CURLOPT_SSL_CTX_DATA(3)

1CURLOPT_SSL_CTX_DATA(3)    curl_easy_setopt options    CURLOPT_SSL_CTX_DATA(3)
2
3
4

NAME

6       CURLOPT_SSL_CTX_DATA - pointer passed to ssl_ctx callback
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
12

DESCRIPTION

14       Data pointer to pass to the ssl context callback set by the option CUR‐
15       LOPT_SSL_CTX_FUNCTION(3), this is the pointer you will get as third pa‐
16       rameter.
17

DEFAULT

19       NULL
20

PROTOCOLS

22       All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
23

EXAMPLE

25       /* OpenSSL specific */
26
27       #include <openssl/ssl.h>
28       #include <curl/curl.h>
29       #include <stdio.h>
30
31       static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
32       {
33         X509_STORE *store;
34         X509 *cert = NULL;
35         BIO *bio;
36         char *mypem = parm;
37         /* get a BIO */
38         bio = BIO_new_mem_buf(mypem, -1);
39         /* use it to read the PEM formatted certificate from memory into an
40          * X509 structure that SSL can use
41          */
42         PEM_read_bio_X509(bio, &cert, 0, NULL);
43         if(cert == NULL)
44           printf("PEM_read_bio_X509 failed...\n");
45
46         /* get a pointer to the X509 certificate store (which may be empty) */
47         store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
48
49         /* add our certificate to this store */
50         if(X509_STORE_add_cert(store, cert) == 0)
51           printf("error adding certificate\n");
52
53         /* decrease reference counts */
54         X509_free(cert);
55         BIO_free(bio);
56
57         /* all set to go */
58         return CURLE_OK;
59       }
60
61       int main(void)
62       {
63         CURL * ch;
64         CURLcode rv;
65         char *mypem = /* example CA cert PEM - shortened */
66           "-----BEGIN CERTIFICATE-----\n"
67           "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"
68           "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"
69           "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"
70           "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"
71           "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"
72           "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"
73           "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"
74           "-----END CERTIFICATE-----\n";
75
76         curl_global_init(CURL_GLOBAL_ALL);
77         ch = curl_easy_init();
78
79         curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
80         curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
81         curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
82
83         /* Retrieve page using cacerts' certificate -> will succeed
84          * load the certificate by installing a function doing the necessary
85          * "modifications" to the SSL CONTEXT just before link init
86          */
87         curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
88         curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
89         rv = curl_easy_perform(ch);
90         if(!rv)
91           printf("*** transfer succeeded ***\n");
92         else
93           printf("*** transfer failed ***\n");
94
95         curl_easy_cleanup(ch);
96         curl_global_cleanup();
97         return rv;
98       }
99

AVAILABILITY

101       Added  in  7.11.0  for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
102       mbedTLS. Other SSL backends are not supported.
103

RETURN VALUE

105       CURLE_OK if supported; or an error such as:
106
107       CURLE_NOT_BUILT_IN - Not supported by the SSL backend
108
109       CURLE_UNKNOWN_OPTION
110