1CURLOPT_ISSUERCERT_BLOB(3) curl_easy_setopt options CURLOPT_ISSUERCERT_BLOB(3)
2
3
4

NAME

6       CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB, struct
12       curl_blob *stblob);
13

DESCRIPTION

15       Pass a pointer to a curl_blob  structure,  which  contains  information
16       (pointer  and  size) about a memory block with binary data of a CA cer‐
17       tificate in PEM format. If the  option  is  set,  an  additional  check
18       against  the  peer  certificate  is  performed  to verify the issuer is
19       indeed the one associated with the certificate provided by the  option.
20       This  additional  check is useful in multi-level PKI where one needs to
21       enforce that the peer certificate is from  a  specific  branch  of  the
22       tree.
23
24       This  option  should  be used in combination with the CURLOPT_SSL_VERI‐
25       FYPEER(3) option. Otherwise, the result of the check is not  considered
26       as failure.
27
28       A  specific  error  code  (CURLE_SSL_ISSUER_ERROR)  is defined with the
29       option, which is returned if the  setup  of  the  SSL/TLS  session  has
30       failed  due  to  a  mismatch  with the issuer of peer certificate (CUR‐
31       LOPT_SSL_VERIFYPEER(3) has to be set too for the check to fail).
32
33       If the blob is initialized with the flags member  of  struct  curl_blob
34       set to CURL_BLOB_COPY, the application does not have to keep the buffer
35       around after setting this.
36
37       This option is an alternative to  CURLOPT_ISSUERCERT(3)  which  instead
38       expects a file name as input.
39

DEFAULT

41       NULL
42

PROTOCOLS

44       All TLS-based protocols
45

EXAMPLE

47       CURL *curl = curl_easy_init();
48       if(curl) {
49         struct curl_blob blob;
50         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
51         blob.data = certificateData;
52         blob.len = filesize;
53         blob.flags = CURL_BLOB_COPY;
54         curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob);
55         ret = curl_easy_perform(curl);
56         curl_easy_cleanup(curl);
57       }
58

AVAILABILITY

60       Added  in libcurl 7.71.0. This option is supported by the OpenSSL back‐
61       ends.
62

RETURN VALUE

64       Returns CURLE_OK if the option is  supported,  CURLE_UNKNOWN_OPTION  if
65       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
66

SEE ALSO

68       CURLOPT_ISSUERCERT(3), CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),
69
70
71
72libcurl 7.71.0                    24 Jun 2020       CURLOPT_ISSUERCERT_BLOB(3)
Impressum