mirror of
https://github.com/curl/curl.git
synced 2024-12-15 06:40:09 +08:00
deb9462ff2
Remove support for, references to and use of "cyaSSL" from the source and docs. wolfSSL is the current name and there's no point in keeping references to ancient history. Assisted-by: Daniel Gustafsson Closes #3903
125 lines
4.2 KiB
Groff
125 lines
4.2 KiB
Groff
.\" **************************************************************************
|
|
.\" * _ _ ____ _
|
|
.\" * Project ___| | | | _ \| |
|
|
.\" * / __| | | | |_) | |
|
|
.\" * | (__| |_| | _ <| |___
|
|
.\" * \___|\___/|_| \_\_____|
|
|
.\" *
|
|
.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
.\" *
|
|
.\" * This software is licensed as described in the file COPYING, which
|
|
.\" * you should have received as part of this distribution. The terms
|
|
.\" * are also available at https://curl.haxx.se/docs/copyright.html.
|
|
.\" *
|
|
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
.\" * copies of the Software, and permit persons to whom the Software is
|
|
.\" * furnished to do so, under the terms of the COPYING file.
|
|
.\" *
|
|
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
.\" * KIND, either express or implied.
|
|
.\" *
|
|
.\" **************************************************************************
|
|
.\"
|
|
.TH CURLOPT_SSL_CTX_DATA 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
|
|
.SH NAME
|
|
CURLOPT_SSL_CTX_DATA \- custom pointer passed to ssl_ctx callback
|
|
.SH SYNOPSIS
|
|
#include <curl/curl.h>
|
|
|
|
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
|
|
.SH DESCRIPTION
|
|
Data \fIpointer\fP to pass to the ssl context callback set by the option
|
|
\fICURLOPT_SSL_CTX_FUNCTION(3)\fP, this is the pointer you'll get as third
|
|
parameter.
|
|
.SH DEFAULT
|
|
NULL
|
|
.SH PROTOCOLS
|
|
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
|
|
.SH EXAMPLE
|
|
.nf
|
|
/* OpenSSL specific */
|
|
|
|
#include <openssl/ssl.h>
|
|
#include <curl/curl.h>
|
|
#include <stdio.h>
|
|
|
|
static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
|
|
{
|
|
X509_STORE *store;
|
|
X509 *cert=NULL;
|
|
BIO *bio;
|
|
char *mypem = (char *)parm;
|
|
/* get a BIO */
|
|
bio=BIO_new_mem_buf(mypem, -1);
|
|
/* use it to read the PEM formatted certificate from memory into an
|
|
* X509 structure that SSL can use
|
|
*/
|
|
PEM_read_bio_X509(bio, &cert, 0, NULL);
|
|
if(cert == NULL)
|
|
printf("PEM_read_bio_X509 failed...\\n");
|
|
|
|
/* get a pointer to the X509 certificate store (which may be empty) */
|
|
store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
|
|
|
|
/* add our certificate to this store */
|
|
if(X509_STORE_add_cert(store, cert)==0)
|
|
printf("error adding certificate\\n");
|
|
|
|
/* decrease reference counts */
|
|
X509_free(cert);
|
|
BIO_free(bio);
|
|
|
|
/* all set to go */
|
|
return CURLE_OK;
|
|
}
|
|
|
|
int main(void)
|
|
{
|
|
CURL * ch;
|
|
CURLcode rv;
|
|
char *mypem = /* example CA cert PEM - shortened */
|
|
"-----BEGIN CERTIFICATE-----\\n"
|
|
"MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\\n"
|
|
"IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\\n"
|
|
"IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\\n"
|
|
"Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\\n"
|
|
"GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\\n"
|
|
"zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\\n"
|
|
"omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\\n"
|
|
"-----END CERTIFICATE-----\\n";
|
|
|
|
rv=curl_global_init(CURL_GLOBAL_ALL);
|
|
ch=curl_easy_init();
|
|
rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
|
|
rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
|
|
rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
|
|
|
|
/* Retrieve page using cacerts' certificate -> will succeed
|
|
* load the certificate by installing a function doing the necessary
|
|
* "modifications" to the SSL CONTEXT just before link init
|
|
*/
|
|
rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
|
|
rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
|
|
rv=curl_easy_perform(ch);
|
|
if(rv==CURLE_OK)
|
|
printf("*** transfer succeeded ***\\n");
|
|
else
|
|
printf("*** transfer failed ***\\n");
|
|
|
|
curl_easy_cleanup(ch);
|
|
curl_global_cleanup();
|
|
return rv;
|
|
}
|
|
.fi
|
|
.SH AVAILABILITY
|
|
Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
|
|
mbedTLS. Other SSL backends are not supported.
|
|
.SH RETURN VALUE
|
|
CURLE_OK if supported; or an error such as:
|
|
|
|
CURLE_NOT_BUILT_IN - Not supported by the SSL backend
|
|
|
|
CURLE_UNKNOWN_OPTION
|
|
.SH "SEE ALSO"
|
|
.BR CURLOPT_SSL_CTX_FUNCTION "(3), " CURLOPT_SSLVERSION "(3), "
|