Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_SSL_OPTIONS(3)	   curl_easy_setopt options	CURLOPT_SSL_OPTIONS(3)

NAME
       CURLOPT_SSL_OPTIONS - set SSL behavior options

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	 curl_easy_setopt(CURL *handle,	CURLOPT_SSL_OPTIONS, long bit-
       mask);

DESCRIPTION
       Pass a long with	a bitmask to tell libcurl about	 specific  SSL	behav-
       iors. Available bits:

       CURLSSLOPT_ALLOW_BEAST
	      Tells  libcurl to	not attempt to use any workarounds for a secu-
	      rity flaw	in the SSL3 and	 TLS1.0	 protocols.   If  this	option
	      isn't  used  or this bit is set to 0, the	SSL layer libcurl uses
	      may use a	work-around for	this flaw although it might cause  in-
	      teroperability  problems	with some (older) SSL implementations.
	      WARNING: avoiding	this work-around lessens the security, and  by
	      setting  this option to 1	you ask	for exactly that.  This	option
	      is only supported	for Secure Transport, NSS and OpenSSL.

       CURLSSLOPT_NO_REVOKE
	      Tells libcurl to disable certificate revocation checks for those
	      SSL backends where such behavior is present. This	option is only
	      supported	for Schannel (the native Windows SSL library), with an
	      exception	 in  the  case	of Windows' Untrusted Publishers block
	      list which it seems can't	be bypassed. (Added in 7.44.0)

       CURLSSLOPT_NO_PARTIALCHAIN
	      Tells libcurl to not accept "partial" certificate	chains,	 which
	      it  otherwise does by default. This option is only supported for
	      OpenSSL and will fail the	certificate verification if the	 chain
	      ends  with an intermediate certificate and not with a root cert.
	      (Added in	7.68.0)

       CURLSSLOPT_REVOKE_BEST_EFFORT
	      Tells libcurl to ignore certificate revocation checks in case of
	      missing  or  offline  distribution points	for those SSL backends
	      where such behavior is present. This option  is  only  supported
	      for  Schannel (the native	Windows	SSL library). If combined with
	      CURLSSLOPT_NO_REVOKE, the	latter	takes  precedence.  (Added  in
	      7.70.0)

       CURLSSLOPT_NATIVE_CA
	      Tell  libcurl  to	use the	operating system's native CA store for
	      certificate verification.	Works only on Windows  when  built  to
	      use OpenSSL. This	option is experimental and behavior is subject
	      to change.  (Added in 7.71.0)

DEFAULT
       0

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 /* weaken TLS only for	use with silly servers */
	 curl_easy_setopt(curl,	CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
			  CURLSSLOPT_NO_REVOKE);
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in	7.25.0

RETURN VALUE
       Returns CURLE_OK	if the option is supported,  and  CURLE_UNKNOWN_OPTION
       if not.

SEE ALSO
       CURLOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),

libcurl	7.72.0			 July 16, 2020		CURLOPT_SSL_OPTIONS(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_SSL_OPTIONS&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help