libcurl offers a special TLS related callback called
CURLOPT_SSL_CTX_FUNCTION
. This option only works for libcurl powered by
OpenSSL, wolfSSL or mbedTLS and it does nothing if libcurl is built with
another TLS backend.
This callback gets called by libcurl just before the initialization of a TLS
connection after having processed all other TLS related options to give a last
chance to an application to modify the behavior of the TLS initialization. The
ssl_ctx parameter
passed to the callback in the second argument is actually
a pointer to the SSL library's SSL_CTX
for OpenSSL or wolfSSL, and a pointer
to mbedtls_ssl_config
for mbedTLS. If an error is returned from the callback
no attempt to establish a connection is made and the operation will return the
callback's error code. Set the userptr
argument with the
CURLOPT_SSL_CTX_DATA
option.
This function gets called on all new connections made to a server, during the TLS negotiation. The TLS context will point to a newly initialized object each time.