Components | All | New | MacOS | Windows | Linux | iOS | ||||
Examples | Mac & Win | Server | Client | Guides | Statistic | FMM | Blog | Deprecated | Old |
CURL.SetOptionIssuerCert
Sets the file path for the CA certificate in PEM format.
Component | Version | macOS | Windows | Linux | Server | iOS SDK |
CURL | 2.5 | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes | ✅ Yes |
MBS( "CURL.SetOptionIssuerCert"; curl; Value { ; Encoding } ) More
Parameters
Parameter | Description | Example | Flags |
---|---|---|---|
curl | The CURL session handle. | $curl | |
Value | The CA certificate file path. | "/tmp/cert.pem" | |
Encoding | The text encoding for text parameter. Default is UTF-8. Possible encoding names: ANSI, ISO-8859-1, Latin1, Mac, Native, UTF-8, DOS, Hex, Base64 or Windows. More listed in the FAQ. |
"UTF8" | Optional |
Result
Returns "OK" on success.
Description
Sets the file path for the CA certificate in PEM format.If the option is set, an additional check against the peer certificate is performed to verify the issuer is indeed the one associated with the certificate provided by the option. This additional check is useful in multi-level PKI where one needs to enforce that the peer certificate is from a specific branch of the tree.
This option makes sense only when used in combination with the CURL.SetOptionSSLVerifyPeer option. Otherwise, the result of the check is not considered as failure.
A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, which is returned if the setup of the SSL/TLS session has failed due to a mismatch with the issuer of peer certificate (CURL.SetOptionSSLVerifyPeer has to be set too for the check to fail).
Starting with version 8.0 the plugin will always use UTF-8 encoding for file path on Linux and macOS. For macOS we also do the unicode character normalization for file names for you.
See CURL.SetOptionIssuerCertBlob to pass certificate as container or text.
See also ISSUERCERT option in CURL manual.
See also
- CURL.SetOptionDNSServers
- CURL.SetOptionIssuerCertBlob
- CURL.SetOptionProxyIssuerCert
- CURL.SetOptionReferer
- CURL.SetOptionSSLCert
- CURL.SetOptionSSLVerifyPeer
- CURL.SetOptionTransferText
- CURL.SetOptionUserAgent
Release notes
- Version 10.4
- Changed CURL.SetOptionIssuerCertBlob, CURL.SetOptionProxyIssuerCert, CURL.SetOptionProxyIssuerCertBlob, CURL.SetOptionProxySSLCertBlob, CURL.SetOptionProxySSLKeyBlob, CURL.SetOptionSSLCertBlob and CURL.SetOptionSSLKeyBlob to replace line endings for keys to LF if needed.
- Version 10.3
- Version 8.0
- Changed CURL.SetOptionCAINFO, CURL.SetOptionCAPATH, CURL.SetOptionCookieFile, CURL.SetOptionCookieJar, CURL.SetOptionIssuerCert, CURL.SetOptionNETRCFile, CURL.SetOptionRandomFile, CURL.SetOptionSSHPrivateKeyfile, CURL.SetOptionSSHPublicKeyfile, CURL.SetOptionSSLCert, CURL.SetOptionSSLKey to use always UTF-8 on Mac/Linux and on Mac do the unicode transformation for decomposed characters to avoid trouble with special characters in file paths.
Blog Entries
Created 18th August 2014, last changed 25th June 2020