libcurl offers a special TLS related callback called
CURLOPT_SSL_CTX_FUNCTION. This option only works for libcurl powered by
OpenSSL, wolfSSL or mbedTLS and it does nothing if libcurl is built with
another TLS backend.
This callback gets called by libcurl just before the initialization of a TLS
connection after having processed all other TLS related options to give a last
chance to an application to modify the behavior of the TLS initialization. The
ssl_ctx parameter passed to the callback in the second argument is actually
a pointer to the SSL library's SSL_CTX for OpenSSL or wolfSSL, and a pointer
to mbedtls_ssl_config for mbedTLS. If an error is returned from the callback
no attempt to establish a connection is made and the operation returns the
callback's error code. Set the userptr argument with the
CURLOPT_SSL_CTX_DATA option.
This function gets called on all new connections made to a server, during the TLS negotiation. The TLS context points to a newly initialized object each time.