Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_PROXY_SSL_OPTIONS(3curl_easy_setopt optionCURLOPT_PROXY_SSL_OPTIONS(3)

NAME
       CURLOPT_PROXY_SSL_OPTIONS - set proxy SSL behavior options

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_OPTIONS, long
       bitmask);

DESCRIPTION
       Pass a long with	a bitmask to tell libcurl about	 specific  SSL	behav-
       iors. Available bits:

       CURLSSLOPT_ALLOW_BEAST
	      Tells  libcurl to	not attempt to use any workarounds for a secu-
	      rity flaw	in the SSL3 and	 TLS1.0	 protocols.   If  this	option
	      isn't  used  or this bit is set to 0, the	SSL layer libcurl uses
	      may use a	work-around for	this flaw although it might cause  in-
	      teroperability  problems	with some (older) SSL implementations.
	      WARNING: avoiding	this work-around lessens the security, and  by
	      setting  this option to 1	you ask	for exactly that.  This	option
	      is only supported	for Secure Transport, NSS and OpenSSL.

       CURLSSLOPT_NO_REVOKE
	      Tells libcurl to disable certificate revocation checks for those
	      SSL backends where such behavior is present. This	option is only
	      supported	for Schannel (the native Windows SSL library), with an
	      exception	 in  the  case	of Windows' Untrusted Publishers block
	      list which it seems can't	be bypassed. (Added in 7.44.0)

       CURLSSLOPT_NO_PARTIALCHAIN
	      Tells libcurl to not accept "partial" certificate	chains,	 which
	      it  otherwise does by default. This option is only supported for
	      OpenSSL and will fail the	certificate verification if the	 chain
	      ends  with an intermediate certificate and not with a root cert.
	      (Added in	7.68.0)

       CURLSSLOPT_REVOKE_BEST_EFFORT
	      Tells libcurl to ignore certificate revocation checks in case of
	      missing  or  offline  distribution points	for those SSL backends
	      where such behavior is present. This option  is  only  supported
	      for  Schannel (the native	Windows	SSL library). If combined with
	      CURLSSLOPT_NO_REVOKE, the	latter	takes  precedence.  (Added  in
	      7.70.0)

DEFAULT
       0

PROTOCOLS
       All TLS-based protocols

AVAILABLE
       Added in	7.52.0

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 curl_easy_setopt(curl,	CURLOPT_PROXY, "https://proxy");
	 /* weaken TLS only for	use with silly proxies */
	 curl_easy_setopt(curl,	CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
			  CURLSSLOPT_NO_REVOKE);
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

RETURN VALUE
       Returns	CURLE_OK  if the option	is supported, and CURLE_UNKNOWN_OPTION
       if not.

SEE ALSO
       CURLOPT_PROXY_SSLVERSION(3),   CURLOPT_PROXY_SSL_CIPHER_LIST(3),	  CUR-
       LOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),

libcurl	7.72.0			 July 16, 2020	  CURLOPT_PROXY_SSL_OPTIONS(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | AVAILABLE | EXAMPLE | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_PROXY_SSL_OPTIONS&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help