CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB, struct curl_blob *stblob);
This option should be used in combination with the CURLOPT_SSL_VERIFYPEER(3) option. Otherwise, the result of the check is not considered as failure.
A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, which is returned if the setup of the SSL/TLS session has failed due to a mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3) has to be set too for the check to fail).
If the blob is initialized with the flags member of struct curl_blob set to CURL_BLOB_COPY, the application does not have to keep the buffer around after setting this.
This option is an alternative to CURLOPT_ISSUERCERT(3) which instead expects a file name as input.
CURL *curl = curl_easy_init(); if(curl) { struct curl_blob blob; curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); blob.data = certificateData; blob.len = filesize; blob.flags = CURL_BLOB_COPY; curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob); ret = curl_easy_perform(curl); curl_easy_cleanup(curl); }