From: Dr. Stephen Henson Date: Sun, 6 Jul 2014 21:16:21 +0000 (+0100) Subject: Document certificate status request options. X-Git-Tag: OpenSSL_1_0_2-beta2~42 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=fbe8ea3abea070f9da1fb48ef2f6e20fc829f829;ds=sidebyside Document certificate status request options. (cherry picked from commit cba3f1c739f012aaadb85aaefaf8de424d2695e2) --- diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 52881f8d3e..1e8ba23456 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -48,6 +48,7 @@ B B [B<-sess_in filename>] [B<-rand file(s)>] [B<-serverinfo types>] +[B<-status>] =head1 DESCRIPTION @@ -267,6 +268,11 @@ a list of comma-separated TLS Extension Types (numbers between 0 and The server's response (if any) will be encoded and displayed as a PEM file. +=item B<-status> + +sends a certificate status request to the server (OCSP stapling). The server +response (if any) is printed out. + =back =head1 CONNECTED COMMANDS diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 4ec4e0cf2b..7b87ad0f03 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -57,6 +57,10 @@ B B [B<-rand file(s)>] [B<-serverinfo file>] [B<-no_resumption_on_reneg>] +[B<-status>] +[B<-status_verbose>] +[B<-status_timeout nsec>] +[B<-status_url url>] =head1 DESCRIPTION The B command implements a generic SSL/TLS server which listens @@ -294,6 +298,25 @@ ServerHello extension will be returned. set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. +=item B<-status> + +enables certificate status request support (aka OCSP stapling). + +=item B<-status_verbose> + +enables certificate status request support (aka OCSP stapling) and gives +a verbose printout of the OCSP response. + +=item B<-status_timeout nsec> + +sets the timeout for OCSP response to B seconds. + +=item B<-status_url url> + +sets a fallback responder URL to use if no responder URL is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. + =back =head1 CONNECTED COMMANDS