| xf.li | 6c8fc1e | 2023-08-12 00:11:09 -0700 | [diff] [blame] | 1 | c: Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al. |
| 2 | SPDX-License-Identifier: curl |
| 3 | Long: cert-status |
| 4 | Protocols: TLS |
| 5 | Added: 7.41.0 |
| 6 | Help: Verify the status of the server cert via OCSP-staple |
| 7 | Category: tls |
| 8 | See-also: pinnedpubkey |
| 9 | Example: --cert-status $URL |
| 10 | Multi: boolean |
| 11 | --- |
| 12 | Tells curl to verify the status of the server certificate by using the |
| 13 | Certificate Status Request (aka. OCSP stapling) TLS extension. |
| 14 | |
| 15 | If this option is enabled and the server sends an invalid (e.g. expired) |
| 16 | response, if the response suggests that the server certificate has been |
| 17 | revoked, or no response at all is received, the verification fails. |
| 18 | |
| 19 | This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. |