From 77fc3859b24470b5c173174e2aba3b099b92adfd Mon Sep 17 00:00:00 2001 From: Gilles Vollant Date: Mon, 13 Jul 2020 03:17:56 +0200 Subject: SSL: support in-memory CA certs for some backends - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to specify in-memory PEM certificates for OpenSSL, Schannel (Windows) and Secure Transport (Apple) SSL backends. Prior to this change PEM certificates could only be imported from a file and not from memory. Co-authored-by: moparisthebest@users.noreply.github.com Ref: https://github.com/curl/curl/pull/4679 Ref: https://github.com/curl/curl/pull/5677 Ref: https://github.com/curl/curl/pull/6109 Closes https://github.com/curl/curl/pull/6662 --- include/curl/curl.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'include') diff --git a/include/curl/curl.h b/include/curl/curl.h index 1354fba32..e8f9db52f 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -2093,6 +2093,14 @@ typedef enum { /* Same as CURLOPT_SSL_VERIFYSTATUS but for DOH (DNS-over-HTTPS) servers. */ CURLOPT(CURLOPT_DOH_SSL_VERIFYSTATUS, CURLOPTTYPE_LONG, 308), + /* The CA certificates as "blob" used to validate the peer certificate + this option is used only if SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_CAINFO_BLOB, CURLOPTTYPE_BLOB, 309), + + /* The CA certificates as "blob" used to validate the proxy certificate + this option is used only if PROXY_SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_PROXY_CAINFO_BLOB, CURLOPTTYPE_BLOB, 310), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; -- cgit v1.2.1