This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
If this option is used several times, the last one will be used.
(Added in 7.39.0)
+.IP "--cert-status"
+(SSL) Tells curl to verify the status of the server certificate by using the
+Certificate Status Request (aka. OCSP stapling) TLS extension.
+
+If this option is enabled and the server sends an invalid (e.g. expired)
+response, if the response suggests that the server certificate has been revoked,
+or no response at all is received, the verification fails.
+
+This is currently only implemented in the GnuTLS and NSS backends.
+(Added in 7.41.0)
.IP "-f, --fail"
(HTTP) Fail silently (no output at all) on server errors. This is mostly done
to better enable scripts etc to better deal with failed attempts. In normal
bool globoff;
bool use_httpget;
bool insecure_ok; /* set TRUE to allow insecure SSL connects */
+ bool verifystatus;
bool create_dirs;
bool ftp_create_dirs;
bool ftp_skip_ip;
{"En", "ssl-allow-beast", FALSE},
{"Eo", "login-options", TRUE},
{"Ep", "pinnedpubkey", TRUE},
+ {"Eq", "cert-status", FALSE},
{"f", "fail", FALSE},
{"F", "form", TRUE},
{"Fs", "form-string", TRUE},
GetStr(&config->pinnedpubkey, nextarg);
break;
+ case 'q': /* --cert-status */
+ config->verifystatus = TRUE;
+ break;
+
default: /* certificate file */
{
char *certname, *passphrase;
/* libcurl default is strict verifyhost -> 2L */
/* my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); */
}
+
+ if(config->verifystatus)
+ my_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L);
}
if(built_in_protos & (CURLPROTO_SCP|CURLPROTO_SFTP)) {
projects / curl / commitdiff