doc: document tls_feature option in the sample template

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-05-30 11:23:39 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-05-30 11:23:39 +0200
commit: 571e87e946b2312b3ec70171f2bc8c1cb429f59a (patch)
tree: ebee08e2a3a02f3a996751efb89be457b8efd271
parent: d234e6eb64e897524d115854145d1fa14cf45809 (diff)
download: gnutls-571e87e946b2312b3ec70171f2bc8c1cb429f59a.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 95d8052119..146760f74f 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -790,6 +790,14 @@ expiration_days = 700
 # An email in case of a person
 email = "none@@none.org"
 
+# TLS feature (rfc7633) extension. That can is used to indicate mandatory TLS
+# extension features to be provided by the server. In practice this is used
+# to require the Status Request (extid: 5) extension from the server. That is,
+# to require the server holding this certificate to provide a stapled OCSP response.
+
+# To ask for OCSP status request use:
+#tls_feature = 5
+
 # Challenge password used in certificate requests
 challenge_password = 123456
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-05-30 11:23:39 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-05-30 11:23:39 +0200
commit	571e87e946b2312b3ec70171f2bc8c1cb429f59a (patch)
tree	ebee08e2a3a02f3a996751efb89be457b8efd271
parent	d234e6eb64e897524d115854145d1fa14cf45809 (diff)
download	gnutls-571e87e946b2312b3ec70171f2bc8c1cb429f59a.tar.gz