mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-06 13:44:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
b7c7dffe35
curl/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.md
Daniel Stenberg e3fe020089
docs/libcurl: generate PROTOCOLS from meta-data 
Remove the PROTOCOLS section from the source files completely and
instead generate them based on the header data in the curldown files.

It also generates TLS backend information for options marked for TLS as
protocol.

Closes #13175
2024-03-23 18:13:03 +01:00

2.0 KiB
Raw Blame History

c SPDX-License-Identifier Title Section Source Protocol See-also TLS-backend
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. curl CURLOPT_CAINFO_BLOB 3 libcurl
TLS
CURLOPT_CAINFO (3)
CURLOPT_CAPATH (3)
CURLOPT_SSL_VERIFYHOST (3)
CURLOPT_SSL_VERIFYPEER (3)
BearSSL
OpenSSL
mbedTLS
rustls
wolfSSL
Secure Transport
Schannel

NAME

CURLOPT_CAINFO_BLOB - Certificate Authority (CA) bundle in PEM format

SYNOPSIS

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO_BLOB,
                          struct curl_blob *stblob);

DESCRIPTION

Pass a pointer to a curl_blob structure, which contains information (pointer and size) about a memory block with binary data of PEM encoded content holding one or more certificates to verify the HTTPS server with.

If the blob is initialized with the flags member of struct curl_blob set to CURL_BLOB_COPY, the application does not have to keep the buffer around after setting this.

If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the server's certificate, CURLOPT_CAINFO_BLOB(3) is not needed.

This option overrides CURLOPT_CAINFO(3).

DEFAULT

NULL

EXAMPLE

#include <string.h>

int main(void)
{
  char *strpem; /* strpem must point to a PEM string */
  CURL *curl = curl_easy_init();
  if(curl) {
    CURLcode res;
    struct curl_blob blob;
    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
    blob.data = strpem;
    blob.len = strlen(strpem);
    blob.flags = CURL_BLOB_COPY;
    curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob);
    res = curl_easy_perform(curl);
    curl_easy_cleanup(curl);
  }
}

AVAILABILITY

Added in 7.77.0.

This option is supported by the BearSSL (since 7.79.0), mbedTLS (since 7.81.0), rustls (since 7.82.0), wolfSSL (since 8.2.0), OpenSSL, Secure Transport and Schannel backends.

RETURN VALUE

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.