1CURLOPT_CRLFILE(3)         curl_easy_setopt options         CURLOPT_CRLFILE(3)
2
3
4

NAME

6       CURLOPT_CRLFILE - Certificate Revocation List file
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file);
12

DESCRIPTION

14       Pass  a  char * to a null-terminated string naming a file with the con‐
15       catenation of CRL (in PEM format) to use in the certificate  validation
16       that occurs during the SSL exchange.
17
18       When  curl  is built to use NSS or GnuTLS, there is no way to influence
19       the use of CRL passed to help in the verification process.
20
21       When libcurl is built with OpenSSL support,  X509_V_FLAG_CRL_CHECK  and
22       X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all
23       the elements of the certificate chain if a CRL  file  is  passed.  Also
24       note that CURLOPT_CRLFILE(3) will imply CURLSSLOPT_NO_PARTIALCHAIN (see
25       CURLOPT_SSL_OPTIONS(3)) since curl 7.71.0 due to an OpenSSL bug.
26
27       This option makes sense only when used in  combination  with  the  CUR‐
28       LOPT_SSL_VERIFYPEER(3) option.
29
30       A  specific  error code (CURLE_SSL_CRL_BADFILE) is defined with the op‐
31       tion. It is returned when the SSL exchange fails because the  CRL  file
32       cannot be loaded.  A failure in certificate verification due to a revo‐
33       cation information found in the CRL does not trigger this specific  er‐
34       ror.
35
36       The  application  does not have to keep the string around after setting
37       this option.
38

DEFAULT

40       NULL
41

PROTOCOLS

43       All TLS-based protocols
44

EXAMPLE

46       CURL *curl = curl_easy_init();
47       if(curl) {
48         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
49         curl_easy_setopt(curl, CURLOPT_CRLFILE, "/etc/certs/crl.pem");
50         ret = curl_easy_perform(curl);
51         curl_easy_cleanup(curl);
52       }
53

AVAILABILITY

55       Added in 7.19.0
56

RETURN VALUE

58       Returns CURLE_OK if the option is  supported,  CURLE_UNKNOWN_OPTION  if
59       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
60

SEE ALSO

62       CURLOPT_SSL_VERIFYPEER(3),        CURLOPT_SSL_VERIFYHOST(3),       CUR‐
63       LOPT_PROXY_CRLFILE(3),
64
65
66
67libcurl 8.0.1                  January 02, 2023             CURLOPT_CRLFILE(3)
Impressum