1--- 2c: Copyright (C) Daniel Stenberg, <daniel.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_CAPATH 5Section: 3 6Source: libcurl 7See-also: 8 - CURLINFO_CAPATH (3) 9 - CURLOPT_CAINFO (3) 10 - CURLOPT_DEBUGFUNCTION (3) 11 - CURLOPT_STDERR (3) 12--- 13 14# NAME 15 16CURLOPT_CAPATH - directory holding CA certificates 17 18# SYNOPSIS 19 20~~~c 21#include <curl/curl.h> 22 23CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAPATH, char *capath); 24~~~ 25 26# DESCRIPTION 27 28Pass a char pointer to a null-terminated string naming a directory holding 29multiple CA certificates to verify the peer with. If libcurl is built against 30OpenSSL, the certificate directory must be prepared using the OpenSSL c_rehash 31utility. This makes sense only when used in combination with the 32CURLOPT_SSL_VERIFYPEER(3) option. 33 34The CURLOPT_CAPATH(3) function apparently does not work in Windows due 35to some limitation in OpenSSL. 36 37The application does not have to keep the string around after setting this 38option. 39 40The default value for this can be figured out with CURLINFO_CAPATH(3). 41 42# DEFAULT 43 44A default path detected at build time. 45 46# PROTOCOLS 47 48All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. 49 50# EXAMPLE 51 52~~~c 53int main(void) 54{ 55 CURL *curl = curl_easy_init(); 56 if(curl) { 57 CURLcode res; 58 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); 59 curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/cert-dir"); 60 res = curl_easy_perform(curl); 61 curl_easy_cleanup(curl); 62 } 63} 64~~~ 65 66# AVAILABILITY 67 68This option is supported by the OpenSSL, GnuTLS and mbedTLS (since 7.56.0) 69backends. 70 71# RETURN VALUE 72 73CURLE_OK if supported; or an error such as: 74 75CURLE_NOT_BUILT_IN - Not supported by the SSL backend 76 77CURLE_UNKNOWN_OPTION 78 79CURLE_OUT_OF_MEMORY 80