xref: /curl/docs/libcurl/opts/CURLOPT_CAINFO.md (revision c4ab3337) 
1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_CAINFO
5Section: 3
6Source: libcurl
7See-also:
8  - CURLINFO_CAINFO (3)
9  - CURLOPT_CAINFO_BLOB (3)
10  - CURLOPT_CAPATH (3)
11  - CURLOPT_CA_CACHE_TIMEOUT (3)
12  - CURLOPT_SSL_VERIFYHOST (3)
13  - CURLOPT_SSL_VERIFYPEER (3)
14Protocol:
15  - TLS
16TLS-backend:
17  - All
18Added-in: 7.4.2
19---
20
21# NAME
22
23CURLOPT_CAINFO - path to Certificate Authority (CA) bundle
24
25# SYNOPSIS
26
27~~~c
28#include <curl/curl.h>
29
30CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO, char *path);
31~~~
32
33# DESCRIPTION
34
35Pass a char pointer to a null-terminated string naming a file holding one or
36more certificates to verify the peer with.
37
38If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the
39server's certificate, CURLOPT_CAINFO(3) need not even indicate an
40accessible file.
41
42This option is by default set to the system path where libcurl's CA
43certificate bundle is assumed to be stored, as established at build time.
44
45(iOS and macOS) When curl uses Secure Transport this option is supported. If
46the option is not set, then curl uses the certificates in the system and user
47Keychain to verify the peer.
48
49(Schannel) This option is supported for Schannel in Windows 7 or later but we
50recommend not using it until Windows 8 since it works better starting then.
51If the option is not set, then curl uses the certificates in the Windows'
52store of root certificates (the default for Schannel).
53
54The application does not have to keep the string around after setting this
55option.
56
57Using this option multiple times makes the last set string override the
58previous ones. Set it to NULL to disable its use again.
59
60The default value for this can be figured out with CURLINFO_CAINFO(3).
61
62# DEFAULT
63
64Built-in system specific. When curl is built with Secure Transport or
65Schannel, this option is not set by default.
66
67# %PROTOCOLS%
68
69# EXAMPLE
70
71~~~c
72int main(void)
73{
74  CURL *curl = curl_easy_init();
75  if(curl) {
76    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
77    curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/certs/cabundle.pem");
78    curl_easy_perform(curl);
79    curl_easy_cleanup(curl);
80  }
81}
82~~~
83
84# HISTORY
85
86Schannel support added in libcurl 7.60.
87
88# %AVAILABILITY%
89
90# RETURN VALUE
91
92Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
93CURLE_OUT_OF_MEMORY if there was insufficient heap space.
94