From 172b2beba6b89b632c09be7a88645e3a0607cfe9 Mon Sep 17 00:00:00 2001
From: Jay Satiro <raysatiro@yahoo.com>
Date: Fri, 17 Jul 2015 02:40:16 -0400
Subject: SSL: Add an option to disable certificate revocation checks

New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.

Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.

Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
---
 include/curl/curl.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include')

diff --git a/include/curl/curl.h b/include/curl/curl.h
index eab2f6e99..64f926142 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -725,6 +725,10 @@ typedef enum {
    servers, a user can this way allow the vulnerability back. */
 #define CURLSSLOPT_ALLOW_BEAST (1<<0)
 
+/* - NO_REVOKE tells libcurl to disable certificate revocation checks for those
+   SSL backends where such behavior is present. */
+#define CURLSSLOPT_NO_REVOKE (1<<1)
+
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                           the obsolete stuff removed! */
 
-- 
cgit v1.2.3