Go to main content

man pages section 3: Library Interfaces and Headers

Exit Print View

Updated: Thursday, June 13, 2019
 
 

CURLOPT_CRLFILE (3)

Name

CURLOPT_CRLFILE - specify a Certificate Revocation List file

Synopsis

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file);

Description

CURLOPT_CRLFILE(3)         curl_easy_setopt options         CURLOPT_CRLFILE(3)



NAME
       CURLOPT_CRLFILE - specify a Certificate Revocation List file

SYNOPSIS
       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file);

DESCRIPTION
       Pass  a  char * to a zero terminated string naming a file with the con-
       catenation of CRL (in PEM format) to use in the certificate  validation
       that occurs during the SSL exchange.

       When  curl  is built to use NSS or GnuTLS, there is no way to influence
       the use of CRL passed to help in the verification process. When libcurl
       is    built    with    OpenSSL   support,   X509_V_FLAG_CRL_CHECK   and
       X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all
       the elements of the certificate chain if a CRL file is passed.

       This  option  makes  sense  only when used in combination with the CUR-
       LOPT_SSL_VERIFYPEER(3) option.

       A specific error  code  (CURLE_SSL_CRL_BADFILE)  is  defined  with  the
       option. It is returned when the SSL exchange fails because the CRL file
       cannot be loaded.  A failure in certificate verification due to a revo-
       cation  information  found  in  the  CRL does not trigger this specific
       error.

       The application does not have to keep the string around  after  setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         curl_easy_setopt(curl, CURLOPT_CRLFILE, "/etc/certs/crl.pem");
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY
       Added in 7.19.0

RETURN VALUE
       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+------------------+
       |ATTRIBUTE TYPE | ATTRIBUTE VALUE  |
       +---------------+------------------+
       |Availability   | web/curl         |
       +---------------+------------------+
       |Stability      | Uncommitted      |
       +---------------+------------------+
SEE ALSO
       CURLOPT_SSL_VERIFYPEER(3),       CURLOPT_SSL_VERIFYHOST(3),        CUR-
       LOPT_PROXY_CRLFILE(3),



NOTES
       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source    was    downloaded    from    https://github.com/curl/curl/ar-
       chive/curl-7_64_0.zip

       Further information about this software can be found on the open source
       community website at http://curl.haxx.se/.



libcurl 7.37.0                    19 Jun 2014               CURLOPT_CRLFILE(3)