Provided by: libcurl4-doc_7.68.0-1ubuntu2.24_all bug

NAME

       CURLOPT_SSL_OPTIONS - set SSL behavior options

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask);

DESCRIPTION

       Pass a long with a bitmask to tell libcurl about specific SSL behaviors. Available bits:

       CURLSSLOPT_ALLOW_BEAST
              Tells libcurl to not attempt to use any workarounds for a security flaw in the SSL3
              and TLS1.0 protocols.  If this option isn't used or this bit is set to 0,  the  SSL
              layer  libcurl  uses  may  use  a work-around for this flaw although it might cause
              interoperability problems with some (older) SSL implementations. WARNING:  avoiding
              this  work-around lessens the security, and by setting this option to 1 you ask for
              exactly that.  This option is only supported for DarwinSSL, NSS and OpenSSL.

       CURLSSLOPT_NO_REVOKE
              Tells libcurl to disable certificate revocation checks for those SSL backends where
              such  behavior  is  present. This option is only supported for Schannel (the native
              Windows SSL  library),  with  an  exception  in  the  case  of  Windows'  Untrusted
              Publishers blacklist which it seems can't be bypassed. (Added in 7.44.0)

       CURLSSLOPT_NO_PARTIALCHAIN
              Tells  libcurl  to not accept "partial" certificate chains, which it otherwise does
              by default. This option is only supported for OpenSSL and will fail the certificate
              verification if the chain ends with an intermediate certificate and not with a root
              cert. (Added in 7.68.0)

DEFAULT

       0

PROTOCOLS

       All TLS-based protocols

EXAMPLE

       CURL *curl = curl_easy_init();
       if(curl) {
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         /* weaken TLS only for use with silly servers */
         curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST |
                          CURLSSLOPT_NO_REVOKE);
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY

       Added in 7.25.0

RETURN VALUE

       Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

       CURLOPT_SSLVERSION(3), CURLOPT_SSL_CIPHER_LIST(3),