CURLOPT_CRLFILE(3)         curl_easy_setopt options         CURLOPT_CRLFILE(3)

NAME
       CURLOPT_CRLFILE - specify a Certificate Revocation List file

SYNOPSIS
       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file);

DESCRIPTION
       Pass  a  char * to a zero terminated string naming a file with the con-
       catenation of CRL (in PEM format) to use in the certificate  validation
       that occurs during the SSL exchange.

       When  curl  is built to use NSS or GnuTLS, there is no way to influence
       the use of CRL passed to help in the verification process. When libcurl
       is    built    with    OpenSSL   support,   X509_V_FLAG_CRL_CHECK   and
       X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all
       the elements of the certificate chain if a CRL file is passed.

       This  option  makes  sense  only when used in combination with the CUR-
       LOPT_SSL_VERIFYPEER(3) option.

       A specific error  code  (CURLE_SSL_CRL_BADFILE)  is  defined  with  the
       option. It is returned when the SSL exchange fails because the CRL file
       cannot be loaded.  A failure in certificate verification due to a revo-
       cation  information  found  in  the  CRL does not trigger this specific
       error.

       The application does not have to keep the string around  after  setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       TODO

AVAILABILITY
       Added in 7.19.0

RETURN VALUE
       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO
       CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3),

libcurl 7.54.0                 December 21, 2016            CURLOPT_CRLFILE(3)