Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
CURLOPT_SSL_VERIFYHOST(3) | Library Functions Manual | CURLOPT_SSL_VERIFYHOST(3) |
NAME
CURLOPT_SSL_VERIFYHOST - verify the certificate's name against hostSYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYHOST, long verify);
DESCRIPTION
Pass a long set to 2L to make libcurl verify the host in the server's TLS certificate.MATCHING
A certificate can have the name as a wildcard. The only asterisk ( *) must then be the left-most character and it must be followed by a period. The wildcard must further contain more than one period as it cannot be set for a top-level domain.LIMITATIONS
Secure Transport: If verify value is 0, then SNI is also disabled. SNI is a TLS extension that sends the hostname to the server. The server may use that information to do such things as sending back a specific certificate for the hostname, or forwarding the request to a specific origin server. Some hostnames may be inaccessible if SNI is not sent.DEFAULT
2PROTOCOLS
This functionality affects all TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.EXAMPLE
int main(void)
{
CURL *curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
/* Set the default value: strict name check please */
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_perform(curl);
}
}
AVAILABILITY
Added in curl 7.8.1HISTORY
In 7.28.0 and earlier: the value 1 was treated as a debug option of some sorts, not supported anymore due to frequently leading to programmer mistakes.RETURN VALUE
Returns CURLE_OK if TLS is supported, and CURLE_UNKNOWN_OPTION if not.SEE ALSO
CURLOPT_CAINFO(3), CURLOPT_PINNEDPUBLICKEY(3), CURLOPT_SSL_VERIFYPEER(3)2024-12-21 | libcurl |