curlopt_crlfile(3) [mojave man page]
CURLOPT_CRLFILE(3) curl_easy_setopt options CURLOPT_CRLFILE(3) NAME
CURLOPT_CRLFILE - specify a Certificate Revocation List file SYNOPSIS
#include <curl/curl.h> CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file); DESCRIPTION
Pass a char * to a zero terminated string naming a file with the concatenation of CRL (in PEM format) to use in the certificate validation that occurs during the SSL exchange. When curl is built to use NSS or GnuTLS, there is no way to influence the use of CRL passed to help in the verification process. When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the elements of the certificate chain if a CRL file is passed. This option makes sense only when used in combination with the CURLOPT_SSL_VERIFYPEER(3) option. A specific error code (CURLE_SSL_CRL_BADFILE) is defined with the option. It is returned when the SSL exchange fails because the CRL file cannot be loaded. A failure in certificate verification due to a revocation information found in the CRL does not trigger this specific error. The application does not have to keep the string around after setting this option. DEFAULT
NULL PROTOCOLS
All TLS-based protocols EXAMPLE
TODO AVAILABILITY
Added in 7.19.0 RETURN VALUE
Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. SEE ALSO
CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3), libcurl 7.54.0 December 21, 2016 CURLOPT_CRLFILE(3)
Check Out this Related Man Page
CURLOPT_PROXY_CAINFO(3) curl_easy_setopt options CURLOPT_PROXY_CAINFO(3) NAME
CURLOPT_PROXY_CAINFO - path to proxy Certificate Authority (CA) bundle SYNOPSIS
#include <curl/curl.h> CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAINFO, char *path); DESCRIPTION
This option is for connecting to a HTTPS proxy, not a HTTPS server. Pass a char * to a zero terminated string naming a file holding one or more certificates to verify the HTTPS proxy with. If CURLOPT_PROXY_SSL_VERIFYPEER(3) is zero and you avoid verifying the server's certificate, CURLOPT_PROXY_CAINFO(3) need not even indicate an accessible file. This option is by default set to the system path where libcurl's cacert bundle is assumed to be stored, as established at build time. If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module (libnsspem.so) needs to be available for this option to work prop- erly. (iOS and macOS only) If curl is built against Secure Transport, then this option is supported for backward compatibility with other SSL engines, but it should not be set. If the option is not set, then curl will use the certificates in the system and user Keychain to verify the peer, which is the preferred method of verifying the peer's certificate chain. The application does not have to keep the string around after setting this option. DEFAULT
Built-in system specific PROTOCOLS
Used with HTTPS proxy EXAMPLE
TODO AVAILABILITY
Added in 7.52.0 For TLS backends that don't support certificate files, the CURLOPT_PROXY_CAINFO(3) option is ignored. Refer to https://curl.haxx.se/docs/ssl-compared.html RETURN VALUE
Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. SEE ALSO
CURLOPT_PROXY_CAPATH(3), CURLOPT_PROXY_SSL_VERIFYPEER(3), CURLOPT_PROXY_SSL_VERIFYHOST(3), CURLOPT_CAPATH(3), CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3), libcurl 7.54.0 December 21, 2016 CURLOPT_PROXY_CAINFO(3)