char *respin;
/* Default responder to use */
char *host, *path, *port;
+ char *proxy, *no_proxy;
int use_ssl;
int verbose;
} tlsextstatusctx;
OCSP_RESPONSE **resp)
{
char *host = NULL, *port = NULL, *path = NULL;
+ char *proxy = NULL, *no_proxy = NULL;
int use_ssl;
STACK_OF(OPENSSL_STRING) *aia = NULL;
X509 *x = NULL;
port = srctx->port;
use_ssl = srctx->use_ssl;
}
+ proxy = srctx->proxy;
+ no_proxy = srctx->no_proxy;
inctx = X509_STORE_CTX_new();
if (inctx == NULL)
OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE,
OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF,
OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
- OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE,
+ OPT_STATUS_TIMEOUT, OPT_PROXY, OPT_NO_PROXY, OPT_STATUS_URL,
+ OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE,
OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE,
OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK,
{"status_timeout", OPT_STATUS_TIMEOUT, 'n',
"Status request responder timeout"},
{"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"},
+ {"proxy", OPT_PROXY, 's',
+ "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"},
+ {"no_proxy", OPT_NO_PROXY, 's',
+ "List of addresses of servers not to use HTTP(S) proxy for"},
+ {OPT_MORE_STR, 0, 0,
+ "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"},
{"status_file", OPT_STATUS_FILE, '<',
"File containing DER encoded OCSP Response"},
#endif
#ifndef OPENSSL_NO_OCSP
s_tlsextstatus = 1;
tlscstatp.timeout = atoi(opt_arg());
+#endif
+ break;
+ case OPT_PROXY:
+#ifndef OPENSSL_NO_OCSP
+ tlscstatp.proxy = opt_arg();
+#endif
+ break;
+ case OPT_NO_PROXY:
+#ifndef OPENSSL_NO_OCSP
+ tlscstatp.no_proxy = opt_arg();
#endif
break;
case OPT_STATUS_URL:
[B<-status>]
[B<-status_verbose>]
[B<-status_timeout> I<int>]
+[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
+[B<-no_proxy> I<addresses>]
[B<-status_url> I<val>]
[B<-status_file> I<infile>]
[B<-trace>]
Sets the timeout for OCSP response to I<int> seconds.
+=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
+
+The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
+applies, see below.
+The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
+the optional C<http://> or C<https://> prefix is ignored,
+as well as any userinfo and path components.
+Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
+in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
+
+=item B<-no_proxy> I<addresses>
+
+List of IP addresses and/or DNS names of servers
+not to use an HTTP(S) proxy for, separated by commas and/or whitespace
+(where in the latter case the whole argument must be enclosed in "...").
+Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>.
+
=item B<-status_url> I<val>
Sets a fallback responder URL to use if no responder URL is present in the
projects / openssl.git / commitdiff