FreeBSD Manual Pages
CURLOPT_ISSUERCERT_BLOB(3) Library Functions Manual CURLOPT_ISSUERCERT_BLOB(3) NAME CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob SYNOPSIS #include <curl/curl.h> CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB, struct curl_blob *stblob); DESCRIPTION Pass a pointer to a curl_blob structure, which contains information (pointer and size) about a memory block with binary data of a CA cer- tificate in PEM format. If the option is set, an additional check against the peer certificate is performed to verify the issuer is in- deed the one associated with the certificate provided by the option. This additional check is useful in multi-level PKI where one needs to enforce that the peer certificate is from a specific branch of the tree. This option should be used in combination with the CURLOPT_SSL_VERI- FYPEER(3) option. Otherwise, the result of the check is not considered as failure. A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the op- tion, which is returned if the setup of the SSL/TLS session has failed due to a mismatch with the issuer of peer certificate (CURLOPT_SSL_VER- IFYPEER(3) has to be set too for the check to fail). If the blob is initialized with the flags member of struct curl_blob set to CURL_BLOB_COPY, the application does not have to keep the buffer around after setting this. This option is an alternative to CURLOPT_ISSUERCERT(3) which instead expects a filename as input. DEFAULT NULL PROTOCOLS This functionality affects all TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. This option works only with the following TLS backends: OpenSSL EXAMPLE extern char *certificateData; extern size_t filesize; int main(void) { CURL *curl = curl_easy_init(); if(curl) { CURLcode res; struct curl_blob blob; curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); blob.data = certificateData; blob.len = filesize; blob.flags = CURL_BLOB_COPY; curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob); res = curl_easy_perform(curl); curl_easy_cleanup(curl); } } AVAILABILITY Added in curl 7.71.0 RETURN VALUE curl_easy_setopt(3) returns a CURLcode indicating success or error. CURLE_OK (0) means everything was OK, non-zero means an error occurred, see libcurl-errors(3). SEE ALSO CURLOPT_CRLFILE(3), CURLOPT_ISSUERCERT(3), CURLOPT_SSL_VERIFYHOST(3), CURLOPT_SSL_VERIFYPEER(3) libcurl 2025-06-03 CURLOPT_ISSUERCERT_BLOB(3)
NAME | SYNOPSIS | DESCRIPTION | DEFAULT | PROTOCOLS | EXAMPLE | AVAILABILITY | RETURN VALUE | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=CURLOPT_ISSUERCERT_BLOB&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>