DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

CURLOPT_CAINFO(3)




CURLOPT_CAINFO(3)   curl_easy_setopt options    CURLOPT_CAINFO(3)


NAME

     CURLOPT_CAINFO - path to Certificate Authority (CA) bundle


SYNOPSIS

     #include <curl/curl.h>

     CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO, char
     *path);


DESCRIPTION

     Pass a char * to a zero  terminated  string  naming  a  file
     holding one or more certificates to verify the peer with.

     If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying
     the  server's  certificate,  CURLOPT_CAINFO(3) need not even
     indicate an accessible file.

     This option is by default  set  to  the  system  path  where
     libcurl's  cacert  bundle  is assumed to be stored, as esta-
     blished at build time.

     If curl is built against the NSS SSL library,  the  NSS  PEM
     PKCS#11 module (libnsspem.so) needs to be available for this
     option to work properly.  Starting with curl-7.55.0, if both
     CURLOPT_CAINFO(3)  and  CURLOPT_CAPATH(3)  are  unset,  NSS-
     linked libcurl tries to load libnssckbi.so, which contains a
     more  comprehensive  set of trust information than supported
     by nss-pem, because libnssckbi.so also includes  information
     about distrusted certificates.

     (iOS and macOS only) If curl is built against  Secure  Tran-
     sport,  then  this option is supported for backward compati-
     bility with other SSL engines, but it should not be set.  If
     the  option  is not set, then curl will use the certificates
     in the system and user Keychain to verify the peer, which is
     the  preferred  method  of  verifying the peer's certificate
     chain.

     The application does not have  to  keep  the  string  around
     after setting this option.


DEFAULT

     Built-in system specific


PROTOCOLS

     All TLS based protocols: HTTPS, FTPS,  IMAPS,  POP3S,  SMTPS
     etc.


EXAMPLE

     CURL *curl = curl_easy_init();
     if(curl) {
       curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");

libcurl 7.58.0      Last change: May 27, 2017                   1

CURLOPT_CAINFO(3)   curl_easy_setopt options    CURLOPT_CAINFO(3)

       curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/certs/cabundle.pem");
       ret = curl_easy_perform(curl);
       curl_easy_cleanup(curl);
     }


AVAILABILITY

     For SSL engines that don't  support  certificate  files  the
     CURLOPT_CAINFO     option     is     ignored.    Refer    to
     https://curl.haxx.se/docs/ssl-compared.html


RETURN VALUE

     Returns   CURLE_OK   if    the    option    is    supported,
     CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there
     was insufficient heap space.


SEE ALSO

     CURLOPT_CAPATH(3),                CURLOPT_SSL_VERIFYPEER(3),
     CURLOPT_SSL_VERIFYHOST(3),

libcurl 7.58.0      Last change: May 27, 2017                   2


Man(1) output converted with man2html