url: add CURLOPT_SSL_VERIFYSTATUS option

This option can be used to enable/disable certificate status verification using the "Certificate Status Request" TLS extension defined in RFC6066 section 8. This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the certificate status verification fails, and the Curl_ssl_cert_status_request() function, used to check whether the SSL backend supports the status_request extension.
author: Alessandro Ghedini <alessandro@ghedini.me> 2014-06-16 13:20:47 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2015-01-16 23:23:29 +0100
commit: 3af90a6e19249807f99bc9ee7b50d3e58849072a (patch)
tree: a8e4e31842fcf4b40dbb283847940ea2e83ee3d4 /lib/url.c
parent: 5e113a18c56e0743e377854ab18c79305b2830ea (diff)
download: curl-3af90a6e19249807f99bc9ee7b50d3e58849072a.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/url.c b/lib/url.c
index d3bb5e011..407910cc2 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -1997,6 +1997,17 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
 
     data->set.ssl.verifyhost = (0 != arg)?TRUE:FALSE;
     break;
+  case CURLOPT_SSL_VERIFYSTATUS:
+    /*
+     * Enable certificate status verifying.
+     */
+    if(!Curl_ssl_cert_status_request()) {
+      result = CURLE_NOT_BUILT_IN;
+      break;
+    }
+
+    data->set.ssl.verifystatus = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
   case CURLOPT_SSL_CTX_FUNCTION:
 #ifdef have_curlssl_ssl_ctx
     /*
author	Alessandro Ghedini <alessandro@ghedini.me>	2014-06-16 13:20:47 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2015-01-16 23:23:29 +0100
commit	3af90a6e19249807f99bc9ee7b50d3e58849072a (patch)
tree	a8e4e31842fcf4b40dbb283847940ea2e83ee3d4 /lib/url.c
parent	5e113a18c56e0743e377854ab18c79305b2830ea (diff)
download	curl-3af90a6e19249807f99bc9ee7b50d3e58849072a.tar.gz