1CURLOPT_CRLFILE(3) curl_easy_setopt options CURLOPT_CRLFILE(3)
2
3
4
6 CURLOPT_CRLFILE - specify a Certificate Revocation List file
7
9 #include <curl/curl.h>
10
11 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file);
12
14 Pass a char * to a null-terminated string naming a file with the con‐
15 catenation of CRL (in PEM format) to use in the certificate validation
16 that occurs during the SSL exchange.
17
18 When curl is built to use NSS or GnuTLS, there is no way to influence
19 the use of CRL passed to help in the verification process.
20
21 When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and
22 X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all
23 the elements of the certificate chain if a CRL file is passed. Also
24 note that CURLOPT_CRLFILE(3) will imply CURLSSLOPT_NO_PARTIALCHAIN (see
25 CURLOPT_SSL_OPTIONS(3)) since curl 7.71.0 due to an OpenSSL bug.
26
27 This option makes sense only when used in combination with the CUR‐
28 LOPT_SSL_VERIFYPEER(3) option.
29
30 A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the op‐
31 tion. It is returned when the SSL exchange fails because the CRL file
32 cannot be loaded. A failure in certificate verification due to a revo‐
33 cation information found in the CRL does not trigger this specific er‐
34 ror.
35
36 The application does not have to keep the string around after setting
37 this option.
38
40 NULL
41
43 All TLS-based protocols
44
46 CURL *curl = curl_easy_init();
47 if(curl) {
48 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
49 curl_easy_setopt(curl, CURLOPT_CRLFILE, "/etc/certs/crl.pem");
50 ret = curl_easy_perform(curl);
51 curl_easy_cleanup(curl);
52 }
53
55 Added in 7.19.0
56
58 Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if
59 not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
60
62 CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3), CUR‐
63 LOPT_PROXY_CRLFILE(3),
64
65
66
67libcurl 7.76.1 November 04, 2020 CURLOPT_CRLFILE(3)