From f13669a375f5bfd14797bda91642cabe076974fa Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Mon, 16 Jun 2014 13:21:02 +0200
Subject: gtls: add support for the Certificate Status Request TLS extension

Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
---
 lib/vtls/gtls.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/vtls/gtls.h')

diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h
index 12460beda..d02a366a6 100644
--- a/lib/vtls/gtls.h
+++ b/lib/vtls/gtls.h
@@ -53,6 +53,8 @@ void Curl_gtls_md5sum(unsigned char *tmp, /* input */
                       unsigned char *md5sum, /* output */
                       size_t md5len);
 
+bool Curl_gtls_cert_status_request(void);
+
 /* API setup for GnuTLS */
 #define curlssl_init Curl_gtls_init
 #define curlssl_cleanup Curl_gtls_cleanup
@@ -70,6 +72,7 @@ void Curl_gtls_md5sum(unsigned char *tmp, /* input */
 #define curlssl_data_pending(x,y) ((void)x, (void)y, 0)
 #define curlssl_random(x,y,z) Curl_gtls_random(x,y,z)
 #define curlssl_md5sum(a,b,c,d) Curl_gtls_md5sum(a,b,c,d)
+#define curlssl_cert_status_request() Curl_gtls_cert_status_request()
 #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS
 
 #endif /* USE_GNUTLS */
-- 
cgit v1.2.3