curl-w32/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md

---
c: Copyright (C) Daniel Stenberg, <daniel.se>, et al.
SPDX-License-Identifier: curl
Title: CURLOPT_SSL_CTX_DATA
Section: 3
Source: libcurl
See-also:
  - CURLOPT_SSLVERSION (3)
  - CURLOPT_SSL_CTX_FUNCTION (3)
---

# NAME

CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback

# SYNOPSIS

~~~c
#include <curl/curl.h>

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer);
~~~

# DESCRIPTION

Data *pointer* to pass to the ssl context callback set by the option
CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third
parameter.

# DEFAULT

NULL

# PROTOCOLS

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.

# EXAMPLE

~~~c
/* OpenSSL specific */

#include <openssl/ssl.h>
#include <curl/curl.h>
#include <stdio.h>

static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
{
  X509_STORE *store;
  X509 *cert = NULL;
  BIO *bio;
  char *mypem = parm;
  /* get a BIO */
  bio = BIO_new_mem_buf(mypem, -1);
  /* use it to read the PEM formatted certificate from memory into an
   * X509 structure that SSL can use
   */
  PEM_read_bio_X509(bio, &cert, 0, NULL);
  if(!cert)
    printf("PEM_read_bio_X509 failed...\n");

  /* get a pointer to the X509 certificate store (which may be empty) */
  store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);

  /* add our certificate to this store */
  if(X509_STORE_add_cert(store, cert) == 0)
    printf("error adding certificate\n");

  /* decrease reference counts */
  X509_free(cert);
  BIO_free(bio);

  /* all set to go */
  return CURLE_OK;
}

int main(void)
{
  CURL *ch;
  CURLcode rv;
  char *mypem = /* example CA cert PEM - shortened */
    "-----BEGIN CERTIFICATE-----\n"
    "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"
    "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"
    "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"
    "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"
    "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"
    "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"
    "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"
    "-----END CERTIFICATE-----\n";

  curl_global_init(CURL_GLOBAL_ALL);
  ch = curl_easy_init();

  curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
  curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
  curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");

  curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
  curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);
  rv = curl_easy_perform(ch);
  if(!rv)
    printf("*** transfer succeeded ***\n");
  else
    printf("*** transfer failed ***\n");

  curl_easy_cleanup(ch);
  curl_global_cleanup();
  return rv;
}
~~~

# AVAILABILITY

Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS,
in 7.83.0 in BearSSL. Other SSL backends are not supported.

# RETURN VALUE

CURLE_OK if supported; or an error such as:

CURLE_NOT_BUILT_IN - Not supported by the SSL backend

CURLE_UNKNOWN_OPTION
Import from curl-8.6.0.zip Upstream: https://github.com/curl/curl/releases/tag/curl-8_6_0 2024-03-02 03:51:05 +00:00			`---`
			`c: Copyright (C) Daniel Stenberg, <daniel.se>, et al.`
			`SPDX-License-Identifier: curl`
			`Title: CURLOPT_SSL_CTX_DATA`
			`Section: 3`
			`Source: libcurl`
			`See-also:`
			`- CURLOPT_SSLVERSION (3)`
			`- CURLOPT_SSL_CTX_FUNCTION (3)`
			`---`

			`# NAME`

			`CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback`

			`# SYNOPSIS`

			`~~~c`
			`#include <curl/curl.h>`

			`CURLcode curl_easy_setopt(CURL handle, CURLOPT_SSL_CTX_DATA, void pointer);`
			`~~~`

			`# DESCRIPTION`

			`Data pointer to pass to the ssl context callback set by the option`
			`CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third`
			`parameter.`

			`# DEFAULT`

			`NULL`

			`# PROTOCOLS`

			`All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.`

			`# EXAMPLE`

			`~~~c`
			`/* OpenSSL specific */`

			`#include <openssl/ssl.h>`
			`#include <curl/curl.h>`
			`#include <stdio.h>`

			`static CURLcode sslctx_function(CURL curl, void sslctx, void *parm)`
			`{`
			`X509_STORE *store;`
			`X509 *cert = NULL;`
			`BIO *bio;`
			`char *mypem = parm;`
			`/* get a BIO */`
			`bio = BIO_new_mem_buf(mypem, -1);`
			`/* use it to read the PEM formatted certificate from memory into an`
			`* X509 structure that SSL can use`
			`*/`
			`PEM_read_bio_X509(bio, &cert, 0, NULL);`
			`if(!cert)`
			`printf("PEM_read_bio_X509 failed...\n");`

			`/* get a pointer to the X509 certificate store (which may be empty) */`
			`store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);`

			`/* add our certificate to this store */`
			`if(X509_STORE_add_cert(store, cert) == 0)`
			`printf("error adding certificate\n");`

			`/* decrease reference counts */`
			`X509_free(cert);`
			`BIO_free(bio);`

			`/* all set to go */`
			`return CURLE_OK;`
			`}`

			`int main(void)`
			`{`
			`CURL *ch;`
			`CURLcode rv;`
			`char mypem = / example CA cert PEM - shortened */`
			`"-----BEGIN CERTIFICATE-----\n"`
			`"MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"`
			`"IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"`
			`"IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"`
			`"Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"`
			`"GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"`
			`"zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"`
			`"omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"`
			`"-----END CERTIFICATE-----\n";`

			`curl_global_init(CURL_GLOBAL_ALL);`
			`ch = curl_easy_init();`

			`curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");`
			`curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);`
			`curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");`

			`curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);`
			`curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem);`
			`rv = curl_easy_perform(ch);`
			`if(!rv)`
			`printf("* transfer succeeded *\n");`
			`else`
			`printf("* transfer failed *\n");`

			`curl_easy_cleanup(ch);`
			`curl_global_cleanup();`
			`return rv;`
			`}`
			`~~~`

			`# AVAILABILITY`

			`Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS,`
			`in 7.83.0 in BearSSL. Other SSL backends are not supported.`

			`# RETURN VALUE`

			`CURLE_OK if supported; or an error such as:`

			`CURLE_NOT_BUILT_IN - Not supported by the SSL backend`

			`CURLE_UNKNOWN_OPTION`