5
5
.\" * | (__| |_| | _ <| |___
6
6
.\" * \___|\___/|_| \_\_____|
8
.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
8
.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
10
10
.\" * This software is licensed as described in the file COPYING, which
11
11
.\" * you should have received as part of this distribution. The terms
870
870
value to force libcurl to probe for un-restricted auth and if not, only that
871
871
single auth algorithm is acceptable. (Added in 7.21.3)
873
.IP CURLOPT_TLSAUTH_TYPE
874
Pass a long as parameter, which is set to a bitmask, to tell libcurl which
875
authentication method(s) you want it to use for TLS authentication.
877
.IP CURLOPT_TLSAUTH_SRP
878
TLS-SRP authentication. Secure Remote Password authentication for TLS is
879
defined in RFC 5054 and provides mutual authentication if both sides have a
880
shared secret. To use TLS-SRP, you must also set the
881
\fICURLOPT_TLSAUTH_USERNAME\fP and \fICURLOPT_TLSAUTH_PASSWORD\fP options.
883
You need to build libcurl with GnuTLS and with TLS-SRP support for this to
884
work. (Added in 7.21.4)
886
.IP CURLOPT_TLSAUTH_USERNAME
887
Pass a char * as parameter, which should point to the zero-terminated username
888
to use for the TLS authentication method specified with the
889
\fICURLOPT_TLSAUTH_TYPE\fP option. Requires that the
890
\fICURLOPT_TLS_PASSWORD\fP option also be set. (Added in 7.21.4)
891
.IP CURLOPT_TLSAUTH_PASSWORD
892
Pass a char * as parameter, which should point to the zero-terminated password
893
to use for the TLS authentication method specified with the
894
\fICURLOPT_TLSAUTH_TYPE\fP option. Requires that the
895
\fICURLOPT_TLS_USERNAME\fP option also be set. (Added in 7.21.4)
873
896
.IP CURLOPT_PROXYAUTH
874
897
Pass a long as parameter, which is set to a bitmask, to tell libcurl which
875
898
authentication method(s) you want it to use for your proxy authentication. If
1189
1212
Pass a pointer to a zero terminated string as parameter. It will be used to
1190
1213
specify the sender address in a mail when sending an SMTP mail with libcurl.
1215
An originator email address in SMTP lingo is specified within angle brackets
1216
(<>) which libcurl will not add for you before version 7.21.4. Failing to
1217
provide such brackets may cause the server to reject your mail.
1192
1219
(Added in 7.20.0)
1193
1220
.IP CURLOPT_MAIL_RCPT
1194
1221
Pass a pointer to a linked list of recipients to pass to the server in your
1644
1671
.IP CURLOPT_TIMECONDITION
1645
1672
Pass a long as parameter. This defines how the \fICURLOPT_TIMEVALUE\fP time
1646
1673
value is treated. You can set this parameter to \fICURL_TIMECOND_IFMODSINCE\fP
1647
or \fICURL_TIMECOND_IFUNMODSINCE\fP. This feature applies to HTTP, FTP, and
1674
or \fICURL_TIMECOND_IFUNMODSINCE\fP. This feature applies to HTTP, FTP, RTSP,
1650
1677
The last modification time of a file is not always known and in such instances
1651
1678
this feature will have no effect even if the given time condition would not
1807
1834
the file name of your certificate. The default format is "PEM" and can be
1808
1835
changed with \fICURLOPT_SSLCERTTYPE\fP.
1810
With NSS this is the nickname of the certificate you wish to authenticate
1837
With NSS this can also be the nickname of the certificate you wish to
1838
authenticate with. If you want to use a file from the current directory, please
1839
precede it with "./" prefix, in order to avoid confusion with a nickname.
1812
1840
.IP CURLOPT_SSLCERTTYPE
1813
1841
Pass a pointer to a zero terminated string as parameter. The string should be
1814
1842
the format of your certificate. Supported formats are "PEM" and "DER". (Added
1869
1897
.IP CURLOPT_SSL_VERIFYPEER
1870
Pass a long as parameter.
1898
Pass a long as parameter. By default, curl assumes a value of 1.
1872
1900
This option determines whether curl verifies the authenticity of the peer's
1873
certificate. A value of 1 means curl verifies; zero means it doesn't. The
1874
default is nonzero, but before 7.10, it was zero.
1901
certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't.
1876
1903
When negotiating an SSL connection, the server sends a certificate indicating
1877
1904
its identity. Curl verifies whether the certificate is authentic, i.e. that
1878
1905
you can trust that the server is who the certificate says it is. This trust
1879
1906
is based on a chain of digital signatures, rooted in certification authority
1880
(CA) certificates you supply. As of 7.10, curl installs a default bundle of
1881
CA certificates and you can specify alternate certificates with the
1882
\fICURLOPT_CAINFO\fP option or the \fICURLOPT_CAPATH\fP option.
1907
(CA) certificates you supply. curl uses a default bundle of CA certificates
1908
(the path for that is determined at build time) and you can specify alternate
1909
certificates with the \fICURLOPT_CAINFO\fP option or the \fICURLOPT_CAPATH\fP
1884
1912
When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification fails to
1885
1913
prove that the certificate is authentic, the connection fails. When the
1886
option is zero, the connection succeeds regardless.
1914
option is zero, the peer certificate verification succeeds regardless.
1888
1916
Authenticating the certificate is not by itself very useful. You typically
1889
1917
want to ensure that the server, as authentically identified by its
1890
1918
certificate, is the server you mean to be talking to. Use
1891
\fICURLOPT_SSL_VERIFYHOST\fP to control that.
1919
\fICURLOPT_SSL_VERIFYHOST\fP to control that. The check that the host name in
1920
the certificate is valid for the host name you're connecting to is done
1921
independently of the \fICURLOPT_SSL_VERIFYPEER\fP option.
1892
1922
.IP CURLOPT_CAINFO
1893
1923
Pass a char * to a zero terminated string naming a file holding one or more
1894
1924
certificates to verify the peer with. This makes sense only when used in
1919
1949
to be set too for the check to fail). (Added in 7.19.0)
1920
1950
.IP CURLOPT_CAPATH
1921
1951
Pass a char * to a zero terminated string naming a directory holding multiple
1922
CA certificates to verify the peer with. The certificate directory must be
1923
prepared using the openssl c_rehash utility. This makes sense only when used
1924
in combination with the \fICURLOPT_SSL_VERIFYPEER\fP option. If
1925
\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_CAPATH\fP need not even
1926
indicate an accessible path. The \fICURLOPT_CAPATH\fP function apparently
1927
does not work in Windows due to some limitation in openssl. This option is
1928
OpenSSL-specific and does nothing if libcurl is built to use GnuTLS.
1952
CA certificates to verify the peer with. If libcurl is built against OpenSSL,
1953
the certificate directory must be prepared using the openssl c_rehash utility.
1954
This makes sense only when used in combination with the
1955
\fICURLOPT_SSL_VERIFYPEER\fP option. If \fICURLOPT_SSL_VERIFYPEER\fP is zero,
1956
\fICURLOPT_CAPATH\fP need not even indicate an accessible path. The
1957
\fICURLOPT_CAPATH\fP function apparently does not work in Windows due to some
1958
limitation in openssl. This option is OpenSSL-specific and does nothing if
1959
libcurl is built to use GnuTLS. NSS-powered libcurl provides the option only
1960
for backward compatibility.
1929
1961
.IP CURLOPT_CRLFILE
1930
1962
Pass a char * to a zero terminated string naming a file with the concatenation
1931
1963
of CRL (in PEM format) to use in the certificate validation that occurs during
1944
1976
is returned when the SSL exchange fails because the CRL file cannot be loaded.
1945
1977
A failure in certificate verification due to a revocation information found in
1946
1978
the CRL does not trigger this specific error. (Added in 7.19.0)
1947
.IP CURLOPT_CERTINFO
1948
Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
1949
this enabled, libcurl (if built with OpenSSL) will extract lots of information
1950
and data about the certificates in the certificate chain used in the SSL
1951
connection. This data is then possible to extract after a transfer using
1952
\fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in
1954
.IP CURLOPT_RANDOM_FILE
1955
Pass a char * to a zero terminated file name. The file will be used to read
1956
from to seed the random engine for SSL. The more random the specified file is,
1957
the more secure the SSL connection will become.
1958
.IP CURLOPT_EGDSOCKET
1959
Pass a char * to the zero terminated path name to the Entropy Gathering Daemon
1960
socket. It will be used to seed the random engine for SSL.
1961
1979
.IP CURLOPT_SSL_VERIFYHOST
1962
1980
Pass a long as parameter.
1981
1999
When the value is 0, the connection succeeds regardless of the names in the
1984
The default, since 7.10, is 2.
2002
The default value for this option is 2.
1986
This option controls checking the server's claimed identity. The server could
1987
be lying. To control lying, see \fICURLOPT_SSL_VERIFYPEER\fP.
2004
This option controls checking the server's certificate's claimed identity.
2005
The server could be lying. To control lying, see
2006
\fICURLOPT_SSL_VERIFYPEER\fP.
2007
.IP CURLOPT_CERTINFO
2008
Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
2009
this enabled, libcurl (if built with OpenSSL) will extract lots of information
2010
and data about the certificates in the certificate chain used in the SSL
2011
connection. This data is then possible to extract after a transfer using
2012
\fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in
2014
.IP CURLOPT_RANDOM_FILE
2015
Pass a char * to a zero terminated file name. The file will be used to read
2016
from to seed the random engine for SSL. The more random the specified file is,
2017
the more secure the SSL connection will become.
2018
.IP CURLOPT_EGDSOCKET
2019
Pass a char * to the zero terminated path name to the Entropy Gathering Daemon
2020
socket. It will be used to seed the random engine for SSL.
1988
2021
.IP CURLOPT_SSL_CIPHER_LIST
1989
2022
Pass a char *, pointing to a zero terminated string holding the list of
1990
2023
ciphers to use for the SSL connection. The list must be syntactically correct,
added
removed
docs/libcurl/curl_easy_setopt.3
