1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_ISSUERCERT 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_CRLFILE (3) 9 - CURLOPT_SSL_VERIFYHOST (3) 10 - CURLOPT_SSL_VERIFYPEER (3) 11Protocol: 12 - TLS 13TLS-backend: 14 - OpenSSL 15 - GnuTLS 16--- 17 18# NAME 19 20CURLOPT_ISSUERCERT - issuer SSL certificate filename 21 22# SYNOPSIS 23 24~~~c 25#include <curl/curl.h> 26 27CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT, char *file); 28~~~ 29 30# DESCRIPTION 31 32Pass a char pointer to a null-terminated string naming a *file* holding a CA 33certificate in PEM format. If the option is set, an additional check against 34the peer certificate is performed to verify the issuer is indeed the one 35associated with the certificate provided by the option. This additional check 36is useful in multi-level PKI where one needs to enforce that the peer 37certificate is from a specific branch of the tree. 38 39This option makes sense only when used in combination with the 40CURLOPT_SSL_VERIFYPEER(3) option. Otherwise, the result of the check is 41not considered as failure. 42 43A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, 44which is returned if the setup of the SSL/TLS session has failed due to a 45mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3) 46has to be set too for the check to fail). (Added in 7.19.0) 47 48The application does not have to keep the string around after setting this 49option. 50 51# DEFAULT 52 53NULL 54 55# EXAMPLE 56 57~~~c 58int main(void) 59{ 60 CURL *curl = curl_easy_init(); 61 if(curl) { 62 CURLcode res; 63 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 64 curl_easy_setopt(curl, CURLOPT_ISSUERCERT, "/etc/certs/cacert.pem"); 65 res = curl_easy_perform(curl); 66 curl_easy_cleanup(curl); 67 } 68} 69~~~ 70 71# AVAILABILITY 72 73If built TLS enabled 74 75# RETURN VALUE 76 77Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 78CURLE_OUT_OF_MEMORY if there was insufficient heap space. 79