From f2692b54f74b8bb6058ecd3cf4abcc96e8ab36ba Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 19 May 2026 23:14:01 +0200
Subject: [PATCH] docs: note CURLOPT_PINNEDPUBLICKEY has no effect on legacy
 LDAP backend

Closes #21682
---
 docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md
index 0590143c90..82dd1626d1 100644
--- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md
+++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md
@@ -53,6 +53,11 @@ On mismatch, *CURLE_SSL_PINNEDPUBKEYNOTMATCH* is returned.
 The application does not have to keep the string around after setting this
 option.
 
+This option has no effect on LDAP connections when libcurl uses the legacy LDAP
+backend. That backend manages TLS independently of curl's TLS layer. When
+libcurl is built with USE_OPENLDAP, the OpenLDAP backend routes TLS through
+curl's layer and this option is honored.
+
 # DEFAULT
 
 NULL