curl: add --cert-status option

This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
author: Alessandro Ghedini <alessandro@ghedini.me> 2014-06-16 20:47:26 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2015-01-16 23:23:29 +0100
commit: bd0c3b3c66da5c087479a81234002151333d808f (patch)
tree: 34512c7a8da7d02653109508aa58e16cbc090fc4 /docs/curl.1
parent: f46c6fbee03ffd14038b1c5a5a73a86fbf862380 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/curl.1 b/docs/curl.1
index 0b9971cd2..40cfbedff 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -552,6 +552,16 @@ This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.
 
 If this option is used several times, the last one will be used.
 (Added in 7.39.0)
+.IP "--cert-status"
+(SSL) Tells curl to verify the status of the server certificate by using the
+Certificate Status Request (aka. OCSP stapling) TLS extension.
+
+If this option is enabled and the server sends an invalid (e.g. expired)
+response, if the response suggests that the server certificate has been revoked,
+or no response at all is received, the verification fails.
+
+This is currently only implemented in the GnuTLS and NSS backends.
+(Added in 7.41.0)
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
 to better enable scripts etc to better deal with failed attempts. In normal
author	Alessandro Ghedini <alessandro@ghedini.me>	2014-06-16 20:47:26 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2015-01-16 23:23:29 +0100
commit	bd0c3b3c66da5c087479a81234002151333d808f (patch)
tree	34512c7a8da7d02653109508aa58e16cbc090fc4 /docs/curl.1
parent	f46c6fbee03ffd14038b1c5a5a73a86fbf862380 (diff)