1CURLOPT_SSL_CTX_FUNCTION(3)curl_easy_setopt optionsCURLOPT_SSL_CTX_FUNCTION(3)
2
3
4
6 CURLOPT_SSL_CTX_FUNCTION - SSL context callback for OpenSSL, wolfSSL or
7 mbedTLS
8
10 #include <curl/curl.h>
11
12 CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
13
14 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
15 ssl_ctx_callback);
16
18 This option only works for libcurl powered by OpenSSL, wolfSSL or
19 mbedTLS. If libcurl was built against another SSL library this func‐
20 tionality is absent.
21
22 Pass a pointer to your callback function, which should match the proto‐
23 type shown above.
24
25 This callback function gets called by libcurl just before the initial‐
26 ization of an SSL connection after having processed all other SSL
27 related options to give a last chance to an application to modify the
28 behavior of the SSL initialization. The ssl_ctx parameter is actually a
29 pointer to the SSL library's SSL_CTX for OpenSSL or wolfSSL, and a
30 pointer to mbedtls_ssl_config for mbedTLS. If an error is returned from
31 the callback no attempt to establish a connection is made and the per‐
32 form operation will return the callback's error code. Set the userptr
33 argument with the CURLOPT_SSL_CTX_DATA(3) option.
34
35 This function will get called on all new connections made to a server,
36 during the SSL negotiation. The ssl_ctx will point to a newly initial‐
37 ized object each time, but note the pointer may be the same as from a
38 prior call.
39
40 To use this properly, a non-trivial amount of knowledge of your SSL
41 library is necessary. For example, you can use this function to call
42 library-specific callbacks to add additional validation code for cer‐
43 tificates, and even to change the actual URI of an HTTPS request.
44
45 WARNING: The CURLOPT_SSL_CTX_FUNCTION(3) callback allows the applica‐
46 tion to reach in and modify SSL details in the connection without
47 libcurl itself knowing anything about it, which then subsequently can
48 lead to libcurl unknowingly reusing SSL connections with different
49 properties. To remedy this you may set CURLOPT_FORBID_REUSE(3) from the
50 callback function.
51
53 NULL
54
56 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
57
59 See cacertinmem.c in docs/examples directory for usage example.
60
61 https://curl.haxx.se/libcurl/c/cacertinmem.html
62
64 Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
65 mbedTLS. Other SSL backends are not supported.
66
68 CURLE_OK if supported; or an error such as:
69
70 CURLE_NOT_BUILT_IN - Not supported by the SSL backend
71
72 CURLE_UNKNOWN_OPTION
73
75 CURLOPT_SSL_CTX_DATA(3), CURLOPT_SSL_VERIFYPEER(3),
76
77
78
79libcurl 7.71.1 June 02, 2019 CURLOPT_SSL_CTX_FUNCTION(3)