dwww: tpablo.net

dwww Home | Manual pages | Find package
CURLOPT_ISSUERCERT_BLOB(3) curl_easy_setopt options CURLOPT_ISSUERCERT_BLOB(3)

NAME
       CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob

SYNOPSIS
       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB,
                                 struct curl_blob *stblob);

DESCRIPTION
       Pass  a  pointer  to  a curl_blob structure, which contains information
       (pointer and size) about a memory block with binary data of a  CA  cer-
       tificate  in  PEM  format.  If  the  option is set, an additional check
       against the peer certificate is performed to verify the issuer  is  in-
       deed  the  one  associated with the certificate provided by the option.
       This additional check is useful in multi-level PKI where one  needs  to
       enforce  that  the  peer  certificate  is from a specific branch of the
       tree.

       This option should be used in combination  with  the  CURLOPT_SSL_VERI-
       FYPEER(3)  option. Otherwise, the result of the check is not considered
       as failure.

       A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the  op-
       tion,  which is returned if the setup of the SSL/TLS session has failed
       due to a mismatch with the issuer of peer certificate (CURLOPT_SSL_VER-
       IFYPEER(3) has to be set too for the check to fail).

       If  the  blob  is initialized with the flags member of struct curl_blob
       set to CURL_BLOB_COPY, the application does not have to keep the buffer
       around after setting this.

       This  option  is  an alternative to CURLOPT_ISSUERCERT(3) which instead
       expects a file name as input.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl) {
         struct curl_blob blob;
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         blob.data = certificateData;
         blob.len = filesize;
         blob.flags = CURL_BLOB_COPY;
         curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob);
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in 7.71.0. This option is supported by the OpenSSL backends.

RETURN VALUE
       Returns CURLE_OK if the option is  supported,  CURLE_UNKNOWN_OPTION  if
       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO
       CURLOPT_ISSUERCERT(3), CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),

libcurl 7.81.0                 November 26, 2021    CURLOPT_ISSUERCERT_BLOB(3)
Generated by dwww version 1.14 on Thu Jan 23 06:12:44 CET 2025.