dwww: tpablo.net

dwww Home | Manual pages | Find package
CURLOPT_PROXY_ISSUERCERT(3)curl_easy_setopt optionsCURLOPT_PROXY_ISSUERCERT(3)

NAME
       CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename

SYNOPSIS
       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT, char *file);

DESCRIPTION
       Pass  a  char  * to a null-terminated string naming a file holding a CA
       certificate in PEM format. If the option is set,  an  additional  check
       against  the  peer certificate is performed to verify the issuer of the
       the HTTPS proxy is indeed the one associated with the certificate  pro-
       vided  by  the  option.  This additional check is useful in multi-level
       PKI where one needs to enforce that the peer certificate is from a spe-
       cific branch of the tree.

       This  option  makes  sense  only when used in combination with the CUR-
       LOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the check
       is not considered as failure.

       A  specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the op-
       tion, which is returned if the setup of the SSL/TLS session has  failed
       due   to   a  mismatch  with  the  issuer  of  peer  certificate  (CUR-
       LOPT_PROXY_SSL_VERIFYPEER(3) has to be set too for the check to fail).

       The application does not have to keep the string around  after  setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         /* using an HTTPS proxy */
         curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443");
         curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT, "/etc/certs/cacert.pem");
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in 7.71.0. This option is supported by the OpenSSL backends.

RETURN VALUE
       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO
       CURLOPT_PROXY_SSL_VERIFYPEER(3), CURLOPT_PROXY_SSL_VERIFYHOST(3),  CUR-
       LOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),

libcurl 7.81.0                 November 26, 2021   CURLOPT_PROXY_ISSUERCERT(3)
Generated by dwww version 1.14 on Thu Jan 23 06:12:37 CET 2025.