Annotation of embedaddon/curl/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3, revision 1.1
1.1 ! misho 1: .\" **************************************************************************
! 2: .\" * _ _ ____ _
! 3: .\" * Project ___| | | | _ \| |
! 4: .\" * / __| | | | |_) | |
! 5: .\" * | (__| |_| | _ <| |___
! 6: .\" * \___|\___/|_| \_\_____|
! 7: .\" *
! 8: .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
! 9: .\" *
! 10: .\" * This software is licensed as described in the file COPYING, which
! 11: .\" * you should have received as part of this distribution. The terms
! 12: .\" * are also available at https://curl.haxx.se/docs/copyright.html.
! 13: .\" *
! 14: .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
! 15: .\" * copies of the Software, and permit persons to whom the Software is
! 16: .\" * furnished to do so, under the terms of the COPYING file.
! 17: .\" *
! 18: .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
! 19: .\" * KIND, either express or implied.
! 20: .\" *
! 21: .\" **************************************************************************
! 22: .\"
! 23: .TH CURLOPT_SSL_CTX_DATA 3 "June 02, 2019" "libcurl 7.70.0" "curl_easy_setopt options"
! 24:
! 25: .SH NAME
! 26: CURLOPT_SSL_CTX_DATA \- custom pointer passed to ssl_ctx callback
! 27: .SH SYNOPSIS
! 28: #include <curl/curl.h>
! 29:
! 30: CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
! 31: .SH DESCRIPTION
! 32: Data \fIpointer\fP to pass to the ssl context callback set by the option
! 33: \fICURLOPT_SSL_CTX_FUNCTION(3)\fP, this is the pointer you'll get as third
! 34: parameter.
! 35: .SH DEFAULT
! 36: NULL
! 37: .SH PROTOCOLS
! 38: All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
! 39: .SH EXAMPLE
! 40: .nf
! 41: /* OpenSSL specific */
! 42:
! 43: #include <openssl/ssl.h>
! 44: #include <curl/curl.h>
! 45: #include <stdio.h>
! 46:
! 47: static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
! 48: {
! 49: X509_STORE *store;
! 50: X509 *cert=NULL;
! 51: BIO *bio;
! 52: char *mypem = (char *)parm;
! 53: /* get a BIO */
! 54: bio=BIO_new_mem_buf(mypem, -1);
! 55: /* use it to read the PEM formatted certificate from memory into an
! 56: * X509 structure that SSL can use
! 57: */
! 58: PEM_read_bio_X509(bio, &cert, 0, NULL);
! 59: if(cert == NULL)
! 60: printf("PEM_read_bio_X509 failed...\\n");
! 61:
! 62: /* get a pointer to the X509 certificate store (which may be empty) */
! 63: store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
! 64:
! 65: /* add our certificate to this store */
! 66: if(X509_STORE_add_cert(store, cert)==0)
! 67: printf("error adding certificate\\n");
! 68:
! 69: /* decrease reference counts */
! 70: X509_free(cert);
! 71: BIO_free(bio);
! 72:
! 73: /* all set to go */
! 74: return CURLE_OK;
! 75: }
! 76:
! 77: int main(void)
! 78: {
! 79: CURL * ch;
! 80: CURLcode rv;
! 81: char *mypem = /* example CA cert PEM - shortened */
! 82: "-----BEGIN CERTIFICATE-----\\n"
! 83: "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\\n"
! 84: "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\\n"
! 85: "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\\n"
! 86: "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\\n"
! 87: "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\\n"
! 88: "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\\n"
! 89: "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\\n"
! 90: "-----END CERTIFICATE-----\\n";
! 91:
! 92: rv=curl_global_init(CURL_GLOBAL_ALL);
! 93: ch=curl_easy_init();
! 94: rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
! 95: rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
! 96: rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
! 97:
! 98: /* Retrieve page using cacerts' certificate -> will succeed
! 99: * load the certificate by installing a function doing the necessary
! 100: * "modifications" to the SSL CONTEXT just before link init
! 101: */
! 102: rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
! 103: rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
! 104: rv=curl_easy_perform(ch);
! 105: if(rv==CURLE_OK)
! 106: printf("*** transfer succeeded ***\\n");
! 107: else
! 108: printf("*** transfer failed ***\\n");
! 109:
! 110: curl_easy_cleanup(ch);
! 111: curl_global_cleanup();
! 112: return rv;
! 113: }
! 114: .fi
! 115: .SH AVAILABILITY
! 116: Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
! 117: mbedTLS. Other SSL backends are not supported.
! 118: .SH RETURN VALUE
! 119: CURLE_OK if supported; or an error such as:
! 120:
! 121: CURLE_NOT_BUILT_IN - Not supported by the SSL backend
! 122:
! 123: CURLE_UNKNOWN_OPTION
! 124: .SH "SEE ALSO"
! 125: .BR CURLOPT_SSL_CTX_FUNCTION "(3), " CURLOPT_SSLVERSION "(3), "
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>