CURLOPT_CA_CACHE_TIMEOUT(3) libcurl CURLOPT_CA_CACHE_TIMEOUT(3)

CURLOPT_CA_CACHE_TIMEOUT - life-time for cached certificate stores

#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CA_CACHE_TIMEOUT, long age);

Pass a long, this sets the timeout in seconds. This tells libcurl the maximum time any cached certificate store it has in memory may be kept and reused for new connections. Once the timeout has expired, a subsequent fetch requiring a certificate has to reload it.

Building a certificate store from a CURLOPT_CAINFO(3) file is a slow operation so curl may cache the generated certificate store internally to speed up future connections.

Set to zero to completely disable caching, or set to -1 to retain the cached store remain forever. By default, libcurl caches this info for 24 hours.

86400 (24 hours)

All

CURL *curl = curl_easy_init();
if(curl) {
  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin");
  /* only reuse certificate stores for a short time */
  curl_easy_setopt(curl, CURLOPT_CA_CACHE_TIMEOUT, 60L);
  ret = curl_easy_perform(curl);
  /* in this second request, the cache is not used if more than
     sixty seconds passed since the previous connection */
  ret = curl_easy_perform(curl);
  curl_easy_cleanup(curl);
}

This option was added in curl 7.87.0.

Currently the only SSL backend to implement this certificate store caching functionality is the OpenSSL (and forks) backend.

Returns CURLE_OK

CURLOPT_CAINFO(3), CURLOPT_CAINFO_BLOB(3), CURLOPT_CAPATH(3), CURLOPT_SSL_VERIFYPEER(3), CURLOPT_SSL_VERIFYHOST(3)

September 27, 2023 ibcurl 8.4.0