quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

CURLOPT_CRLFILE.md (2321B)

      1 ---
      2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
      3 SPDX-License-Identifier: curl
      4 Title: CURLOPT_CRLFILE
      5 Section: 3
      6 Source: libcurl
      7 See-also:
      8   - CURLOPT_PROXY_CRLFILE (3)
      9   - CURLOPT_SSL_VERIFYHOST (3)
     10   - CURLOPT_SSL_VERIFYPEER (3)
     11 Protocol:
     12   - TLS
     13 TLS-backend:
     14   - GnuTLS
     15   - mbedTLS
     16   - OpenSSL
     17   - rustls
     18 Added-in: 7.19.0
     19 ---
     20 
     21 # NAME
     22 
     23 CURLOPT_CRLFILE - Certificate Revocation List file
     24 
     25 # SYNOPSIS
     26 
     27 ~~~c
     28 #include <curl/curl.h>
     29 
     30 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file);
     31 ~~~
     32 
     33 # DESCRIPTION
     34 
     35 Pass a char pointer to a null-terminated string naming a *file* with the
     36 concatenation of CRL (in PEM format) to use in the certificate validation that
     37 occurs during the SSL exchange.
     38 
     39 When curl is built to use GnuTLS, there is no way to influence the use of CRL
     40 passed to help in the verification process.
     41 
     42 When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and
     43 X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the
     44 elements of the certificate chain if a CRL file is passed. Also note that
     45 CURLOPT_CRLFILE(3) implies **CURLSSLOPT_NO_PARTIALCHAIN** (see
     46 CURLOPT_SSL_OPTIONS(3)) since curl 7.71.0 due to an OpenSSL bug.
     47 
     48 This option makes sense only when used in combination with the
     49 CURLOPT_SSL_VERIFYPEER(3) option.
     50 
     51 A specific error code (*CURLE_SSL_CRL_BADFILE*) is defined with the option. It
     52 is returned when the SSL exchange fails because the CRL file cannot be loaded.
     53 A failure in certificate verification due to a revocation information found in
     54 the CRL does not trigger this specific error.
     55 
     56 The application does not have to keep the string around after setting this
     57 option.
     58 
     59 Using this option multiple times makes the last set string override the
     60 previous ones. Set it to NULL to disable its use again.
     61 
     62 # DEFAULT
     63 
     64 NULL
     65 
     66 # %PROTOCOLS%
     67 
     68 # EXAMPLE
     69 
     70 ~~~c
     71 int main(void)
     72 {
     73   CURL *curl = curl_easy_init();
     74   if(curl) {
     75     CURLcode res;
     76     curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
     77     curl_easy_setopt(curl, CURLOPT_CRLFILE, "/etc/certs/crl.pem");
     78     res = curl_easy_perform(curl);
     79     curl_easy_cleanup(curl);
     80   }
     81 }
     82 ~~~
     83 
     84 # %AVAILABILITY%
     85 
     86 # RETURN VALUE
     87 
     88 curl_easy_setopt(3) returns a CURLcode indicating success or error.
     89 
     90 CURLE_OK (0) means everything was OK, non-zero means an error occurred, see
     91 libcurl-errors(3).