romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-09 01:34:14 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md
Viktor Szakats 0260e8465a
GHA/checksrc: expand spellcheck, fix issues found 
- codespell: break logic out into its own runnable script. Allowing
  to run it on local machines.
- codespell: install via `pip`, bump to latest version.
- codespell: show version number in CI log.
- codespell: drop no longer needed word exception: `msdos`.
- codespell: include all curl source tree, except `packages` and
  `winbuild`. Drop an obsolete file exclusion.
- add new spellchecker job using the `typos` tool. It includes
  the codespell dictionary and a couple more. Use linuxbrew to install
  it. This takes 10 seconds, while installing via `cargo` from source
  would take over a minute.
- codespell: introduce an inline ignore filter compatible with `cspell`
  Make `typos` recognize it, too. Move single exceptions inline.

Fix new typos found. Also rename variables and words to keep
spellchecking exceptions at minumum. This involves touching some tests.
Also switch base64 strings to `%b64[]` to avoid false positives.

Ref: https://github.com/crate-ci/typos/blob/master/docs/reference.md
Ref: https://github.com/codespell-project/codespell?tab=readme-ov-file#inline-ignore
Ref: https://github.com/codespell-project/codespell/issues/1212#issuecomment-1721152455
Ref: https://cspell.org/docs/Configuration/document-settings

Closes #17905
2025-07-21 16:09:01 +02:00

130 lines
3 KiB
Markdown
Raw Blame History

---
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Title: CURLOPT_SSL_CTX_DATA
Section: 3
Source: libcurl
See-also:
- CURLOPT_SSLVERSION (3)
- CURLOPT_SSL_CTX_FUNCTION (3)
Protocol:
- TLS
TLS-backend:
- OpenSSL
- wolfSSL
- mbedTLS
Added-in: 7.10.6
---
# NAME
CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback
# SYNOPSIS
~~~c
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
~~~
# DESCRIPTION
Data *pointer* to pass to the ssl context callback set by the option
CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third
parameter.
# DEFAULT
NULL
# %PROTOCOLS%
# EXAMPLE
~~~c
/* OpenSSL specific */
#include <openssl/ssl.h>
#include <curl/curl.h>
#include <stdio.h>
static CURLcode sslctx_function(CURL *curl, void *sslctx, void *pointer)
{
X509_STORE *store;
X509 *cert = NULL;
BIO *bio;
char *mypem = pointer;
/* get a BIO */
bio = BIO_new_mem_buf(mypem, -1);
/* use it to read the PEM formatted certificate from memory into an
* X509 structure that SSL can use
*/
PEM_read_bio_X509(bio, &cert, 0, NULL);
if(!cert)
printf("PEM_read_bio_X509 failed...\n");
/* get a pointer to the X509 certificate store (which may be empty) */
store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
/* add our certificate to this store */
if(X509_STORE_add_cert(store, cert) == 0)
printf("error adding certificate\n");
/* decrease reference counts */
X509_free(cert);
BIO_free(bio);
/* all set to go */
return CURLE_OK;
}
int main(void)
{
CURL *ch;
CURLcode rv;
char *mypem = /* example CA cert PEM - shortened */
"-----BEGIN CERTIFICATE-----\n"
"MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"
"IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"
"IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"
"Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"
"GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"
"zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"
"omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"
"-----END CERTIFICATE-----\n";
curl_global_init(CURL_GLOBAL_ALL);
ch = curl_easy_init();
curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
rv = curl_easy_perform(ch);
if(!rv)
printf("*** transfer succeeded ***\n");
else
printf("*** transfer failed ***\n");
curl_easy_cleanup(ch);
curl_global_cleanup();
return rv;
}
~~~
# HISTORY
Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS.
# %AVAILABILITY%
# RETURN VALUE
CURLE_OK if supported; or an error such as:
CURLE_NOT_BUILT_IN - Not supported by the SSL backend
CURLE_UNKNOWN_OPTION
Reference in a new issue View git blame Copy permalink