CURLOPT_SSL_CTX_DATA(3)

1CURLOPT_SSL_CTX_DATA(3)    curl_easy_setopt options    CURLOPT_SSL_CTX_DATA(3)
2
3
4

NAME

6       CURLOPT_SSL_CTX_DATA - pointer passed to ssl_ctx callback
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
12

DESCRIPTION

14       Data pointer to pass to the ssl context callback set by the option CUR‐
15       LOPT_SSL_CTX_FUNCTION(3), this is the pointer you will get as third pa‐
16       rameter.
17

DEFAULT

19       NULL
20

PROTOCOLS

22       All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
23

EXAMPLE

25       /* OpenSSL specific */
26
27       #include <openssl/ssl.h>
28       #include <curl/curl.h>
29       #include <stdio.h>
30
31       static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
32       {
33         X509_STORE *store;
34         X509 *cert = NULL;
35         BIO *bio;
36         char *mypem = parm;
37         /* get a BIO */
38         bio = BIO_new_mem_buf(mypem, -1);
39         /* use it to read the PEM formatted certificate from memory into an
40          * X509 structure that SSL can use
41          */
42         PEM_read_bio_X509(bio, &cert, 0, NULL);
43         if(cert == NULL)
44           printf("PEM_read_bio_X509 failed...\n");
45
46         /* get a pointer to the X509 certificate store (which may be empty) */
47         store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
48
49         /* add our certificate to this store */
50         if(X509_STORE_add_cert(store, cert) == 0)
51           printf("error adding certificate\n");
52
53         /* decrease reference counts */
54         X509_free(cert);
55         BIO_free(bio);
56
57         /* all set to go */
58         return CURLE_OK;
59       }
60
61       int main(void)
62       {
63         CURL * ch;
64         CURLcode rv;
65         char *mypem = /* example CA cert PEM - shortened */
66           "-----BEGIN CERTIFICATE-----\n"
67           "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"
68           "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"
69           "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"
70           "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"
71           "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"
72           "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"
73           "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"
74           "-----END CERTIFICATE-----\n";
75
76         curl_global_init(CURL_GLOBAL_ALL);
77         ch = curl_easy_init();
78
79         curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
80         curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
81         curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
82
83         /* Retrieve page using cacerts' certificate -> will succeed
84          * load the certificate by installing a function doing the necessary
85          * "modifications" to the SSL CONTEXT just before link init
86          */
87         curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
88         curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
89         rv = curl_easy_perform(ch);
90         if(!rv)
91           printf("*** transfer succeeded ***\n");
92         else
93           printf("*** transfer failed ***\n");
94
95         curl_easy_cleanup(ch);
96         curl_global_cleanup();
97         return rv;
98       }
99

AVAILABILITY

101       Added  in  7.11.0  for  OpenSSL,  in  7.42.0 for wolfSSL, in 7.54.0 for
102       mbedTLS, in 7.83.0 in BearSSL. Other SSL backends are not supported.
103

RETURN VALUE

105       CURLE_OK if supported; or an error such as:
106
107       CURLE_NOT_BUILT_IN - Not supported by the SSL backend
108
109       CURLE_UNKNOWN_OPTION
110