dwww: tpablo.net

dwww Home | Manual pages | Find package
CURLOPT_PROXY_ISSUERCERT_BLcurl)easy_setopt opCURLOPT_PROXY_ISSUERCERT_BLOB(3)

NAME
       CURLOPT_PROXY_ISSUERCERT_BLOB  - proxy issuer SSL certificate from mem-
       ory blob

SYNOPSIS
       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT_BLOB,
                                 struct curl_blob *blob);

DESCRIPTION
       Pass a pointer  to  a  curl_blob  struct,  which  contains  information
       (pointer  and  size) about a memory block with binary data of a CA cer-
       tificate in PEM format. If the  option  is  set,  an  additional  check
       against  the  peer certificate is performed to verify the issuer of the
       the HTTPS proxy is indeed the one associated with the certificate  pro-
       vided by the option. This additional check is useful in multi-level PKI
       where one needs to enforce that the peer certificate is from a specific
       branch of the tree.

       This   option   should   be   used   in   combination   with  the  CUR-
       LOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the check
       is not considered as failure.

       A  specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the op-
       tion, which is returned if the setup of the SSL/TLS session has  failed
       due   to   a  mismatch  with  the  issuer  of  peer  certificate  (CUR-
       LOPT_PROXY_SSL_VERIFYPEER(3) has to be set too for the check to fail).

       If the blob is initialized with the flags member  of  struct  curl_blob
       set to CURL_BLOB_COPY, the application does not have to keep the buffer
       around after setting this.

       This option is an alternative to CURLOPT_PROXY_ISSUERCERT(3) which  in-
       stead expects a file name as input.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl) {
         struct curl_blob blob;
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         /* using an HTTPS proxy */
         curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443");
         blob.data = certificateData;
         blob.len = filesize;
         blob.flags = CURL_BLOB_COPY;
         curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT_BLOB, &blob);
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in 7.71.0. This option is supported by the OpenSSL backends.

RETURN VALUE
       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO
       CURLOPT_PROXY_SSL_VERIFYPEER(3), CURLOPT_PROXY_SSL_VERIFYHOST(3),  CUR-
       LOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),

libcurl 7.81.0                 November 08, 20CURLOPT_PROXY_ISSUERCERT_BLOB(3)
Generated by dwww version 1.14 on Fri Jan 24 06:00:48 CET 2025.