Provided by: libcurl4-doc_7.85.0-1_all bug

NAME

       CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB,
                                 struct curl_blob *stblob);

DESCRIPTION

       Pass  a  pointer  to  a curl_blob structure, which contains information (pointer and size)
       about a memory block with binary data of a CA certificate in PEM format. If the option  is
       set, an additional check against the peer certificate is performed to verify the issuer is
       indeed the one associated with the certificate provided by  the  option.  This  additional
       check is useful in multi-level PKI where one needs to enforce that the peer certificate is
       from a specific branch of the tree.

       This option should be used  in  combination  with  the  CURLOPT_SSL_VERIFYPEER(3)  option.
       Otherwise, the result of the check is not considered as failure.

       A  specific  error  code  (CURLE_SSL_ISSUER_ERROR)  is  defined  with the option, which is
       returned if the setup of the SSL/TLS session has failed due to a mismatch with the  issuer
       of peer certificate (CURLOPT_SSL_VERIFYPEER(3) has to be set too for the check to fail).

       If   the   blob  is  initialized  with  the  flags  member  of  struct  curl_blob  set  to
       CURL_BLOB_COPY, the application does not have to keep  the  buffer  around  after  setting
       this.

       This  option  is an alternative to CURLOPT_ISSUERCERT(3) which instead expects a file name
       as input.

DEFAULT

       NULL

PROTOCOLS

       All TLS-based protocols

EXAMPLE

       CURL *curl = curl_easy_init();
       if(curl) {
         struct curl_blob blob;
         curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
         blob.data = certificateData;
         blob.len = filesize;
         blob.flags = CURL_BLOB_COPY;
         curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob);
         ret = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
       }

AVAILABILITY

       Added in 7.71.0. This option is supported by the OpenSSL backends.

RETURN VALUE

       Returns  CURLE_OK  if  the  option  is  supported,   CURLE_UNKNOWN_OPTION   if   not,   or
       CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

       CURLOPT_ISSUERCERT(3), CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),