CURLOPT_SSL_CTX_DATA.md (3050B)
1 --- 2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3 SPDX-License-Identifier: curl 4 Title: CURLOPT_SSL_CTX_DATA 5 Section: 3 6 Source: libcurl 7 See-also: 8 - CURLOPT_SSLVERSION (3) 9 - CURLOPT_SSL_CTX_FUNCTION (3) 10 Protocol: 11 - TLS 12 TLS-backend: 13 - OpenSSL 14 - wolfSSL 15 - mbedTLS 16 Added-in: 7.10.6 17 --- 18 19 # NAME 20 21 CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback 22 23 # SYNOPSIS 24 25 ~~~c 26 #include <curl/curl.h> 27 28 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer); 29 ~~~ 30 31 # DESCRIPTION 32 33 Data *pointer* to pass to the ssl context callback set by the option 34 CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third 35 parameter. 36 37 # DEFAULT 38 39 NULL 40 41 # %PROTOCOLS% 42 43 # EXAMPLE 44 45 ~~~c 46 /* OpenSSL specific */ 47 48 #include <openssl/ssl.h> 49 #include <curl/curl.h> 50 #include <stdio.h> 51 52 static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) 53 { 54 X509_STORE *store; 55 X509 *cert = NULL; 56 BIO *bio; 57 char *mypem = parm; 58 /* get a BIO */ 59 bio = BIO_new_mem_buf(mypem, -1); 60 /* use it to read the PEM formatted certificate from memory into an 61 * X509 structure that SSL can use 62 */ 63 PEM_read_bio_X509(bio, &cert, 0, NULL); 64 if(!cert) 65 printf("PEM_read_bio_X509 failed...\n"); 66 67 /* get a pointer to the X509 certificate store (which may be empty) */ 68 store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx); 69 70 /* add our certificate to this store */ 71 if(X509_STORE_add_cert(store, cert) == 0) 72 printf("error adding certificate\n"); 73 74 /* decrease reference counts */ 75 X509_free(cert); 76 BIO_free(bio); 77 78 /* all set to go */ 79 return CURLE_OK; 80 } 81 82 int main(void) 83 { 84 CURL *ch; 85 CURLcode rv; 86 char *mypem = /* example CA cert PEM - shortened */ 87 "-----BEGIN CERTIFICATE-----\n" 88 "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n" 89 "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n" 90 "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n" 91 "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n" 92 "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n" 93 "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n" 94 "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n" 95 "-----END CERTIFICATE-----\n"; 96 97 curl_global_init(CURL_GLOBAL_ALL); 98 ch = curl_easy_init(); 99 100 curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); 101 curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L); 102 curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); 103 104 curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); 105 curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem); 106 rv = curl_easy_perform(ch); 107 if(!rv) 108 printf("*** transfer succeeded ***\n"); 109 else 110 printf("*** transfer failed ***\n"); 111 112 curl_easy_cleanup(ch); 113 curl_global_cleanup(); 114 return rv; 115 } 116 ~~~ 117 118 # HISTORY 119 120 Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS. 121 122 # %AVAILABILITY% 123 124 # RETURN VALUE 125 126 CURLE_OK if supported; or an error such as: 127 128 CURLE_NOT_BUILT_IN - Not supported by the SSL backend 129 130 CURLE_UNKNOWN_OPTION