| .\" ************************************************************************** |
| .\" * _ _ ____ _ |
| .\" * Project ___| | | | _ \| | |
| .\" * / __| | | | |_) | | |
| .\" * | (__| |_| | _ <| |___ |
| .\" * \___|\___/|_| \_\_____| |
| .\" * |
| .\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. |
| .\" * |
| .\" * This software is licensed as described in the file COPYING, which |
| .\" * you should have received as part of this distribution. The terms |
| .\" * are also available at https://curl.haxx.se/docs/copyright.html. |
| .\" * |
| .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| .\" * copies of the Software, and permit persons to whom the Software is |
| .\" * furnished to do so, under the terms of the COPYING file. |
| .\" * |
| .\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| .\" * KIND, either express or implied. |
| .\" * |
| .\" ************************************************************************** |
| .\" |
| .TH CURLOPT_SSL_VERIFYHOST 3 "17 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options" |
| .SH NAME |
| CURLOPT_SSL_VERIFYHOST \- verify the certificate's name against host |
| .SH SYNOPSIS |
| #include <curl/curl.h> |
| |
| CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYHOST, long verify); |
| .SH DESCRIPTION |
| Pass a long as parameter specifying what to \fIverify\fP. |
| |
| This option determines whether libcurl verifies that the server cert is for |
| the server it is known as. |
| |
| When negotiating TLS and SSL connections, the server sends a certificate |
| indicating its identity. |
| |
| When \fICURLOPT_SSL_VERIFYHOST(3)\fP is 2, that certificate must indicate that |
| the server is the server to which you meant to connect, or the connection |
| fails. Simply put, it means it has to have the same name in the certificate as |
| is in the URL you operate against. |
| |
| Curl considers the server the intended one when the Common Name field or a |
| Subject Alternate Name field in the certificate matches the host name in the |
| URL to which you told Curl to connect. |
| |
| When the \fIverify\fP value is 1, \fIcurl_easy_setopt\fP will return an error |
| and the option value will not be changed. It was previously (in 7.28.0 and |
| earlier) a debug option of some sorts, but it is no longer supported due to |
| frequently leading to programmer mistakes. Future versions will stop returning |
| an error for 1 and just treat 1 and 2 the same. |
| |
| When the \fIverify\fP value is 0, the connection succeeds regardless of the |
| names in the certificate. Use that ability with caution! |
| |
| The default value for this option is 2. |
| |
| This option controls checking the server's certificate's claimed identity. |
| The server could be lying. To control lying, see |
| \fICURLOPT_SSL_VERIFYPEER(3)\fP. If libcurl is built against NSS and |
| \fICURLOPT_SSL_VERIFYPEER(3)\fP is zero, \fICURLOPT_SSL_VERIFYHOST(3)\fP is |
| also set to zero and cannot be overridden. |
| .SH DEFAULT |
| 2 |
| .SH PROTOCOLS |
| All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. |
| .SH EXAMPLE |
| .nf |
| CURL *curl = curl_easy_init(); |
| if(curl) { |
| curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); |
| |
| /* Set the default value: strict name check please */ |
| curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); |
| |
| curl_easy_perform(curl); |
| } |
| .fi |
| .SH AVAILABILITY |
| If built TLS enabled. |
| .SH RETURN VALUE |
| Returns CURLE_OK if TLS is supported, and CURLE_UNKNOWN_OPTION if not. |
| |
| If 1 is set as argument, \fICURLE_BAD_FUNCTION_ARGUMENT\fP is returned. |
| .SH "SEE ALSO" |
| .BR CURLOPT_SSL_VERIFYPEER "(3), " CURLOPT_CAINFO "(3), " |