diff options
author | Alessandro Ghedini <alessandro@ghedini.me> | 2014-06-16 13:20:47 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-01-16 23:23:29 +0100 |
commit | 3af90a6e19249807f99bc9ee7b50d3e58849072a (patch) | |
tree | a8e4e31842fcf4b40dbb283847940ea2e83ee3d4 /lib/url.c | |
parent | 5e113a18c56e0743e377854ab18c79305b2830ea (diff) | |
download | curl-3af90a6e19249807f99bc9ee7b50d3e58849072a.tar.gz |
url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.
This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
Diffstat (limited to 'lib/url.c')
-rw-r--r-- | lib/url.c | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -1997,6 +1997,17 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option, data->set.ssl.verifyhost = (0 != arg)?TRUE:FALSE; break; + case CURLOPT_SSL_VERIFYSTATUS: + /* + * Enable certificate status verifying. + */ + if(!Curl_ssl_cert_status_request()) { + result = CURLE_NOT_BUILT_IN; + break; + } + + data->set.ssl.verifystatus = (0 != va_arg(param, long))?TRUE:FALSE; + break; case CURLOPT_SSL_CTX_FUNCTION: #ifdef have_curlssl_ssl_ctx /* |