Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_CAINFO(3)	   curl_easy_setopt options	     CURLOPT_CAINFO(3)

NAME
       CURLOPT_CAINFO -	path to	Certificate Authority (CA) bundle

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_CAINFO, char *path);

DESCRIPTION
       Pass  a char * to a zero	terminated string naming a file	holding	one or
       more certificates to verify the peer with.

       If CURLOPT_SSL_VERIFYPEER(3)  is	 zero  and  you	 avoid	verifying  the
       server's	 certificate,  CURLOPT_CAINFO(3) need not even indicate	an ac-
       cessible	file.

       This option is by default set to	the system path	where libcurl's	cacert
       bundle is assumed to be stored, as established at build time.

       If  curl	is built against the NSS SSL library, the NSS PEM PKCS#11 mod-
       ule (libnsspem.so) needs	to be available	for this option	to work	 prop-
       erly.   Starting	 with  curl-7.55.0, if both CURLOPT_CAINFO(3) and CUR-
       LOPT_CAPATH(3) are unset, NSS-linked  libcurl  tries  to	 load  libnss-
       ckbi.so,	 which	contains a more	comprehensive set of trust information
       than supported by nss-pem, because libnssckbi.so	also includes informa-
       tion about distrusted certificates.

       (iOS  and  macOS	 only) If curl is built	against	Secure Transport, then
       this option is supported	for backward compatibility with	other SSL  en-
       gines,  but  it	should not be set. If the option is not	set, then curl
       will use	the certificates in the	system and user	Keychain to verify the
       peer, which is the preferred method of verifying	the peer's certificate
       chain.

       The application does not	have to	keep the string	around	after  setting
       this option.

DEFAULT
       Built-in	system specific

PROTOCOLS
       All TLS based protocols:	HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 curl_easy_setopt(curl,	CURLOPT_CAINFO,	"/etc/certs/cabundle.pem");
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       For SSL engines that don't support certificate files the	CURLOPT_CAINFO
       option is ignored. Refer	to https://curl.haxx.se/docs/ssl-compared.html

RETURN VALUE
       Returns CURLE_OK	if the option is  supported,  CURLE_UNKNOWN_OPTION  if
       not, or CURLE_OUT_OF_MEMORY if there was	insufficient heap space.

SEE ALSO
       CURLOPT_CAPATH(3),    CURLOPT_SSL_VERIFYPEER(3),	   CURLOPT_SSL_VERIFY-
       HOST(3),

libcurl	7.54.1			 May 27, 2017		     CURLOPT_CAINFO(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_CAINFO&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help