diff options
author | Gilles Vollant <info@winimage.com> | 2020-07-13 03:17:56 +0200 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2021-05-05 02:29:16 -0400 |
commit | 77fc3859b24470b5c173174e2aba3b099b92adfd (patch) | |
tree | 010c3dfb572cd78b1b88187bb5dfc4200eeb1638 /lib/setopt.c | |
parent | 70cf50fb4aa5e55ca2e732716a4f455d39192088 (diff) | |
download | curl-77fc3859b24470b5c173174e2aba3b099b92adfd.tar.gz |
SSL: support in-memory CA certs for some backends
- New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
and Secure Transport (Apple) SSL backends.
Prior to this change PEM certificates could only be imported from a file
and not from memory.
Co-authored-by: moparisthebest@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109
Closes https://github.com/curl/curl/pull/6662
Diffstat (limited to 'lib/setopt.c')
-rw-r--r-- | lib/setopt.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/lib/setopt.c b/lib/setopt.c index 16b83321d..9ad984e79 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -2041,6 +2041,20 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE], va_arg(param, char *)); break; + case CURLOPT_CAINFO_BLOB: + /* + * Blob that holds CA info for SSL connection. + * Specify entire PEM of the CA certificate + */ +#ifdef USE_SSL + if(Curl_ssl->supports & SSLSUPP_CAINFO_BLOB) + result = Curl_setblobopt(&data->set.blobs[BLOB_CAINFO], + va_arg(param, struct curl_blob *)); + else +#endif + return CURLE_NOT_BUILT_IN; + + break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_CAINFO: /* @@ -2050,6 +2064,19 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY], va_arg(param, char *)); break; + case CURLOPT_PROXY_CAINFO_BLOB: + /* + * Blob that holds CA info for SSL connection proxy. + * Specify entire PEM of the CA certificate + */ +#ifdef USE_SSL + if(Curl_ssl->supports & SSLSUPP_CAINFO_BLOB) + result = Curl_setblobopt(&data->set.blobs[BLOB_CAINFO_PROXY], + va_arg(param, struct curl_blob *)); + else +#endif + return CURLE_NOT_BUILT_IN; + break; #endif case CURLOPT_CAPATH: /* |