1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_PROXY_CAINFO 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_CAINFO (3) 9 - CURLOPT_CAINFO_BLOB (3) 10 - CURLOPT_CAPATH (3) 11 - CURLOPT_PROXY_CAINFO_BLOB (3) 12 - CURLOPT_PROXY_CAPATH (3) 13 - CURLOPT_PROXY_SSL_VERIFYHOST (3) 14 - CURLOPT_PROXY_SSL_VERIFYPEER (3) 15 - CURLOPT_SSL_VERIFYHOST (3) 16 - CURLOPT_SSL_VERIFYPEER (3) 17Protocol: 18 - TLS 19TLS-backend: 20 - All 21--- 22 23# NAME 24 25CURLOPT_PROXY_CAINFO - path to proxy Certificate Authority (CA) bundle 26 27# SYNOPSIS 28 29~~~c 30#include <curl/curl.h> 31 32CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAINFO, char *path); 33~~~ 34 35# DESCRIPTION 36 37This option is for connecting to an HTTPS proxy, not an HTTPS server. 38 39Pass a char pointer to a null-terminated string naming a file holding one or 40more certificates to verify the HTTPS proxy with. 41 42If CURLOPT_PROXY_SSL_VERIFYPEER(3) is zero and you avoid verifying the 43server's certificate, CURLOPT_PROXY_CAINFO(3) need not even indicate an 44accessible file. 45 46This option is by default set to the system path where libcurl's CA 47certificate bundle is assumed to be stored, as established at build time. 48 49(iOS and macOS only) If curl is built against Secure Transport, then this 50option is supported for backward compatibility with other SSL engines, but it 51should not be set. If the option is not set, then curl uses the certificates 52in the system and user Keychain to verify the peer, which is the preferred 53method of verifying the peer's certificate chain. 54 55The application does not have to keep the string around after setting this 56option. 57 58The default value for this can be figured out with CURLINFO_CAINFO(3). 59 60# DEFAULT 61 62Built-in system specific 63 64# EXAMPLE 65 66~~~c 67int main(void) 68{ 69 CURL *curl = curl_easy_init(); 70 if(curl) { 71 CURLcode res; 72 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 73 /* using an HTTPS proxy */ 74 curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); 75 curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO, "/etc/certs/cabundle.pem"); 76 res = curl_easy_perform(curl); 77 curl_easy_cleanup(curl); 78 } 79} 80~~~ 81 82# AVAILABILITY 83 84Added in 7.52.0 85 86For TLS backends that do not support certificate files, the 87CURLOPT_PROXY_CAINFO(3) option is ignored. Refer to 88https://curl.se/docs/ssl-compared.html 89 90# RETURN VALUE 91 92Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 93CURLE_OUT_OF_MEMORY if there was insufficient heap space. 94