1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_CRLFILE 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_PROXY_CRLFILE (3) 9 - CURLOPT_SSL_VERIFYHOST (3) 10 - CURLOPT_SSL_VERIFYPEER (3) 11Protocol: 12 - TLS 13TLS-backend: 14 - GnuTLS 15 - mbedTLS 16 - OpenSSL 17--- 18 19# NAME 20 21CURLOPT_CRLFILE - Certificate Revocation List file 22 23# SYNOPSIS 24 25~~~c 26#include <curl/curl.h> 27 28CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file); 29~~~ 30 31# DESCRIPTION 32 33Pass a char pointer to a null-terminated string naming a *file* with the 34concatenation of CRL (in PEM format) to use in the certificate validation that 35occurs during the SSL exchange. 36 37When curl is built to use GnuTLS, there is no way to influence the use of CRL 38passed to help in the verification process. 39 40When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and 41X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the 42elements of the certificate chain if a CRL file is passed. Also note that 43CURLOPT_CRLFILE(3) implies **CURLSSLOPT_NO_PARTIALCHAIN** (see 44CURLOPT_SSL_OPTIONS(3)) since curl 7.71.0 due to an OpenSSL bug. 45 46This option makes sense only when used in combination with the 47CURLOPT_SSL_VERIFYPEER(3) option. 48 49A specific error code (*CURLE_SSL_CRL_BADFILE*) is defined with the option. It 50is returned when the SSL exchange fails because the CRL file cannot be 51loaded. A failure in certificate verification due to a revocation information 52found in the CRL does not trigger this specific error. 53 54The application does not have to keep the string around after setting this 55option. 56 57# DEFAULT 58 59NULL 60 61# EXAMPLE 62 63~~~c 64int main(void) 65{ 66 CURL *curl = curl_easy_init(); 67 if(curl) { 68 CURLcode res; 69 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 70 curl_easy_setopt(curl, CURLOPT_CRLFILE, "/etc/certs/crl.pem"); 71 res = curl_easy_perform(curl); 72 curl_easy_cleanup(curl); 73 } 74} 75~~~ 76 77# AVAILABILITY 78 79Added in 7.19.0 80 81# RETURN VALUE 82 83Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 84CURLE_OUT_OF_MEMORY if there was insufficient heap space. 85