1*6236dae4SAndroid Build Coastguard Worker--- 2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 4*6236dae4SAndroid Build Coastguard WorkerTitle: CURLOPT_ISSUERCERT 5*6236dae4SAndroid Build Coastguard WorkerSection: 3 6*6236dae4SAndroid Build Coastguard WorkerSource: libcurl 7*6236dae4SAndroid Build Coastguard WorkerSee-also: 8*6236dae4SAndroid Build Coastguard Worker - CURLOPT_CRLFILE (3) 9*6236dae4SAndroid Build Coastguard Worker - CURLOPT_SSL_VERIFYHOST (3) 10*6236dae4SAndroid Build Coastguard Worker - CURLOPT_SSL_VERIFYPEER (3) 11*6236dae4SAndroid Build Coastguard WorkerProtocol: 12*6236dae4SAndroid Build Coastguard Worker - TLS 13*6236dae4SAndroid Build Coastguard WorkerTLS-backend: 14*6236dae4SAndroid Build Coastguard Worker - OpenSSL 15*6236dae4SAndroid Build Coastguard Worker - GnuTLS 16*6236dae4SAndroid Build Coastguard WorkerAdded-in: 7.19.0 17*6236dae4SAndroid Build Coastguard Worker--- 18*6236dae4SAndroid Build Coastguard Worker 19*6236dae4SAndroid Build Coastguard Worker# NAME 20*6236dae4SAndroid Build Coastguard Worker 21*6236dae4SAndroid Build Coastguard WorkerCURLOPT_ISSUERCERT - issuer SSL certificate filename 22*6236dae4SAndroid Build Coastguard Worker 23*6236dae4SAndroid Build Coastguard Worker# SYNOPSIS 24*6236dae4SAndroid Build Coastguard Worker 25*6236dae4SAndroid Build Coastguard Worker~~~c 26*6236dae4SAndroid Build Coastguard Worker#include <curl/curl.h> 27*6236dae4SAndroid Build Coastguard Worker 28*6236dae4SAndroid Build Coastguard WorkerCURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT, char *file); 29*6236dae4SAndroid Build Coastguard Worker~~~ 30*6236dae4SAndroid Build Coastguard Worker 31*6236dae4SAndroid Build Coastguard Worker# DESCRIPTION 32*6236dae4SAndroid Build Coastguard Worker 33*6236dae4SAndroid Build Coastguard WorkerPass a char pointer to a null-terminated string naming a *file* holding a CA 34*6236dae4SAndroid Build Coastguard Workercertificate in PEM format. If the option is set, an additional check against 35*6236dae4SAndroid Build Coastguard Workerthe peer certificate is performed to verify the issuer is indeed the one 36*6236dae4SAndroid Build Coastguard Workerassociated with the certificate provided by the option. This additional check 37*6236dae4SAndroid Build Coastguard Workeris useful in multi-level PKI where one needs to enforce that the peer 38*6236dae4SAndroid Build Coastguard Workercertificate is from a specific branch of the tree. 39*6236dae4SAndroid Build Coastguard Worker 40*6236dae4SAndroid Build Coastguard WorkerThis option makes sense only when used in combination with the 41*6236dae4SAndroid Build Coastguard WorkerCURLOPT_SSL_VERIFYPEER(3) option. Otherwise, the result of the check is 42*6236dae4SAndroid Build Coastguard Workernot considered as failure. 43*6236dae4SAndroid Build Coastguard Worker 44*6236dae4SAndroid Build Coastguard WorkerA specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, 45*6236dae4SAndroid Build Coastguard Workerwhich is returned if the setup of the SSL/TLS session has failed due to a 46*6236dae4SAndroid Build Coastguard Workermismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3) 47*6236dae4SAndroid Build Coastguard Workerhas to be set too for the check to fail). (Added in 7.19.0) 48*6236dae4SAndroid Build Coastguard Worker 49*6236dae4SAndroid Build Coastguard WorkerUsing this option multiple times makes the last set string override the 50*6236dae4SAndroid Build Coastguard Workerprevious ones. Set it to NULL to disable its use again. 51*6236dae4SAndroid Build Coastguard Worker 52*6236dae4SAndroid Build Coastguard WorkerThe application does not have to keep the string around after setting this 53*6236dae4SAndroid Build Coastguard Workeroption. 54*6236dae4SAndroid Build Coastguard Worker 55*6236dae4SAndroid Build Coastguard Worker# DEFAULT 56*6236dae4SAndroid Build Coastguard Worker 57*6236dae4SAndroid Build Coastguard WorkerNULL 58*6236dae4SAndroid Build Coastguard Worker 59*6236dae4SAndroid Build Coastguard Worker# %PROTOCOLS% 60*6236dae4SAndroid Build Coastguard Worker 61*6236dae4SAndroid Build Coastguard Worker# EXAMPLE 62*6236dae4SAndroid Build Coastguard Worker 63*6236dae4SAndroid Build Coastguard Worker~~~c 64*6236dae4SAndroid Build Coastguard Workerint main(void) 65*6236dae4SAndroid Build Coastguard Worker{ 66*6236dae4SAndroid Build Coastguard Worker CURL *curl = curl_easy_init(); 67*6236dae4SAndroid Build Coastguard Worker if(curl) { 68*6236dae4SAndroid Build Coastguard Worker CURLcode res; 69*6236dae4SAndroid Build Coastguard Worker curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 70*6236dae4SAndroid Build Coastguard Worker curl_easy_setopt(curl, CURLOPT_ISSUERCERT, "/etc/certs/cacert.pem"); 71*6236dae4SAndroid Build Coastguard Worker res = curl_easy_perform(curl); 72*6236dae4SAndroid Build Coastguard Worker curl_easy_cleanup(curl); 73*6236dae4SAndroid Build Coastguard Worker } 74*6236dae4SAndroid Build Coastguard Worker} 75*6236dae4SAndroid Build Coastguard Worker~~~ 76*6236dae4SAndroid Build Coastguard Worker 77*6236dae4SAndroid Build Coastguard Worker# %AVAILABILITY% 78*6236dae4SAndroid Build Coastguard Worker 79*6236dae4SAndroid Build Coastguard Worker# RETURN VALUE 80*6236dae4SAndroid Build Coastguard Worker 81*6236dae4SAndroid Build Coastguard WorkerReturns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 82*6236dae4SAndroid Build Coastguard WorkerCURLE_OUT_OF_MEMORY if there was insufficient heap space. 83