1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_CAINFO_BLOB 5Section: 3 6Source: libcurl 7Protocol: 8 - TLS 9See-also: 10 - CURLOPT_CAINFO (3) 11 - CURLOPT_CAPATH (3) 12 - CURLOPT_SSL_VERIFYHOST (3) 13 - CURLOPT_SSL_VERIFYPEER (3) 14TLS-backend: 15 - BearSSL 16 - OpenSSL 17 - mbedTLS 18 - rustls 19 - wolfSSL 20 - Secure Transport 21 - Schannel 22--- 23 24# NAME 25 26CURLOPT_CAINFO_BLOB - Certificate Authority (CA) bundle in PEM format 27 28# SYNOPSIS 29 30~~~c 31#include <curl/curl.h> 32 33CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO_BLOB, 34 struct curl_blob *stblob); 35~~~ 36 37# DESCRIPTION 38 39Pass a pointer to a curl_blob structure, which contains information (pointer 40and size) about a memory block with binary data of PEM encoded content holding 41one or more certificates to verify the HTTPS server with. 42 43If the blob is initialized with the flags member of struct curl_blob set to 44CURL_BLOB_COPY, the application does not have to keep the buffer around after 45setting this. 46 47If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the 48server's certificate, CURLOPT_CAINFO_BLOB(3) is not needed. 49 50This option overrides CURLOPT_CAINFO(3). 51 52# DEFAULT 53 54NULL 55 56# EXAMPLE 57 58~~~c 59#include <string.h> 60 61int main(void) 62{ 63 char *strpem; /* strpem must point to a PEM string */ 64 CURL *curl = curl_easy_init(); 65 if(curl) { 66 CURLcode res; 67 struct curl_blob blob; 68 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 69 blob.data = strpem; 70 blob.len = strlen(strpem); 71 blob.flags = CURL_BLOB_COPY; 72 curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob); 73 res = curl_easy_perform(curl); 74 curl_easy_cleanup(curl); 75 } 76} 77~~~ 78 79# AVAILABILITY 80 81Added in 7.77.0. 82 83This option is supported by the BearSSL (since 7.79.0), mbedTLS (since 847.81.0), rustls (since 7.82.0), wolfSSL (since 8.2.0), OpenSSL, Secure 85Transport and Schannel backends. 86 87# RETURN VALUE 88 89Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 90CURLE_OUT_OF_MEMORY if there was insufficient heap space. 91