1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_SSL_CTX_DATA 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_SSLVERSION (3) 9 - CURLOPT_SSL_CTX_FUNCTION (3) 10Protocol: 11 - TLS 12TLS-backend: 13 - OpenSSL 14 - wolfSSL 15 - mbedTLS 16 - BearSSL 17--- 18 19# NAME 20 21CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback 22 23# SYNOPSIS 24 25~~~c 26#include <curl/curl.h> 27 28CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer); 29~~~ 30 31# DESCRIPTION 32 33Data *pointer* to pass to the ssl context callback set by the option 34CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third 35parameter. 36 37# DEFAULT 38 39NULL 40 41# EXAMPLE 42 43~~~c 44/* OpenSSL specific */ 45 46#include <openssl/ssl.h> 47#include <curl/curl.h> 48#include <stdio.h> 49 50static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) 51{ 52 X509_STORE *store; 53 X509 *cert = NULL; 54 BIO *bio; 55 char *mypem = parm; 56 /* get a BIO */ 57 bio = BIO_new_mem_buf(mypem, -1); 58 /* use it to read the PEM formatted certificate from memory into an 59 * X509 structure that SSL can use 60 */ 61 PEM_read_bio_X509(bio, &cert, 0, NULL); 62 if(!cert) 63 printf("PEM_read_bio_X509 failed...\n"); 64 65 /* get a pointer to the X509 certificate store (which may be empty) */ 66 store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx); 67 68 /* add our certificate to this store */ 69 if(X509_STORE_add_cert(store, cert) == 0) 70 printf("error adding certificate\n"); 71 72 /* decrease reference counts */ 73 X509_free(cert); 74 BIO_free(bio); 75 76 /* all set to go */ 77 return CURLE_OK; 78} 79 80int main(void) 81{ 82 CURL *ch; 83 CURLcode rv; 84 char *mypem = /* example CA cert PEM - shortened */ 85 "-----BEGIN CERTIFICATE-----\n" 86 "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n" 87 "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n" 88 "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n" 89 "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n" 90 "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n" 91 "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n" 92 "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n" 93 "-----END CERTIFICATE-----\n"; 94 95 curl_global_init(CURL_GLOBAL_ALL); 96 ch = curl_easy_init(); 97 98 curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); 99 curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L); 100 curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); 101 102 curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); 103 curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem); 104 rv = curl_easy_perform(ch); 105 if(!rv) 106 printf("*** transfer succeeded ***\n"); 107 else 108 printf("*** transfer failed ***\n"); 109 110 curl_easy_cleanup(ch); 111 curl_global_cleanup(); 112 return rv; 113} 114~~~ 115 116# AVAILABILITY 117 118Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS, 119in 7.83.0 in BearSSL. 120 121# RETURN VALUE 122 123CURLE_OK if supported; or an error such as: 124 125CURLE_NOT_BUILT_IN - Not supported by the SSL backend 126 127CURLE_UNKNOWN_OPTION 128