diff options
Diffstat (limited to 'docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3')
-rw-r--r-- | docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3 | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3 new file mode 100644 index 000000000..49dd2ecf1 --- /dev/null +++ b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3 @@ -0,0 +1,83 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH GNURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL or mbedTLS +.SH SYNOPSIS +.nf +#include <gnurl/curl.h> + +CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, + ssl_ctx_callback); +.SH DESCRIPTION +This option only works for libcurl powered by OpenSSL, wolfSSL or mbedTLS. If +libcurl was built against another SSL library this functionality is absent. + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback function gets called by libcurl just before the initialization +of an SSL connection after having processed all other SSL related options to +give a last chance to an application to modify the behavior of the SSL +initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL +library's \fISSL_CTX\fP for OpenSSL or wolfSSL, and a pointer to +\fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the +callback no attempt to establish a connection is made and the perform +operation will return the callback's error code. Set the \fIuserptr\fP +argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP option. + +This function will get called on all new connections made to a server, during +the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object +each time, but note the pointer may be the same as from a prior call. + +To use this properly, a non-trivial amount of knowledge of your SSL library is +necessary. For example, you can use this function to call library-specific +callbacks to add additional validation code for certificates, and even to +change the actual URI of an HTTPS request. + +WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application +to reach in and modify SSL details in the connection without libcurl itself +knowing anything about it, which then subsequently can lead to libcurl +unknowingly reusing SSL connections with different properties. To remedy this +you may set \fICURLOPT_FORBID_REUSE(3)\fP from the callback function. +.SH DEFAULT +NULL +.SH PROTOCOLS +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. +.SH EXAMPLE +See cacertinmem.c in docs/examples directory for usage example. + +https://curl.haxx.se/libcurl/c/cacertinmem.html +.SH AVAILABILITY +Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for +mbedTLS. Other SSL backends are not supported. +.SH RETURN VALUE +CURLE_OK if supported; or an error such as: + +CURLE_NOT_BUILT_IN - Not supported by the SSL backend + +CURLE_UNKNOWN_OPTION +.SH "SEE ALSO" +.BR CURLOPT_SSL_CTX_DATA "(3), " CURLOPT_SSL_VERIFYPEER "(3), " |