From 3af90a6e19249807f99bc9ee7b50d3e58849072a Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessandro@ghedini.me>
Date: Mon, 16 Jun 2014 13:20:47 +0200
Subject: url: add CURLOPT_SSL_VERIFYSTATUS option

This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
---
 lib/vtls/vtls.c | 12 ++++++++++++
 lib/vtls/vtls.h |  2 ++
 2 files changed, 14 insertions(+)

(limited to 'lib/vtls')

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index a53ff4ad6..cf1df24e4 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -848,4 +848,16 @@ void Curl_ssl_md5sum(unsigned char *tmp, /* input */
 #endif
 }
 
+/*
+ * Check whether the SSL backend supports the status_request extension.
+ */
+bool Curl_ssl_cert_status_request(void)
+{
+#ifdef curlssl_cert_status_request
+  return curlssl_cert_status_request();
+#else
+  return FALSE;
+#endif
+}
+
 #endif /* USE_SSL */
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index 19ef1cd6e..eedf9212c 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -116,6 +116,8 @@ void Curl_ssl_md5sum(unsigned char *tmp, /* input */
 CURLcode Curl_pin_peer_pubkey(const char *pinnedpubkey,
                               const unsigned char *pubkey, size_t pubkeylen);
 
+bool Curl_ssl_cert_status_request(void);
+
 #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
 
 #else
-- 
cgit v1.2.3