mirror of
https://github.com/moparisthebest/curl
synced 2025-01-09 13:08:00 -05:00
53022e1893
- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the same as their respective counterparts. - New curl tool options --doh-insecure and --doh-cert-status do the same as their respective counterparts. Prior to this change DOH SSL certificate verification settings for verifyhost and verifypeer were supposed to be inherited respectively from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug were not. As a result DOH verification remained at the default, ie enabled, and it was not possible to disable. This commit changes behavior so that the DOH verification settings are independent and not inherited. Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676 Fixes https://github.com/curl/curl/issues/4578 Closes https://github.com/curl/curl/pull/6597
15 lines
549 B
D
15 lines
549 B
D
Long: cert-status
|
|
Protocols: TLS
|
|
Added: 7.41.0
|
|
Help: Verify the status of the server cert via OCSP-staple
|
|
Category: tls
|
|
---
|
|
Tells curl to verify the status of the server certificate by using the
|
|
Certificate Status Request (aka. OCSP stapling) TLS extension.
|
|
|
|
If this option is enabled and the server sends an invalid (e.g. expired)
|
|
response, if the response suggests that the server certificate has been revoked,
|
|
or no response at all is received, the verification fails.
|
|
|
|
This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
|