CURLOPT_ISSUERCERT(3)      curl_easy_setopt options      CURLOPT_ISSUERCERT(3)

NAME
       CURLOPT_ISSUERCERT - issuer SSL certificate filename

SYNOPSIS
       #include <curl/curl.h>

       CURLcode   curl_easy_setopt(CURL   *handle,   CURLOPT_ISSUERCERT,  char
       *file);

DESCRIPTION
       Pass a char * to a zero terminated string naming a file  holding  a  CA
       certificate  in  PEM  format. If the option is set, an additional check
       against the peer certificate is  performed  to  verify  the  issuer  is
       indeed  the one associated with the certificate provided by the option.
       This additional check is useful in multi-level PKI where one  needs  to
       enforce  that  the  peer  certificate  is from a specific branch of the
       tree.

       This option makes sense only when used in  combination  with  the  CUR-
       LOPT_SSL_VERIFYPEER(3)  option.  Otherwise,  the result of the check is
       not considered as failure.

       A specific error code  (CURLE_SSL_ISSUER_ERROR)  is  defined  with  the
       option,  which  is  returned  if  the  setup of the SSL/TLS session has
       failed due to a mismatch with the  issuer  of  peer  certificate  (CUR-
       LOPT_SSL_VERIFYPEER(3) has to be set too for the check to fail). (Added
       in 7.19.0)

       The application does not have to keep the string around  after  setting
       this option.

DEFAULT
       NULL

PROTOCOLS
       All TLS-based protocols

EXAMPLE
       TODO

AVAILABILITY
       If built TLS enabled

RETURN VALUE
       Returns  CURLE_OK  if  the option is supported, CURLE_UNKNOWN_OPTION if
       not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO
       CURLOPT_CRLFILE(3), CURLOPT_SSL_VERIFYPEER(3),

libcurl 7.54.0                 December 21, 2016         CURLOPT_ISSUERCERT(3)