Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_CAINFO(3)	   curl_easy_setopt options	     CURLOPT_CAINFO(3)

NAME
       CURLOPT_CAINFO -	path to	Certificate Authority (CA) bundle

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_CAINFO, char *path);

DESCRIPTION
       Pass  a char * to a null-terminated string naming a file	holding	one or
       more certificates to verify the peer with.

       If CURLOPT_SSL_VERIFYPEER(3)  is	 zero  and  you	 avoid	verifying  the
       server's	 certificate,  CURLOPT_CAINFO(3) need not even indicate	an ac-
       cessible	file.

       This option is by default set to	the system path	where libcurl's	cacert
       bundle is assumed to be stored, as established at build time.

       If  curl	is built against the NSS SSL library, the NSS PEM PKCS#11 mod-
       ule (libnsspem.so) needs	to be available	for this option	to work	 prop-
       erly.   Starting	 with  curl-7.55.0, if both CURLOPT_CAINFO(3) and CUR-
       LOPT_CAPATH(3) are unset, NSS-linked  libcurl  tries  to	 load  libnss-
       ckbi.so,	 which	contains a more	comprehensive set of trust information
       than supported by nss-pem, because libnssckbi.so	also includes informa-
       tion about distrusted certificates.

       (iOS  and  macOS)  When	curl uses Secure Transport this	option is sup-
       ported. If the option is	not set, then curl will	use  the  certificates
       in the system and user Keychain to verify the peer.

       (Schannel)  This	option is supported for	Schannel in Windows 7 or later
       but we recommend	not using it until Windows 8  since  it	 works	better
       starting	 then.	 If the	option is not set, then	curl will use the cer-
       tificates in the	Windows' store of root certificates (the  default  for
       Schannel).

       The  application	 does not have to keep the string around after setting
       this option.

DEFAULT
       Built-in	system specific. When curl is built with Secure	 Transport  or
       Schannel, this option is	not set	by default.

PROTOCOLS
       All TLS based protocols:	HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 curl_easy_setopt(curl,	CURLOPT_CAINFO,	"/etc/certs/cabundle.pem");
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       For  the	 SSL  engines  that  don't  support certificate	files the CUR-
       LOPT_CAINFO option is ignored. Schannel support added in	libcurl	7.60.

RETURN VALUE
       Returns CURLE_OK	if the option is  supported,  CURLE_UNKNOWN_OPTION  if
       not, or CURLE_OUT_OF_MEMORY if there was	insufficient heap space.

SEE ALSO
       CURLOPT_CAPATH(3),    CURLOPT_SSL_VERIFYPEER(3),	   CURLOPT_SSL_VERIFY-
       HOST(3),

libcurl	7.72.0			 June 25, 2020		     CURLOPT_CAINFO(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_CAINFO&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help