+<DT><B>-sshknownhosts</B>
+
+<DD>
+Pass a string holding the file name of the known_host file to use. The known_hosts
+file should use the OpenSSH file format as supported by libssh2. If this file is
+specified, TclCurl will only accept connections with hosts that are known and present
+in that file, with a matching public key. Use <B>-sshkeyproc</B> to alter the default
+behavior on host and key (mis)matching.
+<P>
+<DT><B>-sshkeyproc </B>
+
+<DD>
+Pass a the name of the procedure that will be called when the known_host matching has
+been done, to allow the application to act and decide for TclCurl how to proceed. The
+callback will only be called if <B>-knownhosts</B> is also set.
+<P>
+It gets passed a list with three elements, the first one is a list with the type of the
+key from the known_hosts file and the key itself, the second is another list with
+the type of the key from the remote site and the key itslef, the third tells you
+what TclCurl thinks about the matching status.
+<P>
+The known key types are: "rsa", "rsa1" and "dss", in any other case "unknown" is given.
+<P>
+TclCurl opinion about how they match may be: "match", "mismatch", "missing" or "error".
+<P>
+The procedure must return:
+<DL COMPACT><DT><DD>
+<DL COMPACT>
+<DT><B>0</B>
+
+<DD>
+The host+key is accepted and TclCurl will append it to the known_hosts file before
+continuing with the connection. This will also add the host+key combo to the known_host
+pool kept in memory if it wasn't already present there. The adding of data to
+the file is done by completely replacing the file with a new copy, so the permissions of
+the file must allow this.
+<DT><B>1</B>
+
+<DD>
+The host+key is accepted, TclCurl will continue with the connection. This will also add
+the host+key combo to the known_host pool kept in memory if it wasn't already present
+there.
+<DT><B>2</B>
+
+<DD>
+The host+key is rejected. TclCurl will close the connection.
+<DT><B>3</B>
+
+<DD>
+The host+key is rejected, but the SSH connection is asked to be kept alive. This feature
+could be used when the app wants to somehow return back and act on the host+key situation
+and then retry without needing the overhead of setting it up from scratch again.
+</DL>
+</DL>
+
+<P>
+Any other value will cause the connection to be closed.
+<P>