1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_PROXY_CAINFO 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_CAINFO (3) 9 - CURLOPT_CAINFO_BLOB (3) 10 - CURLOPT_CAPATH (3) 11 - CURLOPT_PROXY_CAINFO_BLOB (3) 12 - CURLOPT_PROXY_CAPATH (3) 13 - CURLOPT_PROXY_SSL_VERIFYHOST (3) 14 - CURLOPT_PROXY_SSL_VERIFYPEER (3) 15 - CURLOPT_SSL_VERIFYHOST (3) 16 - CURLOPT_SSL_VERIFYPEER (3) 17Protocol: 18 - TLS 19TLS-backend: 20 - All 21Added-in: 7.52.0 22--- 23 24# NAME 25 26CURLOPT_PROXY_CAINFO - path to proxy Certificate Authority (CA) bundle 27 28# SYNOPSIS 29 30~~~c 31#include <curl/curl.h> 32 33CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAINFO, char *path); 34~~~ 35 36# DESCRIPTION 37 38This option is for connecting to an HTTPS proxy, not an HTTPS server. 39 40Pass a char pointer to a null-terminated string naming a file holding one or 41more certificates to verify the HTTPS proxy with. 42 43If CURLOPT_PROXY_SSL_VERIFYPEER(3) is zero and you avoid verifying the 44server's certificate, CURLOPT_PROXY_CAINFO(3) need not even indicate an 45accessible file. 46 47This option is by default set to the system path where libcurl's CA 48certificate bundle is assumed to be stored, as established at build time. 49 50(iOS and macOS only) If curl is built against Secure Transport, then this 51option is supported for backward compatibility with other SSL engines, but it 52should not be set. If the option is not set, then curl uses the certificates 53in the system and user Keychain to verify the peer, which is the preferred 54method of verifying the peer's certificate chain. 55 56The application does not have to keep the string around after setting this 57option. 58 59Using this option multiple times makes the last set string override the 60previous ones. Set it to NULL to disable its use again and switches back to 61internal default. 62 63The default value for this can be figured out with CURLINFO_CAINFO(3). 64 65# DEFAULT 66 67Built-in system specific 68 69# %PROTOCOLS% 70 71# EXAMPLE 72 73~~~c 74int main(void) 75{ 76 CURL *curl = curl_easy_init(); 77 if(curl) { 78 CURLcode res; 79 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 80 /* using an HTTPS proxy */ 81 curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); 82 curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO, "/etc/certs/cabundle.pem"); 83 res = curl_easy_perform(curl); 84 curl_easy_cleanup(curl); 85 } 86} 87~~~ 88 89# NOTES 90 91For TLS backends that do not support certificate files, the 92CURLOPT_PROXY_CAINFO(3) option is ignored. Refer to 93https://curl.se/docs/ssl-compared.html 94 95# %AVAILABILITY% 96 97# RETURN VALUE 98 99Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or 100CURLE_OUT_OF_MEMORY if there was insufficient heap space. 101
