diff options
Diffstat (limited to 'docs/cmdline-opts/cert-status.md')
-rw-r--r-- | docs/cmdline-opts/cert-status.md | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/docs/cmdline-opts/cert-status.md b/docs/cmdline-opts/cert-status.md new file mode 100644 index 000000000..bfbd3af83 --- /dev/null +++ b/docs/cmdline-opts/cert-status.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. +SPDX-License-Identifier: curl +Long: cert-status +Protocols: TLS +Added: 7.41.0 +Help: Verify the status of the server cert via OCSP-staple +Category: tls +Multi: boolean +See-also: + - pinnedpubkey +Example: + - --cert-status $URL +--- + +# `--cert-status` + +Tells curl to verify the status of the server certificate by using the +Certificate Status Request (aka. OCSP stapling) TLS extension. + +If this option is enabled and the server sends an invalid (e.g. expired) +response, if the response suggests that the server certificate has been +revoked, or no response at all is received, the verification fails. + +This is currently only implemented in the OpenSSL and GnuTLS backends. |