GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CURLOPT_SSL_CTX_DATA(3) FreeBSD Library Functions Manual CURLOPT_SSL_CTX_DATA(3)

CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback

#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);

Data pointer to pass to the ssl context callback set by the option CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third parameter.

NULL

This functionality affects all TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.

This option works only with the following TLS backends: BearSSL, OpenSSL, mbedTLS and wolfSSL

/* OpenSSL specific */
#include <openssl/ssl.h>
#include <curl/curl.h>
#include <stdio.h>
static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
{


  X509_STORE *store;


  X509 *cert = NULL;


  BIO *bio;


  char *mypem = parm;


  /* get a BIO */


  bio = BIO_new_mem_buf(mypem, -1);


  /* use it to read the PEM formatted certificate from memory into an


   * X509 structure that SSL can use


   */


  PEM_read_bio_X509(bio, &cert, 0, NULL);


  if(!cert)


    printf("PEM_read_bio_X509 failed...\n");


  /* get a pointer to the X509 certificate store (which may be empty) */


  store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);


  /* add our certificate to this store */


  if(X509_STORE_add_cert(store, cert) == 0)


    printf("error adding certificate\n");


  /* decrease reference counts */


  X509_free(cert);


  BIO_free(bio);


  /* all set to go */


  return CURLE_OK;
}
int main(void)
{


  CURL *ch;


  CURLcode rv;


  char *mypem = /* example CA cert PEM - shortened */


    "-----BEGIN CERTIFICATE-----\n"


    "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"


    "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"


    "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"


    "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"


    "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"


    "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"


    "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"


    "-----END CERTIFICATE-----\n";


  curl_global_init(CURL_GLOBAL_ALL);


  ch = curl_easy_init();


  curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");


  curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);


  curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");


  curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);


  curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);


  rv = curl_easy_perform(ch);


  if(!rv)


    printf("*** transfer succeeded ***\n");


  else


    printf("*** transfer failed ***\n");


  curl_easy_cleanup(ch);


  curl_global_cleanup();


  return rv;
}

Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS, in 7.83.0 in BearSSL.

Added in curl 7.10.6

CURLE_OK if supported; or an error such as:

CURLE_NOT_BUILT_IN - Not supported by the SSL backend

CURLE_UNKNOWN_OPTION

CURLOPT_SSLVERSION(3), CURLOPT_SSL_CTX_FUNCTION(3)

2025-07-03 libcurl
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.