quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

CURLOPT_PROXY_ISSUERCERT.md (2358B)

      1 ---
      2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
      3 SPDX-License-Identifier: curl
      4 Title: CURLOPT_PROXY_ISSUERCERT
      5 Section: 3
      6 Source: libcurl
      7 See-also:
      8   - CURLOPT_ISSUERCERT (3)
      9   - CURLOPT_PROXY_SSL_VERIFYHOST (3)
     10   - CURLOPT_PROXY_SSL_VERIFYPEER (3)
     11   - CURLOPT_SSL_VERIFYHOST (3)
     12   - CURLOPT_SSL_VERIFYPEER (3)
     13 Protocol:
     14   - TLS
     15 TLS-backend:
     16   - OpenSSL
     17   - GnuTLS
     18 Added-in: 7.71.0
     19 ---
     20 
     21 # NAME
     22 
     23 CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename
     24 
     25 # SYNOPSIS
     26 
     27 ~~~c
     28 #include <curl/curl.h>
     29 
     30 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT, char *file);
     31 ~~~
     32 
     33 # DESCRIPTION
     34 
     35 Pass a char pointer to a null-terminated string naming a *file* holding a CA
     36 certificate in PEM format. If the option is set, an additional check against
     37 the peer certificate is performed to verify the issuer of the HTTPS proxy is
     38 indeed the one associated with the certificate provided by the option. This
     39 additional check is useful in multi-level PKI where one needs to enforce that
     40 the peer certificate is from a specific branch of the tree.
     41 
     42 This option makes sense only when used in combination with the
     43 CURLOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the check is
     44 not considered as failure.
     45 
     46 A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option,
     47 which is returned if the setup of the SSL/TLS session has failed due to a
     48 mismatch with the issuer of peer certificate (CURLOPT_PROXY_SSL_VERIFYPEER(3)
     49 has to be set too for the check to fail).
     50 
     51 The application does not have to keep the string around after setting this
     52 option.
     53 
     54 Using this option multiple times makes the last set string override the
     55 previous ones. Set it to NULL to disable its use again.
     56 
     57 # DEFAULT
     58 
     59 NULL
     60 
     61 # %PROTOCOLS%
     62 
     63 # EXAMPLE
     64 
     65 ~~~c
     66 int main(void)
     67 {
     68   CURL *curl = curl_easy_init();
     69   if(curl) {
     70     CURLcode res;
     71     curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
     72     /* using an HTTPS proxy */
     73     curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443");
     74     curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT, "/etc/certs/cacert.pem");
     75     res = curl_easy_perform(curl);
     76     curl_easy_cleanup(curl);
     77   }
     78 }
     79 ~~~
     80 
     81 # %AVAILABILITY%
     82 
     83 # RETURN VALUE
     84 
     85 curl_easy_setopt(3) returns a CURLcode indicating success or error.
     86 
     87 CURLE_OK (0) means everything was OK, non-zero means an error occurred, see
     88 libcurl-errors(3).