moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Code Issues Releases Wiki Activity

curl: add --cert-status option

Browse Source 
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
This commit is contained in:
Alessandro Ghedini 2014-06-16 20:47:26 +02:00 committed by Daniel Stenberg
parent f46c6fbee0
commit bd0c3b3c66
4 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/curl.1
View File

@ -552,6 +552,16 @@ This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.
If this option is used several times, the last one will be used. If this option is used several times, the last one will be used.
(Added in 7.39.0) (Added in 7.39.0)
.IP "--cert-status"
(SSL) Tells curl to verify the status of the server certificate by using the
Certificate Status Request (aka. OCSP stapling) TLS extension.
If this option is enabled and the server sends an invalid (e.g. expired)
response, if the response suggests that the server certificate has been revoked,
or no response at all is received, the verification fails.
This is currently only implemented in the GnuTLS and NSS backends.
(Added in 7.41.0)
.IP "-f, --fail" .IP "-f, --fail"
(HTTP) Fail silently (no output at all) on server errors. This is mostly done (HTTP) Fail silently (no output at all) on server errors. This is mostly done
to better enable scripts etc to better deal with failed attempts. In normal to better enable scripts etc to better deal with failed attempts. In normal

1
src/tool_cfgable.h
View File

@ -126,6 +126,7 @@ struct OperationConfig {
bool globoff; bool globoff;
bool use_httpget; bool use_httpget;
bool insecure_ok; /* set TRUE to allow insecure SSL connects */ bool insecure_ok; /* set TRUE to allow insecure SSL connects */
bool verifystatus;
bool create_dirs; bool create_dirs;
bool ftp_create_dirs; bool ftp_create_dirs;
bool ftp_skip_ip; bool ftp_skip_ip;

5
src/tool_getparam.c
View File

@ -217,6 +217,7 @@ static const struct LongShort aliases[]= {
{"En", "ssl-allow-beast", FALSE}, {"En", "ssl-allow-beast", FALSE},
{"Eo", "login-options", TRUE}, {"Eo", "login-options", TRUE},
{"Ep", "pinnedpubkey", TRUE}, {"Ep", "pinnedpubkey", TRUE},
{"Eq", "cert-status", FALSE},
{"f", "fail", FALSE}, {"f", "fail", FALSE},
{"F", "form", TRUE}, {"F", "form", TRUE},
{"Fs", "form-string", TRUE}, {"Fs", "form-string", TRUE},
@ -1363,6 +1364,10 @@ ParameterError getparameter(char *flag, /* f or -long-flag */
GetStr(&config->pinnedpubkey, nextarg); GetStr(&config->pinnedpubkey, nextarg);
break; break;
case 'q': /* --cert-status */
config->verifystatus = TRUE;
break;
default: /* certificate file */ default: /* certificate file */
{ {
char *certname, *passphrase; char *certname, *passphrase;

3
src/tool_operate.c
View File

@ -1038,6 +1038,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
/* libcurl default is strict verifyhost -> 2L */ /* libcurl default is strict verifyhost -> 2L */
/* my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); */ /* my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); */
} }
if(config->verifystatus)
my_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L);
} }
if(built_in_protos & (CURLPROTO_SCP|CURLPROTO_SFTP)) { if(built_in_protos & (CURLPROTO_SCP|CURLPROTO_SFTP)) {