1 files changed, 83 insertions, 0 deletions

diff --git a/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
new file mode 100644
index 000000000..49dd2ecf1
--- /dev/null
+++ b/docs/libcurl/opts/GNURLOPT_SSL_CTX_FUNCTION.3
@@ -0,0 +1,83 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH GNURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL or mbedTLS
+.SH SYNOPSIS
+.nf
+#include <gnurl/curl.h>
+
+CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
+                          ssl_ctx_callback);
+.SH DESCRIPTION
+This option only works for libcurl powered by OpenSSL, wolfSSL or mbedTLS. If
+libcurl was built against another SSL library this functionality is absent.
+
+Pass a pointer to your callback function, which should match the prototype
+shown above.
+
+This callback function gets called by libcurl just before the initialization
+of an SSL connection after having processed all other SSL related options to
+give a last chance to an application to modify the behavior of the SSL
+initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL
+library's \fISSL_CTX\fP for OpenSSL or wolfSSL, and a pointer to
+\fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the
+callback no attempt to establish a connection is made and the perform
+operation will return the callback's error code. Set the \fIuserptr\fP
+argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP option.
+
+This function will get called on all new connections made to a server, during
+the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object
+each time, but note the pointer may be the same as from a prior call.
+
+To use this properly, a non-trivial amount of knowledge of your SSL library is
+necessary. For example, you can use this function to call library-specific
+callbacks to add additional validation code for certificates, and even to
+change the actual URI of an HTTPS request.
+
+WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application
+to reach in and modify SSL details in the connection without libcurl itself
+knowing anything about it, which then subsequently can lead to libcurl
+unknowingly reusing SSL connections with different properties. To remedy this
+you may set \fICURLOPT_FORBID_REUSE(3)\fP from the callback function.
+.SH DEFAULT
+NULL
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
+.SH EXAMPLE
+See cacertinmem.c in docs/examples directory for usage example.
+
+https://curl.haxx.se/libcurl/c/cacertinmem.html
+.SH AVAILABILITY
+Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
+mbedTLS. Other SSL backends are not supported.
+.SH RETURN VALUE
+CURLE_OK if supported; or an error such as:
+
+CURLE_NOT_BUILT_IN - Not supported by the SSL backend
+
+CURLE_UNKNOWN_OPTION
+.SH "SEE ALSO"
+.BR CURLOPT_SSL_CTX_DATA "(3), " CURLOPT_SSL_VERIFYPEER "(3), "