1*6236dae4SAndroid Build Coastguard Worker--- 2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 4*6236dae4SAndroid Build Coastguard WorkerLong: cert-status 5*6236dae4SAndroid Build Coastguard WorkerProtocols: TLS 6*6236dae4SAndroid Build Coastguard WorkerAdded: 7.41.0 7*6236dae4SAndroid Build Coastguard WorkerHelp: Verify server cert status OCSP-staple 8*6236dae4SAndroid Build Coastguard WorkerCategory: tls 9*6236dae4SAndroid Build Coastguard WorkerMulti: boolean 10*6236dae4SAndroid Build Coastguard WorkerSee-also: 11*6236dae4SAndroid Build Coastguard Worker - pinnedpubkey 12*6236dae4SAndroid Build Coastguard WorkerExample: 13*6236dae4SAndroid Build Coastguard Worker - --cert-status $URL 14*6236dae4SAndroid Build Coastguard Worker--- 15*6236dae4SAndroid Build Coastguard Worker 16*6236dae4SAndroid Build Coastguard Worker# `--cert-status` 17*6236dae4SAndroid Build Coastguard Worker 18*6236dae4SAndroid Build Coastguard WorkerVerify the status of the server certificate by using the Certificate Status 19*6236dae4SAndroid Build Coastguard WorkerRequest (aka. OCSP stapling) TLS extension. 20*6236dae4SAndroid Build Coastguard Worker 21*6236dae4SAndroid Build Coastguard WorkerIf this option is enabled and the server sends an invalid (e.g. expired) 22*6236dae4SAndroid Build Coastguard Workerresponse, if the response suggests that the server certificate has been 23*6236dae4SAndroid Build Coastguard Workerrevoked, or no response at all is received, the verification fails. 24*6236dae4SAndroid Build Coastguard Worker 25*6236dae4SAndroid Build Coastguard WorkerThis support is currently only implemented in the OpenSSL and GnuTLS backends. 26