1CURLOPT_ISSUERCERT_BLOB(3) curl_easy_setopt options CURLOPT_ISSUERCERT_BLOB(3)
2
3
4

NAME

6       CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB, struct
12       curl_blob *stblob);
13

DESCRIPTION

15       Pass a pointer to a curl_blob  structure,  which  contains  information
16       (pointer  and  size) about a memory block with binary data of a CA cer‐
17       tificate in PEM format. If the  option  is  set,  an  additional  check
18       against  the  peer certificate is performed to verify the issuer is in‐
19       deed the one associated with the certificate provided  by  the  option.
20       This  additional  check is useful in multi-level PKI where one needs to
21       enforce that the peer certificate is from  a  specific  branch  of  the
22       tree.
23
24       This  option  should  be used in combination with the CURLOPT_SSL_VERI‐
25       FYPEER(3) option. Otherwise, the result of the check is not  considered
26       as failure.
27
28       A  specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the op‐
29       tion, which is returned if the setup of the SSL/TLS session has  failed
30       due to a mismatch with the issuer of peer certificate (CURLOPT_SSL_VER‐
31       IFYPEER(3) has to be set too for the check to fail).
32
33       If the blob is initialized with the flags member  of  struct  curl_blob
34       set to CURL_BLOB_COPY, the application does not have to keep the buffer
35       around after setting this.
36
37       This option is an alternative to  CURLOPT_ISSUERCERT(3)  which  instead
38       expects a file name as input.
39

DEFAULT

41       NULL
42

PROTOCOLS

44       All TLS-based protocols
45

EXAMPLE

47       CURL *curl = curl_easy_init();
48       if(curl) {
49         struct curl_blob blob;
50         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
51         blob.data = certificateData;
52         blob.len = filesize;
53         blob.flags = CURL_BLOB_COPY;
54         curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob);
55         ret = curl_easy_perform(curl);
56         curl_easy_cleanup(curl);
57       }
58

AVAILABILITY

60       Added  in libcurl 7.71.0. This option is supported by the OpenSSL back‐
61       ends.
62

RETURN VALUE

64       Returns CURLE_OK if the option is  supported,  CURLE_UNKNOWN_OPTION  if
65       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
66

SEE ALSO

68       CURLOPT_ISSUERCERT(3), CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),
69
70
71
72libcurl 7.79.1                 November 04, 2020    CURLOPT_ISSUERCERT_BLOB(3)
Impressum