| .\" ************************************************************************** |
| .\" * _ _ ____ _ |
| .\" * Project ___| | | | _ \| | |
| .\" * / __| | | | |_) | | |
| .\" * | (__| |_| | _ <| |___ |
| .\" * \___|\___/|_| \_\_____| |
| .\" * |
| .\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. |
| .\" * |
| .\" * This software is licensed as described in the file COPYING, which |
| .\" * you should have received as part of this distribution. The terms |
| .\" * are also available at https://curl.haxx.se/docs/copyright.html. |
| .\" * |
| .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| .\" * copies of the Software, and permit persons to whom the Software is |
| .\" * furnished to do so, under the terms of the COPYING file. |
| .\" * |
| .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| .\" * KIND, either express or implied. |
| .\" * |
| .\" ************************************************************************** |
| .\" |
| .TH CURLOPT_PROXY_CAINFO 3 "16 Nov 2016" "libcurl 7.52.0" "curl_easy_setopt options" |
| .SH NAME |
| CURLOPT_PROXY_CAINFO \- path to proxy Certificate Authority (CA) bundle |
| .SH SYNOPSIS |
| #include <curl/curl.h> |
| |
| CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAINFO, char *path); |
| .SH DESCRIPTION |
| This option is for connecting to an HTTPS proxy, not an HTTPS server. |
| |
| Pass a char * to a zero terminated string naming a file holding one or more |
| certificates to verify the HTTPS proxy with. |
| |
| If \fICURLOPT_PROXY_SSL_VERIFYPEER(3)\fP is zero and you avoid verifying the |
| server's certificate, \fICURLOPT_PROXY_CAINFO(3)\fP need not even indicate an |
| accessible file. |
| |
| This option is by default set to the system path where libcurl's cacert bundle |
| is assumed to be stored, as established at build time. |
| |
| If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module |
| (libnsspem.so) needs to be available for this option to work properly. |
| |
| (iOS and macOS only) If curl is built against Secure Transport, then this |
| option is supported for backward compatibility with other SSL engines, but it |
| should not be set. If the option is not set, then curl will use the |
| certificates in the system and user Keychain to verify the peer, which is the |
| preferred method of verifying the peer's certificate chain. |
| |
| The application does not have to keep the string around after setting this |
| option. |
| .SH DEFAULT |
| Built-in system specific |
| .SH PROTOCOLS |
| Used with HTTPS proxy |
| .SH EXAMPLE |
| .nf |
| CURL *curl = curl_easy_init(); |
| if(curl) { |
| curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); |
| /* using an HTTPS proxy */ |
| curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); |
| curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO, "/etc/certs/cabundle.pem"); |
| ret = curl_easy_perform(curl); |
| curl_easy_cleanup(curl); |
| } |
| .fi |
| .SH AVAILABILITY |
| Added in 7.52.0 |
| |
| For TLS backends that don't support certificate files, the |
| \fICURLOPT_PROXY_CAINFO(3)\fP option is ignored. Refer to |
| https://curl.haxx.se/docs/ssl-compared.html |
| .SH RETURN VALUE |
| Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or |
| CURLE_OUT_OF_MEMORY if there was insufficient heap space. |
| .SH "SEE ALSO" |
| .BR CURLOPT_PROXY_CAPATH "(3), " |
| .BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), " CURLOPT_PROXY_SSL_VERIFYHOST "(3), " |
| .BR CURLOPT_CAPATH "(3), " |
| .BR CURLOPT_SSL_VERIFYPEER "(3), " CURLOPT_SSL_VERIFYHOST "(3), " |