2024-05-15 15:20:32 -04:00
|
|
|
---
|
2023-12-11 20:30:44 -05:00
|
|
|
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
|
|
|
SPDX-License-Identifier: curl
|
|
|
|
|
Long: cert-status
|
|
|
|
|
Protocols: TLS
|
|
|
|
|
Added: 7.41.0
|
2024-05-15 15:20:32 -04:00
|
|
|
Help: Verify server cert status OCSP-staple
|
2023-12-11 20:30:44 -05:00
|
|
|
Category: tls
|
|
|
|
|
Multi: boolean
|
2024-05-15 15:20:32 -04:00
|
|
|
See-also:
|
|
|
|
|
- pinnedpubkey
|
|
|
|
|
Example:
|
|
|
|
|
- --cert-status $URL
|
2023-12-11 20:30:44 -05:00
|
|
|
---
|
2024-05-15 15:20:32 -04:00
|
|
|
|
|
|
|
|
# `--cert-status`
|
|
|
|
|
|
|
|
|
|
Verify the status of the server certificate by using the Certificate Status
|
|
|
|
|
Request (aka. OCSP stapling) TLS extension.
|
2023-12-11 20:30:44 -05:00
|
|
|
|
|
|
|
|
If this option is enabled and the server sends an invalid (e.g. expired)
|
|
|
|
|
response, if the response suggests that the server certificate has been
|
|
|
|
|
revoked, or no response at all is received, the verification fails.
|
|
|
|
|
|
2024-05-15 15:20:32 -04:00
|
|
|
This support is currently only implemented in the OpenSSL and GnuTLS backends.
|
