1CURLOPT_PROXY_ISSUERCERT_BLOcBu(r3l)_easy_setopt optCiUoRnLsOPT_PROXY_ISSUERCERT_BLOB(3)
2
3
4

NAME

6       CURLOPT_ISSUERCERT_BLOB - proxy issuer SSL certificate from memory blob
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT_BLOB,
12                                 struct curl_blob *blob);
13

DESCRIPTION

15       Pass  a  pointer  to  a  curl_blob  struct,  which contains information
16       (pointer and size) about a memory block with binary data of a  CA  cer‐
17       tificate  in  PEM  format.  If  the  option is set, an additional check
18       against the peer certificate is performed to verify the issuer  of  the
19       the  HTTPS proxy is indeed the one associated with the certificate pro‐
20       vided by the option. This additional check is useful in multi-level PKI
21       where one needs to enforce that the peer certificate is from a specific
22       branch of the tree.
23
24       This  option  should   be   used   in   combination   with   the   CUR‐
25       LOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the check
26       is not considered as failure.
27
28       A specific error code  (CURLE_SSL_ISSUER_ERROR)  is  defined  with  the
29       option,  which  is  returned  if  the  setup of the SSL/TLS session has
30       failed due to a mismatch with the  issuer  of  peer  certificate  (CUR‐
31       LOPT_PROXY_SSL_VERIFYPEER(3) has to be set too for the check to fail).
32
33       If  the  blob  is initialized with the flags member of struct curl_blob
34       set to CURL_BLOB_COPY, the application does not have to keep the buffer
35       around after setting this.
36
37       This  option  is  an  alternative  to CURLOPT_PROXY_ISSUERCERT(3) which
38       instead expects a file name as input.
39

DEFAULT

41       NULL
42

PROTOCOLS

44       All TLS-based protocols
45

EXAMPLE

47       CURL *curl = curl_easy_init();
48       if(curl) {
49         struct curl_blob blob;
50         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
51         /* using an HTTPS proxy */
52         curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443");
53         blob.data = certificateData;
54         blob.len = filesize;
55         blob.flags = CURL_BLOB_COPY;
56         curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT_BLOB, &blob);
57         ret = curl_easy_perform(curl);
58         curl_easy_cleanup(curl);
59       }
60

AVAILABILITY

62       Added in libcurl 7.71.0. This option is supported by the OpenSSL  back‐
63       ends.
64

RETURN VALUE

66       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
67       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
68

SEE ALSO

70       CURLOPT_PROXY_SSL_VERIFYPEER(3), CURLOPT_PROXY_SSL_VERIFYHOST(3),  CUR‐
71       LOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),
72
73
74
75libcurl 7.71.0                    24 Jun 2020 CURLOPT_PROXY_ISSUERCERT_BLOB(3)
Impressum