CURLOPT_CAINFO_BLOB - Man Page

Certificate Authority (CA) bundle in PEM format

Synopsis

#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO_BLOB,
                          struct curl_blob *stblob);

Description

Pass a pointer to a curl_blob structure, which contains information (pointer and size) about a memory block with binary data of PEM encoded content holding one or more certificates to verify the HTTPS server with.

If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the server's certificate, CURLOPT_CAINFO_BLOB(3) is not needed.

This option overrides CURLOPT_CAINFO(3).

Default

NULL

Protocols

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.

Example

char *strpem; /* strpem must point to a PEM string */
CURL *curl = curl_easy_init();
if(curl) {
  struct curl_blob blob;
  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
  blob.data = strpem;
  blob.len = strlen(strpem);
  blob.flags = CURL_BLOB_COPY;
  curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob);
  ret = curl_easy_perform(curl);
  curl_easy_cleanup(curl);
}

Availability

Added in 7.77.0.

This option is supported by the BearSSL (since 7.79.0), mbedTLS (since 7.81.0), rustls (since 7.82.0), wolfSSL (since 8.2.0), OpenSSL, Secure Transport and Schannel backends.

Return Value

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

See Also

CURLOPT_CAINFO(3), CURLOPT_CAPATH(3), CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3)

Referenced By

curl_easy_setopt(3), CURLOPT_CA_CACHE_TIMEOUT(3), CURLOPT_CAINFO(3), CURLOPT_PROXY_CAINFO(3), CURLOPT_PROXY_CAINFO_BLOB(3).

September 26, 2023 ibcurl 8.4.0 libcurl