SSL: Add an option to disable certificate revocation checks

New tool option --ssl-no-revoke. New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. Currently this option applies only to WinSSL where we have automatic certificate revocation checking by default. According to the ssl-compared chart there are other backends that have automatic checking (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at some later point. Bug: https://github.com/bagder/curl/issues/264 Reported-by: zenden2k <zenden2k@gmail.com>
author: Jay Satiro <raysatiro@yahoo.com> 2015-07-17 02:40:16 -0400
committer: Jay Satiro <raysatiro@yahoo.com> 2015-07-17 02:40:16 -0400
commit: 172b2beba6b89b632c09be7a88645e3a0607cfe9 (patch)
tree: 96d0a159f3ce04f202fb20a939d5999fd3a3eca5 /src/tool_operate.c
parent: 606b29fe0d07144ff13c3a731eef299b72060f91 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 4c6ff854c..1180555fa 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1328,8 +1328,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
                         config->gssapi_delegation);
 
         /* new in 7.25.0 */
-        if(config->ssl_allow_beast)
-          my_setopt(curl, CURLOPT_SSL_OPTIONS, (long)CURLSSLOPT_ALLOW_BEAST);
+        my_setopt_bitmask(curl, CURLOPT_SSL_OPTIONS,
+          (long)((config->ssl_allow_beast ? CURLSSLOPT_ALLOW_BEAST : 0) |
+                 (config->ssl_no_revoke ? CURLSSLOPT_NO_REVOKE : 0)));
 
         if(config->mail_auth)
           my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
author	Jay Satiro <raysatiro@yahoo.com>	2015-07-17 02:40:16 -0400
committer	Jay Satiro <raysatiro@yahoo.com>	2015-07-17 02:40:16 -0400
commit	172b2beba6b89b632c09be7a88645e3a0607cfe9 (patch)
tree	96d0a159f3ce04f202fb20a939d5999fd3a3eca5 /src/tool_operate.c
parent	606b29fe0d07144ff13c3a731eef299b72060f91 (diff)