1CURLOPT_ISSUERCERT_BLOB(3) curl_easy_setopt options CURLOPT_ISSUERCERT_BLOB(3)
2
3
4

NAME

6       CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB,
12                                 struct curl_blob *stblob);
13

DESCRIPTION

15       Pass  a  pointer  to  a curl_blob structure, which contains information
16       (pointer and size) about a memory block with binary data of a  CA  cer‐
17       tificate  in  PEM  format.  If  the  option is set, an additional check
18       against the peer certificate is performed to verify the issuer  is  in‐
19       deed  the  one  associated with the certificate provided by the option.
20       This additional check is useful in multi-level PKI where one  needs  to
21       enforce  that  the  peer  certificate  is from a specific branch of the
22       tree.
23
24       This option should be used in combination  with  the  CURLOPT_SSL_VERI‐
25       FYPEER(3)  option. Otherwise, the result of the check is not considered
26       as failure.
27
28       A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the  op‐
29       tion,  which is returned if the setup of the SSL/TLS session has failed
30       due to a mismatch with the issuer of peer certificate (CURLOPT_SSL_VER‐
31       IFYPEER(3) has to be set too for the check to fail).
32
33       If  the  blob  is initialized with the flags member of struct curl_blob
34       set to CURL_BLOB_COPY, the application does not have to keep the buffer
35       around after setting this.
36
37       This  option  is  an alternative to CURLOPT_ISSUERCERT(3) which instead
38       expects a file name as input.
39

DEFAULT

41       NULL
42

PROTOCOLS

44       All TLS-based protocols
45

EXAMPLE

47       CURL *curl = curl_easy_init();
48       if(curl) {
49         struct curl_blob blob;
50         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
51         blob.data = certificateData;
52         blob.len = filesize;
53         blob.flags = CURL_BLOB_COPY;
54         curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob);
55         ret = curl_easy_perform(curl);
56         curl_easy_cleanup(curl);
57       }
58

AVAILABILITY

60       Added in 7.71.0. This option is supported by the OpenSSL backends.
61

RETURN VALUE

63       Returns CURLE_OK if the option is  supported,  CURLE_UNKNOWN_OPTION  if
64       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
65

SEE ALSO

67       CURLOPT_ISSUERCERT(3), CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),
68
69
70
71libcurl 8.0.1                  January 02, 2023     CURLOPT_ISSUERCERT_BLOB(3)
Impressum