1CURLOPT_PROXY_ISSUERCERT(3)curl_easy_setopt optionsCURLOPT_PROXY_ISSUERCERT(3)
2
3
4

NAME

6       CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename
7

SYNOPSIS

9       #include <curl/curl.h>
10
11       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT, char *file);
12

DESCRIPTION

14       Pass  a  char  * to a null-terminated string naming a file holding a CA
15       certificate in PEM format. If the option is set,  an  additional  check
16       against  the  peer certificate is performed to verify the issuer of the
17       the HTTPS proxy is indeed the one associated with the certificate  pro‐
18       vided  by  the  option.  This additional check is useful in multi-level
19       PKI where one needs to enforce that the peer certificate is from a spe‐
20       cific branch of the tree.
21
22       This  option  makes  sense  only when used in combination with the CUR‐
23       LOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the check
24       is not considered as failure.
25
26       A  specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the op‐
27       tion, which is returned if the setup of the SSL/TLS session has  failed
28       due   to   a  mismatch  with  the  issuer  of  peer  certificate  (CUR‐
29       LOPT_PROXY_SSL_VERIFYPEER(3) has to be set too for the check to fail).
30
31       The application does not have to keep the string around  after  setting
32       this option.
33

DEFAULT

35       NULL
36

PROTOCOLS

38       All TLS-based protocols
39

EXAMPLE

41       CURL *curl = curl_easy_init();
42       if(curl) {
43         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
44         /* using an HTTPS proxy */
45         curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443");
46         curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT, "/etc/certs/cacert.pem");
47         ret = curl_easy_perform(curl);
48         curl_easy_cleanup(curl);
49       }
50

AVAILABILITY

52       Added in 7.71.0. This option is supported by the OpenSSL backends.
53

RETURN VALUE

55       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
56       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
57

SEE ALSO

59       CURLOPT_PROXY_SSL_VERIFYPEER(3), CURLOPT_PROXY_SSL_VERIFYHOST(3),  CUR‐
60       LOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),
61
62
63
64libcurl 8.0.1                  January 02, 2023    CURLOPT_PROXY_ISSUERCERT(3)
Impressum