From cba3f1c739f012aaadb85aaefaf8de424d2695e2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 6 Jul 2014 22:16:21 +0100 Subject: [PATCH 1/1] Document certificate status request options. --- doc/apps/s_client.pod | 6 ++++++ doc/apps/s_server.pod | 23 +++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index f4155c4064..4bccba1f2e 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -76,6 +76,7 @@ B B [B<-sess_in filename>] [B<-rand file(s)>] [B<-serverinfo types>] +[B<-status>] =head1 DESCRIPTION @@ -327,6 +328,11 @@ a list of comma-separated TLS Extension Types (numbers between 0 and The server's response (if any) will be encoded and displayed as a PEM file. +=item B<-status> + +sends a certificate status request to the server (OCSP stapling). The server +response (if any) is printed out. + =back =head1 CONNECTED COMMANDS diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index a8e5278230..0ba7588ac7 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -84,6 +84,10 @@ B B [B<-rand file(s)>] [B<-serverinfo file>] [B<-no_resumption_on_reneg>] +[B<-status>] +[B<-status_verbose>] +[B<-status_timeout nsec>] +[B<-status_url url>] =head1 DESCRIPTION The B command implements a generic SSL/TLS server which listens @@ -364,6 +368,25 @@ ServerHello extension will be returned. set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. +=item B<-status> + +enables certificate status request support (aka OCSP stapling). + +=item B<-status_verbose> + +enables certificate status request support (aka OCSP stapling) and gives +a verbose printout of the OCSP response. + +=item B<-status_timeout nsec> + +sets the timeout for OCSP response to B seconds. + +=item B<-status_url url> + +sets a fallback responder URL to use if no responder URL is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. + =back =head1 CONNECTED COMMANDS -- 2.34.1