1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_CAINFO_BLOB
5Section: 3
6Source: libcurl
7Protocol:
8  - TLS
9See-also:
10  - CURLOPT_CAINFO (3)
11  - CURLOPT_CAPATH (3)
12  - CURLOPT_SSL_VERIFYHOST (3)
13  - CURLOPT_SSL_VERIFYPEER (3)
14TLS-backend:
15  - BearSSL
16  - OpenSSL
17  - mbedTLS
18  - rustls
19  - wolfSSL
20  - Secure Transport
21  - Schannel
22---
23
24# NAME
25
26CURLOPT_CAINFO_BLOB - Certificate Authority (CA) bundle in PEM format
27
28# SYNOPSIS
29
30~~~c
31#include <curl/curl.h>
32
33CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO_BLOB,
34                          struct curl_blob *stblob);
35~~~
36
37# DESCRIPTION
38
39Pass a pointer to a curl_blob structure, which contains information (pointer
40and size) about a memory block with binary data of PEM encoded content holding
41one or more certificates to verify the HTTPS server with.
42
43If the blob is initialized with the flags member of struct curl_blob set to
44CURL_BLOB_COPY, the application does not have to keep the buffer around after
45setting this.
46
47If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the
48server's certificate, CURLOPT_CAINFO_BLOB(3) is not needed.
49
50This option overrides CURLOPT_CAINFO(3).
51
52# DEFAULT
53
54NULL
55
56# EXAMPLE
57
58~~~c
59#include <string.h>
60
61int main(void)
62{
63  char *strpem; /* strpem must point to a PEM string */
64  CURL *curl = curl_easy_init();
65  if(curl) {
66    CURLcode res;
67    struct curl_blob blob;
68    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
69    blob.data = strpem;
70    blob.len = strlen(strpem);
71    blob.flags = CURL_BLOB_COPY;
72    curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob);
73    res = curl_easy_perform(curl);
74    curl_easy_cleanup(curl);
75  }
76}
77~~~
78
79# AVAILABILITY
80
81Added in 7.77.0.
82
83This option is supported by the BearSSL (since 7.79.0), mbedTLS (since
847.81.0), rustls (since 7.82.0), wolfSSL (since 8.2.0), OpenSSL, Secure
85Transport and Schannel backends.
86
87# RETURN VALUE
88
89Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
90CURLE_OUT_OF_MEMORY if there was insufficient heap space.
91