Annotation of embedaddon/curl/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3, revision 1.1.1.1
1.1 misho 1: .\" **************************************************************************
2: .\" * _ _ ____ _
3: .\" * Project ___| | | | _ \| |
4: .\" * / __| | | | |_) | |
5: .\" * | (__| |_| | _ <| |___
6: .\" * \___|\___/|_| \_\_____|
7: .\" *
8: .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
9: .\" *
10: .\" * This software is licensed as described in the file COPYING, which
11: .\" * you should have received as part of this distribution. The terms
12: .\" * are also available at https://curl.haxx.se/docs/copyright.html.
13: .\" *
14: .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15: .\" * copies of the Software, and permit persons to whom the Software is
16: .\" * furnished to do so, under the terms of the COPYING file.
17: .\" *
18: .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19: .\" * KIND, either express or implied.
20: .\" *
21: .\" **************************************************************************
22: .\"
23: .TH CURLOPT_SSL_CTX_DATA 3 "June 02, 2019" "libcurl 7.70.0" "curl_easy_setopt options"
24:
25: .SH NAME
26: CURLOPT_SSL_CTX_DATA \- custom pointer passed to ssl_ctx callback
27: .SH SYNOPSIS
28: #include <curl/curl.h>
29:
30: CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
31: .SH DESCRIPTION
32: Data \fIpointer\fP to pass to the ssl context callback set by the option
33: \fICURLOPT_SSL_CTX_FUNCTION(3)\fP, this is the pointer you'll get as third
34: parameter.
35: .SH DEFAULT
36: NULL
37: .SH PROTOCOLS
38: All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
39: .SH EXAMPLE
40: .nf
41: /* OpenSSL specific */
42:
43: #include <openssl/ssl.h>
44: #include <curl/curl.h>
45: #include <stdio.h>
46:
47: static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
48: {
49: X509_STORE *store;
50: X509 *cert=NULL;
51: BIO *bio;
52: char *mypem = (char *)parm;
53: /* get a BIO */
54: bio=BIO_new_mem_buf(mypem, -1);
55: /* use it to read the PEM formatted certificate from memory into an
56: * X509 structure that SSL can use
57: */
58: PEM_read_bio_X509(bio, &cert, 0, NULL);
59: if(cert == NULL)
60: printf("PEM_read_bio_X509 failed...\\n");
61:
62: /* get a pointer to the X509 certificate store (which may be empty) */
63: store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
64:
65: /* add our certificate to this store */
66: if(X509_STORE_add_cert(store, cert)==0)
67: printf("error adding certificate\\n");
68:
69: /* decrease reference counts */
70: X509_free(cert);
71: BIO_free(bio);
72:
73: /* all set to go */
74: return CURLE_OK;
75: }
76:
77: int main(void)
78: {
79: CURL * ch;
80: CURLcode rv;
81: char *mypem = /* example CA cert PEM - shortened */
82: "-----BEGIN CERTIFICATE-----\\n"
83: "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\\n"
84: "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\\n"
85: "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\\n"
86: "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\\n"
87: "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\\n"
88: "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\\n"
89: "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\\n"
90: "-----END CERTIFICATE-----\\n";
91:
92: rv=curl_global_init(CURL_GLOBAL_ALL);
93: ch=curl_easy_init();
94: rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
95: rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
96: rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
97:
98: /* Retrieve page using cacerts' certificate -> will succeed
99: * load the certificate by installing a function doing the necessary
100: * "modifications" to the SSL CONTEXT just before link init
101: */
102: rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
103: rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
104: rv=curl_easy_perform(ch);
105: if(rv==CURLE_OK)
106: printf("*** transfer succeeded ***\\n");
107: else
108: printf("*** transfer failed ***\\n");
109:
110: curl_easy_cleanup(ch);
111: curl_global_cleanup();
112: return rv;
113: }
114: .fi
115: .SH AVAILABILITY
116: Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
117: mbedTLS. Other SSL backends are not supported.
118: .SH RETURN VALUE
119: CURLE_OK if supported; or an error such as:
120:
121: CURLE_NOT_BUILT_IN - Not supported by the SSL backend
122:
123: CURLE_UNKNOWN_OPTION
124: .SH "SEE ALSO"
125: .BR CURLOPT_SSL_CTX_FUNCTION "(3), " CURLOPT_SSLVERSION "(3), "
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>