1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_CAINFO_BLOB
5Section: 3
6Source: libcurl
7Protocol:
8  - TLS
9See-also:
10  - CURLOPT_CAINFO (3)
11  - CURLOPT_CAPATH (3)
12  - CURLOPT_SSL_VERIFYHOST (3)
13  - CURLOPT_SSL_VERIFYPEER (3)
14TLS-backend:
15  - BearSSL
16  - OpenSSL
17  - mbedTLS
18  - rustls
19  - wolfSSL
20  - Secure Transport
21  - Schannel
22Added-in: 7.77.0
23---
24
25# NAME
26
27CURLOPT_CAINFO_BLOB - Certificate Authority (CA) bundle in PEM format
28
29# SYNOPSIS
30
31~~~c
32#include <curl/curl.h>
33
34CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO_BLOB,
35                          struct curl_blob *stblob);
36~~~
37
38# DESCRIPTION
39
40Pass a pointer to a curl_blob structure, which contains information (pointer
41and size) about a memory block with binary data of PEM encoded content holding
42one or more certificates to verify the HTTPS server with.
43
44If the blob is initialized with the flags member of struct curl_blob set to
45CURL_BLOB_COPY, the application does not have to keep the buffer around after
46setting this.
47
48If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the
49server's certificate, CURLOPT_CAINFO_BLOB(3) is not needed.
50
51This option overrides CURLOPT_CAINFO(3).
52
53# DEFAULT
54
55NULL
56
57# %PROTOCOLS%
58
59# EXAMPLE
60
61~~~c
62#include <string.h>
63
64int main(void)
65{
66  char *strpem; /* strpem must point to a PEM string */
67  CURL *curl = curl_easy_init();
68  if(curl) {
69    CURLcode res;
70    struct curl_blob blob;
71    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
72    blob.data = strpem;
73    blob.len = strlen(strpem);
74    blob.flags = CURL_BLOB_COPY;
75    curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob);
76    res = curl_easy_perform(curl);
77    curl_easy_cleanup(curl);
78  }
79}
80~~~
81
82# HISTORY
83
84This option is supported by the BearSSL (since 7.79.0), mbedTLS (since
857.81.0), Rustls (since 7.82.0), wolfSSL (since 8.2.0), OpenSSL, Secure
86Transport and Schannel backends.
87
88# %AVAILABILITY%
89
90# RETURN VALUE
91
92Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
93CURLE_OUT_OF_MEMORY if there was insufficient heap space.
94