From 3af90a6e19249807f99bc9ee7b50d3e58849072a Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Mon, 16 Jun 2014 13:20:47 +0200
Subject: url: add CURLOPT_SSL_VERIFYSTATUS option

This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
---
 include/curl/curl.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include')

diff --git a/include/curl/curl.h b/include/curl/curl.h
index e3688872e..0a326d3ba 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -523,6 +523,7 @@ typedef enum {
                                     session will be queued */
   CURLE_SSL_PINNEDPUBKEYNOTMATCH, /* 90 - specified pinned public key did not
                                      match */
+  CURLE_SSL_INVALIDCERTSTATUS,   /* 91 - invalid certificate status */
   CURL_LAST /* never use! */
 } CURLcode;
 
@@ -1622,6 +1623,9 @@ typedef enum {
   /* Path to Unix domain socket */
   CINIT(UNIX_SOCKET_PATH, OBJECTPOINT, 231),
 
+  /* Set if we should verify the certificate status. */
+  CINIT(SSL_VERIFYSTATUS, LONG, 232),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
-- 
cgit v1.2.3