Go to main content

man pages section 3: Library Interfaces and Headers

Exit Print View

Updated: Thursday, June 13, 2019
 
 

CURLOPT_ISSUERCERT (3)

Name

CURLOPT_ISSUERCERT - issuer SSL certificate filename

Synopsis

#include <curl/curl.h>

CURLcode   curl_easy_setopt(CURL   *handle,   CURLOPT_ISSUERCERT,  char
*file);

Description

CURLOPT_ISSUERCERT(3)      curl_easy_setopt options      CURLOPT_ISSUERCERT(3)



NAME
       CURLOPT_ISSUERCERT - issuer SSL certificate filename

SYNOPSIS
       #include <curl/curl.h>

       CURLcode   curl_easy_setopt(CURL   *handle,   CURLOPT_ISSUERCERT,  char
       *file);

DESCRIPTION
       Pass a char * to a zero terminated string naming a file  holding  a  CA
       certificate  in  PEM  format. If the option is set, an additional check
       against the peer certificate is  performed  to  verify  the  issuer  is
       indeed  the one associated with the certificate provided by the option.
       This additional check is useful in multi-level PKI where one  needs  to
       enforce  that  the  peer  certificate  is from a specific branch of the
       tree.

       This option makes sense only when used in  combination  with  the  CUR-
       LOPT_SSL_VERIFYPEER(3)  option.  Otherwise,  the result of the check is
       not considered as failure.

       A specific error code  (CURLE_SSL_ISSUER_ERROR)  is  defined  with  the
       option,  which  is  returned  if  the  setup of the SSL/TLS session has
       failed due to a mismatch with the  issuer  of  peer  certificate  (CUR-
       LOPT_SSL_VERIFYPEER(3) has to be set too for the check to fail). (Added
       in 7.19.0)

       The application does not have to keep the string around  after  setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         curl_easy_setopt(curl, CURLOPT_ISSUERCERT, "/etc/certs/cacert.pem");
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY
       If built TLS enabled

RETURN VALUE
       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+------------------+
       |ATTRIBUTE TYPE | ATTRIBUTE VALUE  |
       +---------------+------------------+
       |Availability   | web/curl         |
       +---------------+------------------+
       |Stability      | Uncommitted      |
       +---------------+------------------+
SEE ALSO
       CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),



NOTES
       This    software    was    built    from    source     available     at
       https://github.com/oracle/solaris-userland.    The  original  community
       source   was    downloaded    from     https://github.com/curl/curl/ar-
       chive/curl-7_64_0.zip

       Further information about this software can be found on the open source
       community website at http://curl.haxx.se/.



libcurl 7.37.0                    19 Jun 2014            CURLOPT_ISSUERCERT(3)