CURLOPT_SSL_VERIFYPEER(3)
CURLOPT_SSL_VERIFYPEER(3�curl_easy_setopt optionCURLOPT_SSL_VERIFYPEER(3)
NAME
CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate
SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle,
CURLOPT_SSL_VERIFYPEER, long verify);
DESCRIPTION
Pass a long as parameter to enable or disable.
This option determines whether curl verifies the authenti-
city of the peer's certificate. A value of 1 means curl ver-
ifies; 0 (zero) means it doesn't.
When negotiating a TLS or SSL connection, the server sends a
certificate indicating its identity. Curl verifies whether
the certificate is authentic, i.e. that you can trust that
the server is who the certificate says it is. This trust is
based on a chain of digital signatures, rooted in certifica-
tion authority (CA) certificates you supply. curl uses a
default bundle of CA certificates (the path for that is
determined at build time) and you can specify alternate cer-
tificates with the CURLOPT_CAINFO(3) option or the
CURLOPT_CAPATH(3) option.
When CURLOPT_SSL_VERIFYPEER(3) is enabled, and the verifica-
tion fails to prove that the certificate is authentic, the
connection fails. When the option is zero, the peer certi-
ficate verification succeeds regardless.
Authenticating the certificate is not enough to be sure
about the server. You typically also want to ensure that the
server is the server you mean to be talking to. Use
CURLOPT_SSL_VERIFYHOST(3) for that. The check that the host
name in the certificate is valid for the host name you're
connecting to is done independently of the
CURLOPT_SSL_VERIFYPEER(3) option.
WARNING: disabling verification of the certificate allows
bad guys to man-in-the-middle the communication without you
knowing it. Disabling verification makes the communication
insecure. Just having encryption on a transfer is not enough
as you cannot be sure that you are communicating with the
correct end-point.
DEFAULT
By default, curl assumes a value of 1.
PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS
libcurl 7.58.0 Last change: February 09, 2017 1
CURLOPT_SSL_VERIFYPEER(3�curl_easy_setopt optionCURLOPT_SSL_VERIFYPEER(3)
etc.
EXAMPLE
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* Set the default value: strict certificate check please */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_perform(curl);
}
AVAILABILITY
If built TLS enabled.
RETURN VALUE
Returns CURLE_OK if the option is supported, and
CURLE_UNKNOWN_OPTION if not.
SEE ALSO
CURLOPT_SSL_VERIFYHOST(3), CURLOPT_PROXY_SSL_VERIFYPEER(3),
CURLOPT_PROXY_SSL_VERIFYHOST(3),
libcurl 7.58.0 Last change: February 09, 2017 2
Man(1) output converted with
man2html