Loading docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +12 −9 Original line number Diff line number Diff line Loading @@ -22,7 +22,7 @@ .\" .TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL or wolfSSL/CyaSSL CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL/CyaSSL or mbedTLS .SH SYNOPSIS .nf #include <curl/curl.h> Loading @@ -32,8 +32,9 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr); CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback); .SH DESCRIPTION This option only works for libcurl powered by OpenSSL or wolfSSL/CyaSSL. If libcurl was built against another SSL library this functionality is absent. This option only works for libcurl powered by OpenSSL, wolfSSL/CyaSSL or mbedTLS. If libcurl was built against another SSL library this functionality is absent. Pass a pointer to your callback function, which should match the prototype shown above. Loading @@ -42,13 +43,15 @@ This callback function gets called by libcurl just before the initialization of an SSL connection after having processed all other SSL related options to give a last chance to an application to modify the behaviour of the SSL initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL library's \fISSL_CTX\fP. If an error is returned from the callback no attempt to establish a connection is made and the perform operation will return the callback's error code. Set the \fIuserptr\fP argument with the library's \fISSL_CTX\fP for OpenSSL or wolfSSL/CyaSSL, and a pointer to \fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the callback no attempt to establish a connection is made and the perform operation will return the callback's error code. Set the \fIuserptr\fP argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP option. This function will get called on all new connections made to a server, during the SSL negotiation. The SSL_CTX pointer will be a new one every time. the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object each time, but note the pointer may be the same as from a prior call. To use this properly, a non-trivial amount of knowledge of your SSL library is necessary. For example, you can use this function to call library-specific Loading Loading @@ -133,8 +136,8 @@ int main(void) } .fi .SH AVAILABILITY Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL backends not supported. Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Added in 7.54.0 for mbedTLS. Other SSL backends not supported. .SH RETURN VALUE CURLE_OK if supported; or an error such as: Loading lib/vtls/mbedtls.c +10 −0 Original line number Diff line number Diff line Loading @@ -495,6 +495,16 @@ mbed_connect_step1(struct connectdata *conn, mbedtls_debug_set_threshold(4); #endif /* give application a chance to interfere with mbedTLS set up. */ if(data->set.ssl.fsslctx) { ret = (*data->set.ssl.fsslctx)(data, &connssl->config, data->set.ssl.fsslctxp); if(ret) { failf(data, "error signaled by ssl ctx callback"); return ret; } } connssl->connecting_state = ssl_connect_2; return CURLE_OK; Loading lib/vtls/mbedtls.h +3 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,9 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, /* this backends supports CURLOPT_PINNEDPUBLICKEY */ #define have_curlssl_pinnedpubkey 1 /* this backend supports CURLOPT_SSL_CTX_* */ #define have_curlssl_ssl_ctx 1 /* API setup for mbedTLS */ #define curlssl_init() Curl_mbedtls_init() #define curlssl_cleanup() Curl_mbedtls_cleanup() Loading Loading
docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +12 −9 Original line number Diff line number Diff line Loading @@ -22,7 +22,7 @@ .\" .TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options" .SH NAME CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL or wolfSSL/CyaSSL CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL/CyaSSL or mbedTLS .SH SYNOPSIS .nf #include <curl/curl.h> Loading @@ -32,8 +32,9 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr); CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback); .SH DESCRIPTION This option only works for libcurl powered by OpenSSL or wolfSSL/CyaSSL. If libcurl was built against another SSL library this functionality is absent. This option only works for libcurl powered by OpenSSL, wolfSSL/CyaSSL or mbedTLS. If libcurl was built against another SSL library this functionality is absent. Pass a pointer to your callback function, which should match the prototype shown above. Loading @@ -42,13 +43,15 @@ This callback function gets called by libcurl just before the initialization of an SSL connection after having processed all other SSL related options to give a last chance to an application to modify the behaviour of the SSL initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL library's \fISSL_CTX\fP. If an error is returned from the callback no attempt to establish a connection is made and the perform operation will return the callback's error code. Set the \fIuserptr\fP argument with the library's \fISSL_CTX\fP for OpenSSL or wolfSSL/CyaSSL, and a pointer to \fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the callback no attempt to establish a connection is made and the perform operation will return the callback's error code. Set the \fIuserptr\fP argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP option. This function will get called on all new connections made to a server, during the SSL negotiation. The SSL_CTX pointer will be a new one every time. the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object each time, but note the pointer may be the same as from a prior call. To use this properly, a non-trivial amount of knowledge of your SSL library is necessary. For example, you can use this function to call library-specific Loading Loading @@ -133,8 +136,8 @@ int main(void) } .fi .SH AVAILABILITY Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL backends not supported. Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Added in 7.54.0 for mbedTLS. Other SSL backends not supported. .SH RETURN VALUE CURLE_OK if supported; or an error such as: Loading
lib/vtls/mbedtls.c +10 −0 Original line number Diff line number Diff line Loading @@ -495,6 +495,16 @@ mbed_connect_step1(struct connectdata *conn, mbedtls_debug_set_threshold(4); #endif /* give application a chance to interfere with mbedTLS set up. */ if(data->set.ssl.fsslctx) { ret = (*data->set.ssl.fsslctx)(data, &connssl->config, data->set.ssl.fsslctxp); if(ret) { failf(data, "error signaled by ssl ctx callback"); return ret; } } connssl->connecting_state = ssl_connect_2; return CURLE_OK; Loading
lib/vtls/mbedtls.h +3 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,9 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, /* this backends supports CURLOPT_PINNEDPUBLICKEY */ #define have_curlssl_pinnedpubkey 1 /* this backend supports CURLOPT_SSL_CTX_* */ #define have_curlssl_ssl_ctx 1 /* API setup for mbedTLS */ #define curlssl_init() Curl_mbedtls_init() #define curlssl_cleanup() Curl_mbedtls_cleanup() Loading
