1---
2c: Copyright (C) Daniel Stenberg, <daniel.se>, et al.
3SPDX-License-Identifier: curl
4Title: CURLOPT_SSLKEY_BLOB
5Section: 3
6Source: libcurl
7See-also:
8  - CURLOPT_SSLKEY (3)
9  - CURLOPT_SSLKEYTYPE (3)
10---
11
12# NAME
13
14CURLOPT_SSLKEY_BLOB - private key for client cert from memory blob
15
16# SYNOPSIS
17
18~~~c
19#include <curl/curl.h>
20
21CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLKEY_BLOB,
22                          struct curl_blob *blob);
23~~~
24
25# DESCRIPTION
26
27Pass a pointer to a curl_blob structure, which contains information (pointer
28and size) for a private key. Compatible with OpenSSL. The format (like "PEM")
29must be specified with CURLOPT_SSLKEYTYPE(3).
30
31If the blob is initialized with the flags member of struct curl_blob set to
32CURL_BLOB_COPY, the application does not have to keep the buffer around after
33setting this.
34
35This option is an alternative to CURLOPT_SSLKEY(3) which instead expects a
36filename as input.
37
38# DEFAULT
39
40NULL
41
42# PROTOCOLS
43
44All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
45
46# EXAMPLE
47
48~~~c
49
50extern char *certificateData; /* point to cert */
51extern size_t filesize; /* size of cert */
52
53extern char *privateKeyData; /* point to key */
54extern size_t privateKeySize; /* size of key */
55
56int main(void)
57{
58  CURL *curl = curl_easy_init();
59  if(curl) {
60    CURLcode res;
61    struct curl_blob blob;
62    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
63    blob.data = certificateData;
64    blob.len = filesize;
65    blob.flags = CURL_BLOB_COPY;
66    curl_easy_setopt(curl, CURLOPT_SSLCERT_BLOB, &blob);
67    curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
68
69    blob.data = privateKeyData;
70    blob.len = privateKeySize;
71    curl_easy_setopt(curl, CURLOPT_SSLKEY_BLOB, &blob);
72    curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret");
73    curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
74    res = curl_easy_perform(curl);
75    curl_easy_cleanup(curl);
76  }
77}
78~~~
79
80# AVAILABILITY
81
82Added in 7.71.0. This option is supported by the OpenSSL backends.
83
84# RETURN VALUE
85
86Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or
87CURLE_OUT_OF_MEMORY if there was insufficient heap space.
88