Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_CRLFILE(3)	   curl_easy_setopt options	    CURLOPT_CRLFILE(3)

NAME
       CURLOPT_CRLFILE - specify a Certificate Revocation List file

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE,	char *file);

DESCRIPTION
       Pass  a	char * to a null-terminated string naming a file with the con-
       catenation of CRL (in PEM format) to use	in the certificate  validation
       that occurs during the SSL exchange.

       When  curl  is built to use NSS or GnuTLS, there	is no way to influence
       the use of CRL passed to	help in	the verification process.

       When libcurl is built with OpenSSL support,  X509_V_FLAG_CRL_CHECK  and
       X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all
       the elements of the certificate chain if	a CRL  file  is	 passed.  Also
       note that CURLOPT_CRLFILE(3) will imply CURLSSLOPT_NO_PARTIALCHAIN (see
       CURLOPT_SSL_OPTIONS(3)) since curl 7.71.0 due to	an OpenSSL bug.

       This option makes sense only when used in  combination  with  the  CUR-
       LOPT_SSL_VERIFYPEER(3) option.

       A  specific  error code (CURLE_SSL_CRL_BADFILE) is defined with the op-
       tion. It	is returned when the SSL exchange fails	because	the  CRL  file
       cannot be loaded.  A failure in certificate verification	due to a revo-
       cation information found	in the CRL does	not trigger this specific  er-
       ror.

       The  application	 does not have to keep the string around after setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 curl_easy_setopt(curl,	CURLOPT_CRLFILE, "/etc/certs/crl.pem");
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in	7.19.0

RETURN VALUE
       Returns CURLE_OK	if the option is  supported,  CURLE_UNKNOWN_OPTION  if
       not, or CURLE_OUT_OF_MEMORY if there was	insufficient heap space.

SEE ALSO
       CURLOPT_SSL_VERIFYPEER(3),	 CURLOPT_SSL_VERIFYHOST(3),	  CUR-
       LOPT_PROXY_CRLFILE(3),

libcurl	7.72.0			 June 25, 2020		    CURLOPT_CRLFILE(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_CRLFILE&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help