Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_ISSUERCERT(3)	   curl_easy_setopt options	 CURLOPT_ISSUERCERT(3)

NAME
       CURLOPT_ISSUERCERT - issuer SSL certificate filename

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	  curl_easy_setopt(CURL	  *handle,   CURLOPT_ISSUERCERT,  char
       *file);

DESCRIPTION
       Pass a char * to	a null-terminated string naming	a file	holding	 a  CA
       certificate  in	PEM  format. If	the option is set, an additional check
       against the peer	certificate is performed to verify the issuer  is  in-
       deed  the  one  associated with the certificate provided	by the option.
       This additional check is	useful in multi-level PKI where	one  needs  to
       enforce	that  the  peer	 certificate  is from a	specific branch	of the
       tree.

       This option makes sense only when used in  combination  with  the  CUR-
       LOPT_SSL_VERIFYPEER(3)  option.	Otherwise,  the	result of the check is
       not considered as failure.

       A specific error	code (CURLE_SSL_ISSUER_ERROR) is defined with the  op-
       tion,  which is returned	if the setup of	the SSL/TLS session has	failed
       due to a	mismatch with the issuer of peer certificate (CURLOPT_SSL_VER-
       IFYPEER(3) has to be set	too for	the check to fail). (Added in 7.19.0)

       The  application	 does not have to keep the string around after setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 curl_easy_setopt(curl,	CURLOPT_ISSUERCERT, "/etc/certs/cacert.pem");
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       If built	TLS enabled

RETURN VALUE
       Returns CURLE_OK	if the option is  supported,  CURLE_UNKNOWN_OPTION  if
       not, or CURLE_OUT_OF_MEMORY if there was	insufficient heap space.

SEE ALSO
       CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),

libcurl	7.72.0			 June 25, 2020		 CURLOPT_ISSUERCERT(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_ISSUERCERT&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help