docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 - third_party/curl - Git at Google

 .\" **************************************************************************
 .\" *                                  _   _ ____  _
 .\" *  Project                     ___| | | |  _ \| |
 .\" *                             / __| | | | |_) | |
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
 .\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
 .\" * are also available at https://curl.haxx.se/docs/copyright.html.
 .\" *
 .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 .\" * copies of the Software, and permit persons to whom the Software is
 .\" * furnished to do so, under the terms of the COPYING file.
 .\" *
 .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 .\" * KIND, either express or implied.
 .\" *
 .\" **************************************************************************
 .\"
 .TH CURLOPT_SSL_CTX_DATA 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
 .SH NAME
 CURLOPT_SSL_CTX_DATA \- custom pointer passed to ssl_ctx callback
 .SH SYNOPSIS
 #include <curl/curl.h>

 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
 .SH DESCRIPTION
 Data \fIpointer\fP to pass to the ssl context callback set by the option
 \fICURLOPT_SSL_CTX_FUNCTION(3)\fP, this is the pointer you'll get as third
 parameter.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
 .SH EXAMPLE
 .nf
 /* OpenSSL specific */

 #include <openssl/ssl.h>
 #include <curl/curl.h>
 #include <stdio.h>

 static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
 {
   X509_STORE *store;
   X509 *cert=NULL;
   BIO *bio;
   char *mypem = (char *)parm;
   /* get a BIO */
   bio=BIO_new_mem_buf(mypem, -1);
   /* use it to read the PEM formatted certificate from memory into an
    * X509 structure that SSL can use
    */
   PEM_read_bio_X509(bio, &cert, 0, NULL);
   if(cert == NULL)
     printf("PEM_read_bio_X509 failed...\\n");

   /* get a pointer to the X509 certificate store (which may be empty) */
   store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);

   /* add our certificate to this store */
   if(X509_STORE_add_cert(store, cert)==0)
     printf("error adding certificate\\n");

   /* decrease reference counts */
   X509_free(cert);
   BIO_free(bio);

   /* all set to go */
   return CURLE_OK;
 }

 int main(void)
 {
   CURL * ch;
   CURLcode rv;
   char *mypem = /* example CA cert PEM - shortened */
     "-----BEGIN CERTIFICATE-----\\n"
     "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\\n"
     "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\\n"
     "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\\n"
     "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\\n"
     "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\\n"
     "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\\n"
     "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\\n"
     "-----END CERTIFICATE-----\\n";

   rv=curl_global_init(CURL_GLOBAL_ALL);
   ch=curl_easy_init();
   rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
   rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
   rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");

   /* Retrieve page using cacerts' certificate -> will succeed
    * load the certificate by installing a function doing the necessary
    * "modifications" to the SSL CONTEXT just before link init
    */
   rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
   rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
   rv=curl_easy_perform(ch);
   if(rv==CURLE_OK)
     printf("*** transfer succeeded ***\\n");
   else
     printf("*** transfer failed ***\\n");

   curl_easy_cleanup(ch);
   curl_global_cleanup();
   return rv;
 }
 .fi
 .SH AVAILABILITY
 Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
 mbedTLS. Other SSL backends are not supported.
 .SH RETURN VALUE
 CURLE_OK if supported; or an error such as:

 CURLE_NOT_BUILT_IN - Not supported by the SSL backend

 CURLE_UNKNOWN_OPTION
 .SH "SEE ALSO"
 .BR CURLOPT_SSL_CTX_FUNCTION "(3), " CURLOPT_SSLVERSION "(3), "
	.\" **************************************************************************
	.\" * _ _ ____ _
	.\" * Project ___\| \| \| \| _ \\| \|
	.\" * / __\| \| \| \| \|_) \| \|
	.\" * \| (__\| \|_\| \| _ <\| \|___
	.\" * \___\|\___/\|_\| \_\_____\|
	.\" *
	.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
	.\" *
	.\" * This software is licensed as described in the file COPYING, which
	.\" * you should have received as part of this distribution. The terms
	.\" * are also available at https://curl.haxx.se/docs/copyright.html.
	.\" *
	.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
	.\" * copies of the Software, and permit persons to whom the Software is
	.\" * furnished to do so, under the terms of the COPYING file.
	.\" *
	.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
	.\" * KIND, either express or implied.
	.\" *
	.\" **************************************************************************
	.\"
	.TH CURLOPT_SSL_CTX_DATA 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
	.SH NAME
	CURLOPT_SSL_CTX_DATA \- custom pointer passed to ssl_ctx callback
	.SH SYNOPSIS
	#include <curl/curl.h>

	CURLcode curl_easy_setopt(CURL handle, CURLOPT_SSL_CTX_DATA, void pointer);
	.SH DESCRIPTION
	Data \fIpointer\fP to pass to the ssl context callback set by the option
	\fICURLOPT_SSL_CTX_FUNCTION(3)\fP, this is the pointer you'll get as third
	parameter.
	.SH DEFAULT
	NULL
	.SH PROTOCOLS
	All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
	.SH EXAMPLE
	.nf
	/* OpenSSL specific */

	#include <openssl/ssl.h>
	#include <curl/curl.h>
	#include <stdio.h>

	static CURLcode sslctx_function(CURL curl, void sslctx, void *parm)
	{
	X509_STORE *store;
	X509 *cert=NULL;
	BIO *bio;
	char mypem = (char )parm;
	/* get a BIO */
	bio=BIO_new_mem_buf(mypem, -1);
	/* use it to read the PEM formatted certificate from memory into an
	* X509 structure that SSL can use
	*/
	PEM_read_bio_X509(bio, &cert, 0, NULL);
	if(cert == NULL)
	printf("PEM_read_bio_X509 failed...\\n");

	/* get a pointer to the X509 certificate store (which may be empty) */
	store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);

	/* add our certificate to this store */
	if(X509_STORE_add_cert(store, cert)==0)
	printf("error adding certificate\\n");

	/* decrease reference counts */
	X509_free(cert);
	BIO_free(bio);

	/* all set to go */
	return CURLE_OK;
	}

	int main(void)
	{
	CURL * ch;
	CURLcode rv;
	char mypem = / example CA cert PEM - shortened */
	"-----BEGIN CERTIFICATE-----\\n"
	"MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\\n"
	"IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\\n"
	"IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\\n"
	"Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\\n"
	"GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\\n"
	"zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\\n"
	"omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\\n"
	"-----END CERTIFICATE-----\\n";

	rv=curl_global_init(CURL_GLOBAL_ALL);
	ch=curl_easy_init();
	rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
	rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
	rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");

	/* Retrieve page using cacerts' certificate -> will succeed
	* load the certificate by installing a function doing the necessary
	* "modifications" to the SSL CONTEXT just before link init
	*/
	rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
	rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
	rv=curl_easy_perform(ch);
	if(rv==CURLE_OK)
	printf("* transfer succeeded *\\n");
	else
	printf("* transfer failed *\\n");

	curl_easy_cleanup(ch);
	curl_global_cleanup();
	return rv;
	}
	.fi
	.SH AVAILABILITY
	Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for
	mbedTLS. Other SSL backends are not supported.
	.SH RETURN VALUE
	CURLE_OK if supported; or an error such as:

	CURLE_NOT_BUILT_IN - Not supported by the SSL backend

	CURLE_UNKNOWN_OPTION
	.SH "SEE ALSO"
	.BR CURLOPT_SSL_CTX_FUNCTION "(3), " CURLOPT_SSLVERSION "(3), "