL)
--tlsv1.1 Use TLSv1.1 (SSL)
--tlsv1.2 Use TLSv1.2 (SSL)
--tlsuser USER TLS username
--tlspassword STRING TLS password
--tlsauthtype STRING TLS authentication type (default SRP)
Set TLS authentication type. Currently, the only supported
option is "SRP", for TLS-SRP (RFC 5054). If --tlsuser and
--tlspassword are specified but --tlsauthtype is not, then this
option defaults to "SRP". (Added in 7.21.4)
Set password for use with the TLS authentication method speci‐
fied with --tlsauthtype. Requires that --tlsuser also be set.
(Added in 7.21.4)
Set username for use with the TLS authentication method speci‐
fied with --tlsauthtype. Requires that --tlspassword also be
set. (Added in 7.21.4)
Looking at configure in the srpm it appears that --enable-tls-srp must be specified for it to actually work which is not in the spec file.
(In reply to Chris Cheney from comment #0)
> Looking at configure in the srpm it appears that --enable-tls-srp must be
> specified for it to actually work which is not in the spec file.
Unfortunately, it is not that easy. You would need to link libcurl with OpenSSL or GnuTLS whereas RHEL-7 libcurl is linked with NSS. And even with OpenSSL, the TLS-SRP support was introduced in Fedora just recently because of legal reasons (and it broke ABI compatibility with libcurl). See bug #1462211 comment #4.
Yes, we should mention that --tlsauthtype works only if the support for TLS-SRP is compiled in.
I have created a pull request upstream:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.