1CURLOPT_PROXY_ISSUERCERT(3)curl_easy_setopt optionsCURLOPT_PROXY_ISSUERCERT(3)
2
3
4

NAME

6       CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode  curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT, char
12       *file);
13

DESCRIPTION

15       Pass a char * to a null-terminated string naming a file  holding  a  CA
16       certificate  in  PEM  format. If the option is set, an additional check
17       against the peer certificate is performed to verify the issuer  of  the
18       the  HTTPS proxy is indeed the one associated with the certificate pro‐
19       vided by the option.  This additional check is  useful  in  multi-level
20       PKI where one needs to enforce that the peer certificate is from a spe‐
21       cific branch of the tree.
22
23       This option makes sense only when used in  combination  with  the  CUR‐
24       LOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the check
25       is not considered as failure.
26
27       A specific error code  (CURLE_SSL_ISSUER_ERROR)  is  defined  with  the
28       option,  which  is  returned  if  the  setup of the SSL/TLS session has
29       failed due to a mismatch with the  issuer  of  peer  certificate  (CUR‐
30       LOPT_PROXY_SSL_VERIFYPEER(3) has to be set too for the check to fail).
31
32       The  application  does not have to keep the string around after setting
33       this option.
34

DEFAULT

36       NULL
37

PROTOCOLS

39       All TLS-based protocols
40

EXAMPLE

42       CURL *curl = curl_easy_init();
43       if(curl) {
44         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
45         /* using an HTTPS proxy */
46         curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443");
47         curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT, "/etc/certs/cacert.pem");
48         ret = curl_easy_perform(curl);
49         curl_easy_cleanup(curl);
50       }
51

AVAILABILITY

53       Added in libcurl 7.71.0. This option is supported by the OpenSSL  back‐
54       ends.
55

RETURN VALUE

57       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
58       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
59

SEE ALSO

61       CURLOPT_PROXY_SSL_VERIFYPEER(3), CURLOPT_PROXY_SSL_VERIFYHOST(3),  CUR‐
62       LOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),
63
64
65
66libcurl 7.71.1                   June 25, 2020     CURLOPT_PROXY_ISSUERCERT(3)
Impressum