88 lines
		
	
	
		
			3.5 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
			
		
		
	
	
			88 lines
		
	
	
		
			3.5 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
| .\" **************************************************************************
 | |
| .\" *                                  _   _ ____  _
 | |
| .\" *  Project                     ___| | | |  _ \| |
 | |
| .\" *                             / __| | | | |_) | |
 | |
| .\" *                            | (__| |_| |  _ <| |___
 | |
| .\" *                             \___|\___/|_| \_\_____|
 | |
| .\" *
 | |
| .\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 | |
| .\" *
 | |
| .\" * This software is licensed as described in the file COPYING, which
 | |
| .\" * you should have received as part of this distribution. The terms
 | |
| .\" * are also available at http://curl.haxx.se/docs/copyright.html.
 | |
| .\" *
 | |
| .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 | |
| .\" * copies of the Software, and permit persons to whom the Software is
 | |
| .\" * furnished to do so, under the terms of the COPYING file.
 | |
| .\" *
 | |
| .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 | |
| .\" * KIND, either express or implied.
 | |
| .\" *
 | |
| .\" **************************************************************************
 | |
| .\"
 | |
| .TH CURLOPT_SSL_VERIFYHOST 3 "17 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
 | |
| .SH NAME
 | |
| CURLOPT_SSL_VERIFYHOST \- verify the certificate's name against host
 | |
| .SH SYNOPSIS
 | |
| #include <curl/curl.h>
 | |
| 
 | |
| CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYHOST, long verify);
 | |
| .SH DESCRIPTION
 | |
| Pass a long as parameter specifying what to \fIverify\fP.
 | |
| 
 | |
| This option determines whether libcurl verifies that the server cert is for
 | |
| the server it is known as.
 | |
| 
 | |
| When negotiating TLS and SSL connections, the server sends a certificate
 | |
| indicating its identity.
 | |
| 
 | |
| When \fICURLOPT_SSL_VERIFYHOST(3)\fP is 2, that certificate must indicate that
 | |
| the server is the server to which you meant to connect, or the connection
 | |
| fails. Simply put, it means it has to have the same name in the certificate as
 | |
| is in the URL you operate against.
 | |
| 
 | |
| Curl considers the server the intended one when the Common Name field or a
 | |
| Subject Alternate Name field in the certificate matches the host name in the
 | |
| URL to which you told Curl to connect.
 | |
| 
 | |
| When the \fIverify\fP value is 1, \fIcurl_easy_setopt\fP will return an error
 | |
| and the option value will not be changed.  It was previously (in 7.28.0 and
 | |
| earlier) a debug option of some sorts, but it is no longer supported due to
 | |
| frequently leading to programmer mistakes. Future versions will stop returning
 | |
| an error for 1 and just treat 1 and 2 the same.
 | |
| 
 | |
| When the \fIverify\fP value is 0, the connection succeeds regardless of the
 | |
| names in the certificate. Use that ability with caution!
 | |
| 
 | |
| The default value for this option is 2.
 | |
| 
 | |
| This option controls checking the server's certificate's claimed identity.
 | |
| The server could be lying.  To control lying, see
 | |
| \fICURLOPT_SSL_VERIFYPEER(3)\fP.  If libcurl is built against NSS and
 | |
| \fICURLOPT_SSL_VERIFYPEER(3)\fP is zero, \fICURLOPT_SSL_VERIFYHOST(3)\fP is
 | |
| also set to zero and cannot be overridden.
 | |
| .SH DEFAULT
 | |
| 2
 | |
| .SH PROTOCOLS
 | |
| All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 | |
| .SH EXAMPLE
 | |
| .nf
 | |
| CURL *curl = curl_easy_init();
 | |
| if(curl) {
 | |
|   curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
 | |
| 
 | |
|   /* Set the default value: strict name check please */
 | |
|   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
 | |
| 
 | |
|   curl_easy_perform(curl);
 | |
| }
 | |
| .fi
 | |
| .SH AVAILABILITY
 | |
| If built TLS enabled.
 | |
| .SH RETURN VALUE
 | |
| Returns CURLE_OK if TLS is supported, and CURLE_UNKNOWN_OPTION if not.
 | |
| 
 | |
| If 1 is set as argument, \fICURLE_BAD_FUNCTION_ARGUMENT\fP is returned.
 | |
| .SH "SEE ALSO"
 | |
| .BR CURLOPT_SSL_VERIFYPEER "(3), " CURLOPT_CAINFO "(3), "
 | 
