CURLOPT_PROXY_SSL_OPTIONS(3)

1CURLOPT_PROXY_SSL_OPTIONS(3)curl_easy_setopt optionsCURLOPT_PROXY_SSL_OPTIONS(3)
2
3
4

NAME

6       CURLOPT_PROXY_SSL_OPTIONS - HTTPS proxy SSL behavior options
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_OPTIONS, long
12       bitmask);
13

DESCRIPTION

15       Pass a long with a bitmask to tell libcurl about  specific  SSL  behav‐
16       iors. Available bits:
17
18       CURLSSLOPT_ALLOW_BEAST
19              Tells  libcurl to not attempt to use any workarounds for a secu‐
20              rity flaw in the SSL3 and  TLS1.0  protocols.   If  this  option
21              isn't  used  or this bit is set to 0, the SSL layer libcurl uses
22              may use a work-around for this flaw although it might cause  in‐
23              teroperability  problems  with some (older) SSL implementations.
24              WARNING: avoiding this work-around lessens the security, and  by
25              setting  this option to 1 you ask for exactly that.  This option
26              is only supported for Secure Transport, NSS and OpenSSL.
27
28       CURLSSLOPT_NO_REVOKE
29              Tells libcurl to disable certificate revocation checks for those
30              SSL backends where such behavior is present. This option is only
31              supported for Schannel (the native Windows SSL library), with an
32              exception  in  the  case  of Windows' Untrusted Publishers block
33              list which it seems can't be bypassed. (Added in 7.44.0)
34
35       CURLSSLOPT_NO_PARTIALCHAIN
36              Tells libcurl to not accept "partial" certificate chains,  which
37              it  otherwise does by default. This option is only supported for
38              OpenSSL and will fail the certificate verification if the  chain
39              ends  with an intermediate certificate and not with a root cert.
40              (Added in 7.68.0)
41
42       CURLSSLOPT_REVOKE_BEST_EFFORT
43              Tells libcurl to ignore certificate revocation checks in case of
44              missing  or  offline  distribution points for those SSL backends
45              where such behavior is present. This option  is  only  supported
46              for  Schannel (the native Windows SSL library). If combined with
47              CURLSSLOPT_NO_REVOKE, the latter  takes  precedence.  (Added  in
48              7.70.0)
49
50       CURLSSLOPT_AUTO_CLIENT_CERT
51              Tell  libcurl  to automatically locate and use a client certifi‐
52              cate for authentication, when requested by the server. This  op‐
53              tion  is only supported for Schannel (the native Windows SSL li‐
54              brary). Prior to 7.77.0 this was the default behavior in libcurl
55              with Schannel. Since the server can request any certificate that
56              supports client authentication in the OS  certificate  store  it
57              could be a privacy violation and unexpected.  (Added in 7.77.0)
58

DEFAULT

60       0
61

PROTOCOLS

63       All TLS-based protocols
64

EXAMPLE

66       CURL *curl = curl_easy_init();
67       if(curl) {
68         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
69         curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy");
70         /* weaken TLS only for use with silly proxies */
71         curl_easy_setopt(curl, CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
72                          CURLSSLOPT_NO_REVOKE);
73         ret = curl_easy_perform(curl);
74         curl_easy_cleanup(curl);
75       }
76

AVAILABILITY

78       Added in 7.52.0
79

RETURN VALUE

81       Returns  CURLE_OK  if the option is supported, and CURLE_UNKNOWN_OPTION
82       if not.
83