1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_SSL_CTX_DATA 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_SSLVERSION (3) 9 - CURLOPT_SSL_CTX_FUNCTION (3) 10Protocol: 11 - TLS 12TLS-backend: 13 - OpenSSL 14 - wolfSSL 15 - mbedTLS 16 - BearSSL 17Added-in: 7.10.6 18--- 19 20# NAME 21 22CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback 23 24# SYNOPSIS 25 26~~~c 27#include <curl/curl.h> 28 29CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer); 30~~~ 31 32# DESCRIPTION 33 34Data *pointer* to pass to the ssl context callback set by the option 35CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third 36parameter. 37 38# DEFAULT 39 40NULL 41 42# %PROTOCOLS% 43 44# EXAMPLE 45 46~~~c 47/* OpenSSL specific */ 48 49#include <openssl/ssl.h> 50#include <curl/curl.h> 51#include <stdio.h> 52 53static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) 54{ 55 X509_STORE *store; 56 X509 *cert = NULL; 57 BIO *bio; 58 char *mypem = parm; 59 /* get a BIO */ 60 bio = BIO_new_mem_buf(mypem, -1); 61 /* use it to read the PEM formatted certificate from memory into an 62 * X509 structure that SSL can use 63 */ 64 PEM_read_bio_X509(bio, &cert, 0, NULL); 65 if(!cert) 66 printf("PEM_read_bio_X509 failed...\n"); 67 68 /* get a pointer to the X509 certificate store (which may be empty) */ 69 store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx); 70 71 /* add our certificate to this store */ 72 if(X509_STORE_add_cert(store, cert) == 0) 73 printf("error adding certificate\n"); 74 75 /* decrease reference counts */ 76 X509_free(cert); 77 BIO_free(bio); 78 79 /* all set to go */ 80 return CURLE_OK; 81} 82 83int main(void) 84{ 85 CURL *ch; 86 CURLcode rv; 87 char *mypem = /* example CA cert PEM - shortened */ 88 "-----BEGIN CERTIFICATE-----\n" 89 "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n" 90 "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n" 91 "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n" 92 "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n" 93 "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n" 94 "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n" 95 "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n" 96 "-----END CERTIFICATE-----\n"; 97 98 curl_global_init(CURL_GLOBAL_ALL); 99 ch = curl_easy_init(); 100 101 curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); 102 curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L); 103 curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); 104 105 curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); 106 curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem); 107 rv = curl_easy_perform(ch); 108 if(!rv) 109 printf("*** transfer succeeded ***\n"); 110 else 111 printf("*** transfer failed ***\n"); 112 113 curl_easy_cleanup(ch); 114 curl_global_cleanup(); 115 return rv; 116} 117~~~ 118 119# HISTORY 120 121Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS, 122in 7.83.0 in BearSSL. 123 124# %AVAILABILITY% 125 126# RETURN VALUE 127 128CURLE_OK if supported; or an error such as: 129 130CURLE_NOT_BUILT_IN - Not supported by the SSL backend 131 132CURLE_UNKNOWN_OPTION 133
