DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

CURLOPT_PROXY_SSL_VERIFYPEER(3)





CURLOPT_PROXY_SSL_VERIFYPEER(3curl_easy_setopt optionCURLOPT_PROXY_SSL_VERIFYPEER(3)



NAME

     CURLOPT_PROXY_SSL_VERIFYPEER - verify the proxy's SSL certi-
     ficate


SYNOPSIS

     #include <curl/curl.h>

     CURLcode           curl_easy_setopt(CURL            *handle,
     CURLOPT_PROXY_SSL_VERIFYPEER, long verify);


DESCRIPTION

     Pass a long as parameter set to 1L to enable or 0L  to  dis-
     able.

     This option tells curl to verifies the authenticity  of  the
     HTTPS proxy's certificate. A value of 1 means curl verifies;
     0 (zero) means it doesn't.

     This  is  the  proxy  version  of  CURLOPT_SSL_VERIFYPEER(3)
     that's used for ordinary HTTPS servers.

     When negotiating a TLS or SSL connection, the server sends a
     certificate  indicating  its identity. Curl verifies whether
     the certificate is authentic, i.e. that you can  trust  that
     the server is who the certificate says it is.  This trust is
     based on a chain of digital signatures, rooted in certifica-
     tion  authority  (CA)  certificates you supply.  curl uses a
     default bundle of CA certificates  (the  path  for  that  is
     determined at build time) and you can specify alternate cer-
     tificates with the  CURLOPT_PROXY_CAINFO(3)  option  or  the
     CURLOPT_PROXY_CAPATH(3) option.

     When CURLOPT_PROXY_SSL_VERIFYPEER(3)  is  enabled,  and  the
     verification  fails to prove that the certificate is authen-
     tic, the connection fails.  When the  option  is  zero,  the
     peer certificate verification succeeds regardless.

     Authenticating the certificate is  not  enough  to  be  sure
     about the server. You typically also want to ensure that the
     server is the  server  you  mean  to  be  talking  to.   Use
     CURLOPT_PROXY_SSL_VERIFYHOST(3) for that. The check that the
     host name in the certificate is  valid  for  the  host  name
     you're   connecting   to   is   done  independently  of  the
     CURLOPT_PROXY_SSL_VERIFYPEER(3) option.

     WARNING: disabling verification of  the  certificate  allows
     bad  guys to man-in-the-middle the communication without you
     knowing it. Disabling verification makes  the  communication
     insecure. Just having encryption on a transfer is not enough
     as you cannot be sure that you are  communicating  with  the
     correct end-point.

libcurl 7.58.0   Last change: December 16, 2016                 1


CURLOPT_PROXY_SSL_VERIFYPEER(3curl_easy_setopt optionCURLOPT_PROXY_SSL_VERIFYPEER(3)



DEFAULT

     1


PROTOCOLS

     All


EXAMPLE

     CURL *curl = curl_easy_init();
     if(curl) {
       curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");

       /* Set the default value: strict certificate check please */
       curl_easy_setopt(curl, CURLOPT_PROXY_SSL_VERIFYPEER, 1L);

       curl_easy_perform(curl);
     }


AVAILABILITY

     Added in 7.52.0

     If built TLS enabled.


RETURN VALUE

     Returns  CURLE_OK  if   the   option   is   supported,   and
     CURLE_UNKNOWN_OPTION if not.


SEE ALSO

     CURLOPT_PROXY_SSL_VERIFYHOST(3),  CURLOPT_SSL_VERIFYPEER(3),
     CURLOPT_SSL_VERIFYHOST(3),

libcurl 7.58.0   Last change: December 16, 2016                 2


Man(1) output converted with man2html