Provided by: libcurl4-doc_7.85.0-1_all bug

NAME
       CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob


SYNOPSIS
       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB,
                                 struct curl_blob *stblob);


DESCRIPTION
       Pass  a  pointer  to  a curl_blob structure, which contains information (pointer and size)
       about a memory block with binary data of a CA certificate in PEM format. If the option  is
       set, an additional check against the peer certificate is performed to verify the issuer is
       indeed the one associated with the certificate provided by  the  option.  This  additional
       check is useful in multi-level PKI where one needs to enforce that the peer certificate is
       from a specific branch of the tree.

       This option should be used  in  combination  with  the  CURLOPT_SSL_VERIFYPEER(3)  option.
       Otherwise, the result of the check is not considered as failure.

       A  specific  error  code  (CURLE_SSL_ISSUER_ERROR)  is  defined  with the option, which is
       returned if the setup of the SSL/TLS session has failed due to a mismatch with the  issuer
       of peer certificate (CURLOPT_SSL_VERIFYPEER(3) has to be set too for the check to fail).

       If   the   blob  is  initialized  with  the  flags  member  of  struct  curl_blob  set  to
       CURL_BLOB_COPY, the application does not have to keep  the  buffer  around  after  setting
       this.

       This  option  is an alternative to CURLOPT_ISSUERCERT(3) which instead expects a file name
       as input.


DEFAULT
       NULL


PROTOCOLS
       All TLS-based protocols


EXAMPLE
       CURL *curl = curl_easy_init();
       if(curl) {
         struct curl_blob blob;
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         blob.data = certificateData;
         blob.len = filesize;
         blob.flags = CURL_BLOB_COPY;
         curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob);
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }


AVAILABILITY
       Added in 7.71.0. This option is supported by the OpenSSL backends.


RETURN VALUE
       Returns  CURLE_OK  if  the  option  is  supported,   CURLE_UNKNOWN_OPTION   if   not,   or
       CURLE_OUT_OF_MEMORY if there was insufficient heap space.


SEE ALSO
       CURLOPT_ISSUERCERT(3), CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),