1CURLOPT_PROXY_SSL_OPTIONS(3)curl_easy_setopt optionsCURLOPT_PROXY_SSL_OPTIONS(3)
2
3
4

NAME

6       CURLOPT_PROXY_SSL_OPTIONS - set proxy SSL behavior options
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_OPTIONS, long
12       bitmask);
13

DESCRIPTION

15       Pass a long with a bitmask to tell libcurl about  specific  SSL  behav‐
16       iors. Available bits:
17
18       CURLSSLOPT_ALLOW_BEAST
19              Tells  libcurl to not attempt to use any workarounds for a secu‐
20              rity flaw in the SSL3 and  TLS1.0  protocols.   If  this  option
21              isn't  used  or this bit is set to 0, the SSL layer libcurl uses
22              may use a work-around for this  flaw  although  it  might  cause
23              interoperability problems with some (older) SSL implementations.
24              WARNING: avoiding this work-around lessens the security, and  by
25              setting  this option to 1 you ask for exactly that.  This option
26              is only supported for DarwinSSL, NSS and OpenSSL.
27
28       CURLSSLOPT_NO_REVOKE
29              Tells libcurl to disable certificate revocation checks for those
30              SSL backends where such behavior is present. This option is only
31              supported for Schannel (the native Windows SSL library), with an
32              exception in the case of Windows' Untrusted Publishers blacklist
33              which it seems can't be bypassed. (Added in 7.44.0)
34
35       CURLSSLOPT_NO_PARTIALCHAIN
36              Tells libcurl to not accept "partial" certificate chains,  which
37              it  otherwise does by default. This option is only supported for
38              OpenSSL and will fail the certificate verification if the  chain
39              ends  with an intermediate certificate and not with a root cert.
40              (Added in 7.68.0)
41

DEFAULT

43       0
44

PROTOCOLS

46       All TLS-based protocols
47

AVAILABLE

49       Added in 7.52.0
50

EXAMPLE

52       CURL *curl = curl_easy_init();
53       if(curl) {
54         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
55         curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy");
56         /* weaken TLS only for use with silly proxies */
57         curl_easy_setopt(curl, CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
58                          CURLSSLOPT_NO_REVOKE);
59         ret = curl_easy_perform(curl);
60         curl_easy_cleanup(curl);
61       }
62

RETURN VALUE

64       Returns CURLE_OK if the option is supported,  and  CURLE_UNKNOWN_OPTION
65       if not.
66

SEE ALSO

68       CURLOPT_PROXY_SSLVERSION(3),   CURLOPT_PROXY_SSL_CIPHER_LIST(3),   CUR‐
69       LOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),
70
71
72
73libcurl 7.69.1                 January 23, 2020   CURLOPT_PROXY_SSL_OPTIONS(3)
Impressum