1CURLOPT_ISSUERCERT(3)      curl_easy_setopt options      CURLOPT_ISSUERCERT(3)
2
3
4

NAME

6       CURLOPT_ISSUERCERT - issuer SSL certificate filename
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode   curl_easy_setopt(CURL   *handle,   CURLOPT_ISSUERCERT,  char
12       *file);
13

DESCRIPTION

15       Pass a char * to a zero terminated string naming a file  holding  a  CA
16       certificate  in  PEM  format. If the option is set, an additional check
17       against the peer certificate is  performed  to  verify  the  issuer  is
18       indeed  the one associated with the certificate provided by the option.
19       This additional check is useful in multi-level PKI where one  needs  to
20       enforce  that  the  peer  certificate  is from a specific branch of the
21       tree.
22
23       This option makes sense only when used in  combination  with  the  CUR‐
24       LOPT_SSL_VERIFYPEER(3)  option.  Otherwise,  the result of the check is
25       not considered as failure.
26
27       A specific error code  (CURLE_SSL_ISSUER_ERROR)  is  defined  with  the
28       option,  which  is  returned  if  the  setup of the SSL/TLS session has
29       failed due to a mismatch with the  issuer  of  peer  certificate  (CUR‐
30       LOPT_SSL_VERIFYPEER(3) has to be set too for the check to fail). (Added
31       in 7.19.0)
32
33       The application does not have to keep the string around  after  setting
34       this option.
35

DEFAULT

37       NULL
38

PROTOCOLS

40       All TLS-based protocols
41

EXAMPLE

43       CURL *curl = curl_easy_init();
44       if(curl) {
45         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
46         curl_easy_setopt(curl, CURLOPT_ISSUERCERT, "/etc/certs/cacert.pem");
47         ret = curl_easy_perform(curl);
48         curl_easy_cleanup(curl);
49       }
50

AVAILABILITY

52       If built TLS enabled
53

RETURN VALUE

55       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
56       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
57

SEE ALSO

59       CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),
60
61
62
63libcurl 7.66.0                   May 31, 2017            CURLOPT_ISSUERCERT(3)
Impressum