Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CURLOPT_ISSUERCERT_BLOB(3) Library Functions Manual CURLOPT_ISSUERCERT_BLOB(3)

NAME
       CURLOPT_ISSUERCERT_BLOB - issuer	SSL certificate	from memory blob

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB,
				 struct	curl_blob *stblob);

DESCRIPTION
       Pass  a	pointer	 to  a curl_blob structure, which contains information
       (pointer	and size) about	a memory block with binary data	of a  CA  cer-
       tificate	 in  PEM  format.  If  the  option is set, an additional check
       against the peer	certificate is performed to verify the issuer  is  in-
       deed  the  one  associated with the certificate provided	by the option.
       This additional check is	useful in multi-level PKI where	one  needs  to
       enforce	that  the  peer	 certificate  is from a	specific branch	of the
       tree.

       This option should be used in combination  with	the  CURLOPT_SSL_VERI-
       FYPEER(3)  option. Otherwise, the result	of the check is	not considered
       as failure.

       A specific error	code (CURLE_SSL_ISSUER_ERROR) is defined with the  op-
       tion,  which is returned	if the setup of	the SSL/TLS session has	failed
       due to a	mismatch with the issuer of peer certificate (CURLOPT_SSL_VER-
       IFYPEER(3) has to be set	too for	the check to fail).

       If the blob is initialized with the flags member	 of  struct  curl_blob
       set to CURL_BLOB_COPY, the application does not have to keep the	buffer
       around after setting this.

       This  option  is	 an alternative	to CURLOPT_ISSUERCERT(3) which instead
       expects a filename as input.

DEFAULT
       NULL

PROTOCOLS
       This functionality affects all TLS based	protocols: HTTPS, FTPS,	IMAPS,
       POP3S, SMTPS etc.

       This option works only with the following TLS backends: OpenSSL

EXAMPLE
       extern char *certificateData;
       extern size_t filesize;

       int main(void)
       {
	 CURL *curl = curl_easy_init();
	 if(curl) {
	   CURLcode res;
	   struct curl_blob blob;
	   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
	   blob.data = certificateData;
	   blob.len = filesize;
	   blob.flags =	CURL_BLOB_COPY;
	   curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob);
	   res = curl_easy_perform(curl);
	   curl_easy_cleanup(curl);
	 }
       }

AVAILABILITY
       Added in	curl 7.71.0

RETURN VALUE
       curl_easy_setopt(3) returns a CURLcode indicating success or error.

       CURLE_OK	(0) means everything was OK, non-zero means an error occurred,
       see libcurl-errors(3).

SEE ALSO
       CURLOPT_CRLFILE(3),  CURLOPT_ISSUERCERT(3),  CURLOPT_SSL_VERIFYHOST(3),
       CURLOPT_SSL_VERIFYPEER(3)

libcurl				  2025-06-03	    CURLOPT_ISSUERCERT_BLOB(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=CURLOPT_ISSUERCERT_BLOB&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help