1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_CAINFO 5Section: 3 6Source: libcurl 7See-also: 8 - CURLINFO_CAINFO (3) 9 - CURLOPT_CAINFO_BLOB (3) 10 - CURLOPT_CAPATH (3) 11 - CURLOPT_CA_CACHE_TIMEOUT (3) 12 - CURLOPT_SSL_VERIFYHOST (3) 13 - CURLOPT_SSL_VERIFYPEER (3) 14Protocol: 15 - TLS 16TLS-backend: 17 - All 18--- 19 20# NAME 21 22CURLOPT_CAINFO - path to Certificate Authority (CA) bundle 23 24# SYNOPSIS 25 26~~~c 27#include <curl/curl.h> 28 29CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO, char *path); 30~~~ 31 32# DESCRIPTION 33 34Pass a char pointer to a null-terminated string naming a file holding one or 35more certificates to verify the peer with. 36 37If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the 38server's certificate, CURLOPT_CAINFO(3) need not even indicate an 39accessible file. 40 41This option is by default set to the system path where libcurl's CA 42certificate bundle is assumed to be stored, as established at build time. 43 44(iOS and macOS) When curl uses Secure Transport this option is supported. If 45the option is not set, then curl uses the certificates in the system and user 46Keychain to verify the peer. 47 48(Schannel) This option is supported for Schannel in Windows 7 or later but we 49recommend not using it until Windows 8 since it works better starting then. 50If the option is not set, then curl uses the certificates in the Windows' 51store of root certificates (the default for Schannel). 52 53The application does not have to keep the string around after setting this 54option. 55 56The default value for this can be figured out with CURLINFO_CAINFO(3). 57 58# DEFAULT 59 60Built-in system specific. When curl is built with Secure Transport or 61Schannel, this option is not set by default. 62 63# EXAMPLE 64 65~~~c 66int main(void) 67{ 68 CURL *curl = curl_easy_init(); 69 if(curl) { 70 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 71 curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/certs/cabundle.pem"); 72 curl_easy_perform(curl); 73 curl_easy_cleanup(curl); 74 } 75} 76~~~ 77 78# AVAILABILITY 79 80Schannel support added in libcurl 7.60. 81 82# RETURN VALUE 83 84Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 85CURLE_OUT_OF_MEMORY if there was insufficient heap space. 86