Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_SSL_OPTIONS(3)	   curl_easy_setopt options	CURLOPT_SSL_OPTIONS(3)

NAME
       CURLOPT_SSL_OPTIONS - SSL behavior options

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask);

DESCRIPTION
       Pass  a	long  with a bitmask to	tell libcurl about specific SSL	behav-
       iors. Available bits:

       CURLSSLOPT_ALLOW_BEAST
	      Tells libcurl to not attempt to use any workarounds for a	 secu-
	      rity  flaw  in the SSL3 and TLS1.0 protocols.  If	this option is
	      not used or this bit is set to 0,	the SSL	layer libcurl uses may
	      use a work-around	for this flaw although it might	cause interop-
	      erability	problems with some (older) SSL implementations.	 WARN-
	      ING: avoiding this work-around lessens the security, and by set-
	      ting this	option to 1 you	ask for	exactly	that.  This option  is
	      only supported for Secure	Transport, NSS and OpenSSL.

       CURLSSLOPT_NO_REVOKE
	      Tells libcurl to disable certificate revocation checks for those
	      SSL backends where such behavior is present. This	option is only
	      supported	for Schannel (the native Windows SSL library), with an
	      exception	in the case of	Windows'  Untrusted  Publishers	 block
	      list which it seems cannot be bypassed. (Added in	7.44.0)

       CURLSSLOPT_NO_PARTIALCHAIN
	      Tells  libcurl to	not accept "partial" certificate chains, which
	      it otherwise does	by default. This option	is only	supported  for
	      OpenSSL  and will	fail the certificate verification if the chain
	      ends with	an intermediate	certificate and	not with a root	 cert.
	      (Added in	7.68.0)

       CURLSSLOPT_REVOKE_BEST_EFFORT
	      Tells libcurl to ignore certificate revocation checks in case of
	      missing or offline distribution points for  those	 SSL  backends
	      where  such  behavior  is	present. This option is	only supported
	      for Schannel (the	native Windows SSL library). If	combined  with
	      CURLSSLOPT_NO_REVOKE,  the  latter  takes	 precedence. (Added in
	      7.70.0)

       CURLSSLOPT_NATIVE_CA
	      Tell libcurl to use the operating	system's native	CA  store  for
	      certificate  verification.  Works	 only on Windows when built to
	      use OpenSSL. This	option is experimental and behavior is subject
	      to change.  (Added in 7.71.0)

       CURLSSLOPT_AUTO_CLIENT_CERT
	      Tell  libcurl  to	automatically locate and use a client certifi-
	      cate for authentication, when requested by the server. This  op-
	      tion  is only supported for Schannel (the	native Windows SSL li-
	      brary). Prior to 7.77.0 this was the default behavior in libcurl
	      with Schannel. Since the server can request any certificate that
	      supports client authentication in	the OS	certificate  store  it
	      could be a privacy violation and unexpected.  (Added in 7.77.0)

DEFAULT
       0

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl)	{
	 curl_easy_setopt(curl,	CURLOPT_URL, "https://example.com/");
	 /* weaken TLS only for	use with silly servers */
	 curl_easy_setopt(curl,	CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
			  CURLSSLOPT_NO_REVOKE);
	 ret = curl_easy_perform(curl);
	 curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in	7.25.0

RETURN VALUE
       Returns	CURLE_OK  if the option	is supported, and CURLE_UNKNOWN_OPTION
       if not.

SEE ALSO
       CURLOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),

libcurl	7.82.0		       November	26, 2021	CURLOPT_SSL_OPTIONS(3)

NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=CURLOPT_SSL_OPTIONS&sektion=3&manpath=FreeBSD+13.1-RELEASE+and+Ports>

home | help