Add some documentation of SSL_CTX_set_tlsext_status_type()

=head1 NAME

=head1 NAME

SSL_CTX_set_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg,

SSL_CTX_set_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg,

SSL_set_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp,

SSL_CTX_set_tlsext_status_type, SSL_set_tlsext_status_type,

SSL_set_tlsext_status_ocsp_resp - OCSP Certificate Status Request functions

SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp - OCSP

Certificate Status Request functions

=head1 SYNOPSIS

=head1 SYNOPSIS

                                   int (*callback)(SSL *, void *));

                                   int (*callback)(SSL *, void *));

 long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);

 long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);

 long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type);

 long SSL_set_tlsext_status_type(SSL *s, int type);

 long SSL_set_tlsext_status_type(SSL *s, int type);

 long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);

 long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);

A client application may request that a server send back an OCSP status response

A client application may request that a server send back an OCSP status response

(also known as OCSP stapling). To do so the client should call the

(also known as OCSP stapling). To do so the client should call the

SSL_set_tlsext_status_type() function prior to the start of the handshake.

SSL_CTX_set_tlsext_status_type() function prior to the creation of any SSL

objects. Alternatively an application can call the SSL_set_tlsext_status_type()

function on an individual SSL object prior to the start of the handshake.

Currently the only supported type is B<TLSEXT_STATUSTYPE_ocsp>. This value

Currently the only supported type is B<TLSEXT_STATUSTYPE_ocsp>. This value

should be passed in the B<type> argument. The client should additionally provide

should be passed in the B<type> argument.

a callback function to decide what to do with the returned OCSP response by

calling SSL_CTX_set_tlsext_status_cb(). The callback function should determine

The client should additionally provide a callback function to decide what to do

whether the returned OCSP response is acceptable or not. The callback will be

with the returned OCSP response by calling SSL_CTX_set_tlsext_status_cb(). The

passed as an argument the value previously set via a call to

callback function should determine whether the returned OCSP response is

SSL_CTX_set_tlsext_status_arg(). Note that the callback will not be called in

acceptable or not. The callback will be passed as an argument the value

the event of a handshake where session resumption occurs (because there are no

previously set via a call to SSL_CTX_set_tlsext_status_arg(). Note that the

Certificates exchanged in such a handshake).

callback will not be called in the event of a handshake where session resumption

occurs (because there are no Certificates exchanged in such a handshake).

The response returned by the server can be obtained via a call to

The response returned by the server can be obtained via a call to

SSL_get_tlsext_status_ocsp_resp(). The value B<*resp> will be updated to point

SSL_get_tlsext_status_ocsp_resp(). The value B<*resp> will be updated to point

occurred).

occurred).

SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(),

SSL_CTX_set_tlsext_status_cb(), SSL_CTX_set_tlsext_status_arg(),

SSL_set_tlsext_status_type() and SSL_set_tlsext_status_ocsp_resp() return 0 on

SSL_CTX_set_tlsext_status_type(), SSL_set_tlsext_status_type() and

error or 1 on success.

SSL_set_tlsext_status_ocsp_resp() return 0 on error or 1 on success.

SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data

SSL_get_tlsext_status_ocsp_resp() returns the length of the OCSP response data

or -1 if there is no OCSP response data.

or -1 if there is no OCSP response data.

=head1 HISTORY

SSL_CTX_set_tlsext_status_type() was added in OpenSSL 1.1.0.

=cut

=cut