xref: /curl/docs/libcurl/opts/CURLOPT_CAINFO.md (revision e3fe0200) 
1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_CAINFO
5Section: 3
6Source: libcurl
7See-also:
8  - CURLINFO_CAINFO (3)
9  - CURLOPT_CAINFO_BLOB (3)
10  - CURLOPT_CAPATH (3)
11  - CURLOPT_CA_CACHE_TIMEOUT (3)
12  - CURLOPT_SSL_VERIFYHOST (3)
13  - CURLOPT_SSL_VERIFYPEER (3)
14Protocol:
15  - TLS
16TLS-backend:
17  - All
18---
19
20# NAME
21
22CURLOPT_CAINFO - path to Certificate Authority (CA) bundle
23
24# SYNOPSIS
25
26~~~c
27#include <curl/curl.h>
28
29CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO, char *path);
30~~~
31
32# DESCRIPTION
33
34Pass a char pointer to a null-terminated string naming a file holding one or
35more certificates to verify the peer with.
36
37If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the
38server's certificate, CURLOPT_CAINFO(3) need not even indicate an
39accessible file.
40
41This option is by default set to the system path where libcurl's CA
42certificate bundle is assumed to be stored, as established at build time.
43
44(iOS and macOS) When curl uses Secure Transport this option is supported. If
45the option is not set, then curl uses the certificates in the system and user
46Keychain to verify the peer.
47
48(Schannel) This option is supported for Schannel in Windows 7 or later but we
49recommend not using it until Windows 8 since it works better starting then.
50If the option is not set, then curl uses the certificates in the Windows'
51store of root certificates (the default for Schannel).
52
53The application does not have to keep the string around after setting this
54option.
55
56The default value for this can be figured out with CURLINFO_CAINFO(3).
57
58# DEFAULT
59
60Built-in system specific. When curl is built with Secure Transport or
61Schannel, this option is not set by default.
62
63# EXAMPLE
64
65~~~c
66int main(void)
67{
68  CURL *curl = curl_easy_init();
69  if(curl) {
70    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
71    curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/certs/cabundle.pem");
72    curl_easy_perform(curl);
73    curl_easy_cleanup(curl);
74  }
75}
76~~~
77
78# AVAILABILITY
79
80Schannel support added in libcurl 7.60.
81
82# RETURN VALUE
83
84Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
85CURLE_OUT_OF_MEMORY if there was insufficient heap space.
86