1*6236dae4SAndroid Build Coastguard Worker--- 2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 4*6236dae4SAndroid Build Coastguard WorkerTitle: CURLOPT_CRLFILE 5*6236dae4SAndroid Build Coastguard WorkerSection: 3 6*6236dae4SAndroid Build Coastguard WorkerSource: libcurl 7*6236dae4SAndroid Build Coastguard WorkerSee-also: 8*6236dae4SAndroid Build Coastguard Worker - CURLOPT_PROXY_CRLFILE (3) 9*6236dae4SAndroid Build Coastguard Worker - CURLOPT_SSL_VERIFYHOST (3) 10*6236dae4SAndroid Build Coastguard Worker - CURLOPT_SSL_VERIFYPEER (3) 11*6236dae4SAndroid Build Coastguard WorkerProtocol: 12*6236dae4SAndroid Build Coastguard Worker - TLS 13*6236dae4SAndroid Build Coastguard WorkerTLS-backend: 14*6236dae4SAndroid Build Coastguard Worker - GnuTLS 15*6236dae4SAndroid Build Coastguard Worker - mbedTLS 16*6236dae4SAndroid Build Coastguard Worker - OpenSSL 17*6236dae4SAndroid Build Coastguard Worker - rustls 18*6236dae4SAndroid Build Coastguard WorkerAdded-in: 7.19.0 19*6236dae4SAndroid Build Coastguard Worker--- 20*6236dae4SAndroid Build Coastguard Worker 21*6236dae4SAndroid Build Coastguard Worker# NAME 22*6236dae4SAndroid Build Coastguard Worker 23*6236dae4SAndroid Build Coastguard WorkerCURLOPT_CRLFILE - Certificate Revocation List file 24*6236dae4SAndroid Build Coastguard Worker 25*6236dae4SAndroid Build Coastguard Worker# SYNOPSIS 26*6236dae4SAndroid Build Coastguard Worker 27*6236dae4SAndroid Build Coastguard Worker~~~c 28*6236dae4SAndroid Build Coastguard Worker#include <curl/curl.h> 29*6236dae4SAndroid Build Coastguard Worker 30*6236dae4SAndroid Build Coastguard WorkerCURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file); 31*6236dae4SAndroid Build Coastguard Worker~~~ 32*6236dae4SAndroid Build Coastguard Worker 33*6236dae4SAndroid Build Coastguard Worker# DESCRIPTION 34*6236dae4SAndroid Build Coastguard Worker 35*6236dae4SAndroid Build Coastguard WorkerPass a char pointer to a null-terminated string naming a *file* with the 36*6236dae4SAndroid Build Coastguard Workerconcatenation of CRL (in PEM format) to use in the certificate validation that 37*6236dae4SAndroid Build Coastguard Workeroccurs during the SSL exchange. 38*6236dae4SAndroid Build Coastguard Worker 39*6236dae4SAndroid Build Coastguard WorkerWhen curl is built to use GnuTLS, there is no way to influence the use of CRL 40*6236dae4SAndroid Build Coastguard Workerpassed to help in the verification process. 41*6236dae4SAndroid Build Coastguard Worker 42*6236dae4SAndroid Build Coastguard WorkerWhen libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and 43*6236dae4SAndroid Build Coastguard WorkerX509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the 44*6236dae4SAndroid Build Coastguard Workerelements of the certificate chain if a CRL file is passed. Also note that 45*6236dae4SAndroid Build Coastguard WorkerCURLOPT_CRLFILE(3) implies **CURLSSLOPT_NO_PARTIALCHAIN** (see 46*6236dae4SAndroid Build Coastguard WorkerCURLOPT_SSL_OPTIONS(3)) since curl 7.71.0 due to an OpenSSL bug. 47*6236dae4SAndroid Build Coastguard Worker 48*6236dae4SAndroid Build Coastguard WorkerThis option makes sense only when used in combination with the 49*6236dae4SAndroid Build Coastguard WorkerCURLOPT_SSL_VERIFYPEER(3) option. 50*6236dae4SAndroid Build Coastguard Worker 51*6236dae4SAndroid Build Coastguard WorkerA specific error code (*CURLE_SSL_CRL_BADFILE*) is defined with the option. It 52*6236dae4SAndroid Build Coastguard Workeris returned when the SSL exchange fails because the CRL file cannot be loaded. 53*6236dae4SAndroid Build Coastguard WorkerA failure in certificate verification due to a revocation information found in 54*6236dae4SAndroid Build Coastguard Workerthe CRL does not trigger this specific error. 55*6236dae4SAndroid Build Coastguard Worker 56*6236dae4SAndroid Build Coastguard WorkerThe application does not have to keep the string around after setting this 57*6236dae4SAndroid Build Coastguard Workeroption. 58*6236dae4SAndroid Build Coastguard Worker 59*6236dae4SAndroid Build Coastguard WorkerUsing this option multiple times makes the last set string override the 60*6236dae4SAndroid Build Coastguard Workerprevious ones. Set it to NULL to disable its use again. 61*6236dae4SAndroid Build Coastguard Worker 62*6236dae4SAndroid Build Coastguard Worker# DEFAULT 63*6236dae4SAndroid Build Coastguard Worker 64*6236dae4SAndroid Build Coastguard WorkerNULL 65*6236dae4SAndroid Build Coastguard Worker 66*6236dae4SAndroid Build Coastguard Worker# %PROTOCOLS% 67*6236dae4SAndroid Build Coastguard Worker 68*6236dae4SAndroid Build Coastguard Worker# EXAMPLE 69*6236dae4SAndroid Build Coastguard Worker 70*6236dae4SAndroid Build Coastguard Worker~~~c 71*6236dae4SAndroid Build Coastguard Workerint main(void) 72*6236dae4SAndroid Build Coastguard Worker{ 73*6236dae4SAndroid Build Coastguard Worker CURL *curl = curl_easy_init(); 74*6236dae4SAndroid Build Coastguard Worker if(curl) { 75*6236dae4SAndroid Build Coastguard Worker CURLcode res; 76*6236dae4SAndroid Build Coastguard Worker curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 77*6236dae4SAndroid Build Coastguard Worker curl_easy_setopt(curl, CURLOPT_CRLFILE, "/etc/certs/crl.pem"); 78*6236dae4SAndroid Build Coastguard Worker res = curl_easy_perform(curl); 79*6236dae4SAndroid Build Coastguard Worker curl_easy_cleanup(curl); 80*6236dae4SAndroid Build Coastguard Worker } 81*6236dae4SAndroid Build Coastguard Worker} 82*6236dae4SAndroid Build Coastguard Worker~~~ 83*6236dae4SAndroid Build Coastguard Worker 84*6236dae4SAndroid Build Coastguard Worker# %AVAILABILITY% 85*6236dae4SAndroid Build Coastguard Worker 86*6236dae4SAndroid Build Coastguard Worker# RETURN VALUE 87*6236dae4SAndroid Build Coastguard Worker 88*6236dae4SAndroid Build Coastguard WorkerReturns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 89*6236dae4SAndroid Build Coastguard WorkerCURLE_OUT_OF_MEMORY if there was insufficient heap space. 90