curl/docs/libcurl/curl_global_sslset.3
Daniel Stenberg 78d6232f1f
gskit: remove
We remove support for building curl with gskit.

 - This is a niche TLS library, only running on some IBM systems
 - no regular curl contributors use this backend
 - no CI builds use or verify this backend
 - gskit, or the curl adaption for it, lacks many modern TLS features
   making it an inferior solution
 - build breakages in this code take weeks or more to get detected
 - fixing gskit code is mostly done "flying blind"

This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.

It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.

Closes #11460
2023-08-07 20:57:48 +02:00

133 lines
5.2 KiB
Groff

.\" **************************************************************************
.\" * _ _ ____ _
.\" * Project ___| | | | _ \| |
.\" * / __| | | | |_) | |
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at https://curl.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
.\" * furnished to do so, under the terms of the COPYING file.
.\" *
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
.\" * KIND, either express or implied.
.\" *
.\" * SPDX-License-Identifier: curl
.\" *
.\" **************************************************************************
.TH curl_global_sslset 3 "15 July 2017" "libcurl" "libcurl"
.SH NAME
curl_global_sslset - Select SSL backend to use with libcurl
.SH SYNOPSIS
.nf
#include <curl/curl.h>
typedef struct {
curl_sslbackend id;
const char *name;
} curl_ssl_backend;
typedef enum {
CURLSSLBACKEND_NONE = 0,
CURLSSLBACKEND_OPENSSL = 1, /* or one of its forks */
CURLSSLBACKEND_GNUTLS = 2,
CURLSSLBACKEND_NSS = 3,
CURLSSLBACKEND_GSKIT = 5, /* deprecated */
CURLSSLBACKEND_POLARSSL = 6, /* deprecated */
CURLSSLBACKEND_WOLFSSL = 7,
CURLSSLBACKEND_SCHANNEL = 8,
CURLSSLBACKEND_SECURETRANSPORT = 9,
CURLSSLBACKEND_AXTLS = 10, /* deprecated */
CURLSSLBACKEND_MBEDTLS = 11,
CURLSSLBACKEND_MESALINK = 12, /* deprecated */
CURLSSLBACKEND_BEARSSL = 13,
CURLSSLBACKEND_RUSTLS = 14
} curl_sslbackend;
CURLsslset curl_global_sslset(curl_sslbackend id,
const char *name,
curl_ssl_backend ***avail);
.fi
.SH DESCRIPTION
This function configures at runtime which SSL backend to use with
libcurl. This function can only be used to select an SSL backend once, and it
must be called \fBbefore\fP \fIcurl_global_init(3)\fP.
The backend can be identified by the \fIid\fP
(e.g. \fBCURLSSLBACKEND_OPENSSL\fP). The backend can also be specified via the
\fIname\fP parameter for a case insensitive match (passing -1 as \fIid\fP). If
both \fIid\fP and \fIname\fP are specified, the \fIname\fP will be ignored.
If neither \fIid\fP nor \fPname\fP are specified, the function will fail with
\fBCURLSSLSET_UNKNOWN_BACKEND\fP and set the \fIavail\fP pointer to the
NULL-terminated list of available backends. The available backends are those
that this particular build of libcurl supports.
Since libcurl 7.60.0, the \fIavail\fP pointer will always be set to the list
of alternatives if non-NULL.
Upon success, the function returns \fBCURLSSLSET_OK\fP.
If the specified SSL backend is not available, the function returns
\fBCURLSSLSET_UNKNOWN_BACKEND\fP and sets the \fIavail\fP pointer to a
NULL-terminated list of available SSL backends. In this case, you may call the
function again to try to select a different backend.
The SSL backend can be set only once. If it has already been set, a subsequent
attempt to change it will result in a \fBCURLSSLSET_TOO_LATE\fP.
This function is thread-safe since libcurl 7.84.0 if
\fIcurl_version_info(3)\fP has the CURL_VERSION_THREADSAFE feature bit set
(most platforms).
If this is not thread-safe, you must not call this function when any other
thread in the program (i.e. a thread sharing the same memory) is running.
This does not just mean no other thread that is using libcurl.
.SH OpenSSL
The name "OpenSSL" is used for all versions of OpenSSL and its associated
forks/flavors in this function. OpenSSL, BoringSSL, libressl, quictls and
AmiSSL are all supported by libcurl, but in the eyes of
\fIcurl_global_sslset(3)\fP they are all just "OpenSSL". They all mostly
provide the same API.
\fIcurl_version_info(3)\fP can return more specific info about the exact
OpenSSL flavor and version number is use.
.SH EXAMPLE
.nf
/* choose a specific backend */
curl_global_sslset(CURLSSLBACKEND_WOLFSSL, NULL, NULL);
/* list the available ones */
const curl_ssl_backend **list;
curl_global_sslset((curl_sslbackend)-1, NULL, &list);
for(i = 0; list[i]; i++)
printf("SSL backend #%d: '%s' (ID: %d)\\n",
i, list[i]->name, list[i]->id);
.fi
.SH AVAILABILITY
This function was added in libcurl 7.56.0. Before this version, there was no
support for choosing SSL backends at runtime.
.SH RETURN VALUE
If this function returns \fICURLSSLSET_OK\fP, the backend was successfully
selected.
If the chosen backend is unknown (or support for the chosen backend has not
been compiled into libcurl), the function returns
\fICURLSSLSET_UNKNOWN_BACKEND\fP.
If the backend had been configured previously, or if \fIcurl_global_init(3)\fP
has already been called, the function returns \fICURLSSLSET_TOO_LATE\fP.
If this libcurl was built completely without SSL support, with no backends at
all, this function returns \fICURLSSLSET_NO_BACKENDS\fP.
.SH "SEE ALSO"
.BR curl_global_init "(3), "
.BR libcurl "(3) "