Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
CURLOPT_SSLCERT(3)	   Library Functions Manual	    CURLOPT_SSLCERT(3)

NAME
       CURLOPT_SSLCERT - SSL client certificate

SYNOPSIS
       #include	<curl/curl.h>

       CURLcode	curl_easy_setopt(CURL *handle, CURLOPT_SSLCERT,	char *cert);

DESCRIPTION
       Pass  a	pointer	 to  a null-terminated string as parameter. The	string
       should be the filename of your client certificate. The  default	format
       is P12 on Secure	Transport and PEM on other engines, and	can be changed
       with CURLOPT_SSLCERTTYPE(3).

       With Secure Transport, this can also be the nickname of the certificate
       you  wish to authenticate with as it is named in	the security database.
       If you want to use a file from the current directory, please precede it
       with ./ prefix, in order	to avoid confusion with	a nickname.

       (Schannel only) Client certificates can be specified by a path  expres-
       sion to a certificate store. (You can import PFX	to a store first). You
       can use "<store location>\<store	name>\<thumbprint>" to refer to	a cer-
       tificate	 in  the  system  certificates	store,	for  example, "Curren-
       tUser\MY\934a7ac6f8a5d5". The thumbprint	is usually a SHA-1 hex	string
       which you can see in certificate	details. Following store locations are
       supported: CurrentUser, LocalMachine, CurrentService, Services, Curren-
       tUserGroupPolicy,    LocalMachineGroupPolicy,   LocalMachineEnterprise.
       Schannel	also support P12 certificate file, with	the string P12	speci-
       fied with CURLOPT_SSLCERTTYPE(3).

       When using a client certificate,	you most likely	also need to provide a
       private key with	CURLOPT_SSLKEY(3).

       The  application	 does not have to keep the string around after setting
       this option.

       Using this option multiple times	makes the last set string override the
       previous	ones. Set it to	NULL to	disable	its use	again.

DEFAULT
       NULL

PROTOCOLS
       This functionality affects all TLS based	protocols: HTTPS, FTPS,	IMAPS,
       POP3S, SMTPS etc.

       This option  works  only	 with  the  following  TLS  backends:  GnuTLS,
       OpenSSL,	Schannel, Secure Transport, mbedTLS and	wolfSSL

EXAMPLE
       int main(void)
       {
	 CURL *curl = curl_easy_init();
	 if(curl) {
	   CURLcode res;
	   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
	   curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem");
	   curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem");
	   curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret");
	   res = curl_easy_perform(curl);
	   curl_easy_cleanup(curl);
	 }
       }

AVAILABILITY
       Added in	curl 7.1

RETURN VALUE
       curl_easy_setopt(3) returns a CURLcode indicating success or error.

       CURLE_OK	(0) means everything was OK, non-zero means an error occurred,
       see libcurl-errors(3).

SEE ALSO
       CURLOPT_KEYPASSWD(3), CURLOPT_SSLCERTTYPE(3), CURLOPT_SSLKEY(3)

libcurl				  2025-06-03		    CURLOPT_SSLCERT(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=CURLOPT_SSLCERT&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help