Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_PROXY_ISSUERCERT(3)curl_easy_setopt optionsCURLOPT_PROXY_ISSUERCERT(3)

NAME
       CURLOPT_PROXY_ISSUERCERT	- proxy	issuer SSL certificate filename

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	 curl_easy_setopt(CURL *handle,	CURLOPT_PROXY_ISSUERCERT, char
       *file);

DESCRIPTION
       Pass a char * to	a null-terminated string naming	a file	holding	 a  CA
       certificate  in	PEM  format. If	the option is set, an additional check
       against the peer	certificate is performed to verify the issuer  of  the
       the  HTTPS proxy	is indeed the one associated with the certificate pro-
       vided by	the option.  This additional check is  useful  in  multi-level
       PKI where one needs to enforce that the peer certificate	is from	a spe-
       cific branch of the tree.

       This option makes sense only when used in  combination  with  the  CUR-
       LOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the check
       is not considered as failure.

       A specific error	code (CURLE_SSL_ISSUER_ERROR) is defined with the  op-
       tion,  which is returned	if the setup of	the SSL/TLS session has	failed
       due  to	a  mismatch  with  the	issuer	of  peer   certificate	 (CUR-
       LOPT_PROXY_SSL_VERIFYPEER(3) has	to be set too for the check to fail).

       The  application	 does not have to keep the string around after setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 /* using an HTTPS proxy */
	 curl_easy_setopt(curl,	CURLOPT_PROXY, "https://localhost:443");
	 curl_easy_setopt(curl,	CURLOPT_PROXY_ISSUERCERT, "/etc/certs/cacert.pem");
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in	libcurl	7.71.0.	This option is supported by the	OpenSSL	 back-
       ends.

RETURN VALUE
       Returns	CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
       not, or CURLE_OUT_OF_MEMORY if there was	insufficient heap space.

SEE ALSO
       CURLOPT_PROXY_SSL_VERIFYPEER(3),	CURLOPT_PROXY_SSL_VERIFYHOST(3),  CUR-
       LOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),

libcurl	7.72.0			 June 25, 2020	   CURLOPT_PROXY_ISSUERCERT(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_PROXY_ISSUERCERT&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help