Loading docs/curl.1 +10 −0 Original line number Diff line number Diff line Loading @@ -552,6 +552,16 @@ This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends. If this option is used several times, the last one will be used. (Added in 7.39.0) .IP "--cert-status" (SSL) Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka. OCSP stapling) TLS extension. If this option is enabled and the server sends an invalid (e.g. expired) response, if the response suggests that the server certificate has been revoked, or no response at all is received, the verification fails. This is currently only implemented in the GnuTLS and NSS backends. (Added in 7.41.0) .IP "-f, --fail" (HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts etc to better deal with failed attempts. In normal Loading src/tool_cfgable.h +1 −0 Original line number Diff line number Diff line Loading @@ -126,6 +126,7 @@ struct OperationConfig { bool globoff; bool use_httpget; bool insecure_ok; /* set TRUE to allow insecure SSL connects */ bool verifystatus; bool create_dirs; bool ftp_create_dirs; bool ftp_skip_ip; Loading src/tool_getparam.c +5 −0 Original line number Diff line number Diff line Loading @@ -217,6 +217,7 @@ static const struct LongShort aliases[]= { {"En", "ssl-allow-beast", FALSE}, {"Eo", "login-options", TRUE}, {"Ep", "pinnedpubkey", TRUE}, {"Eq", "cert-status", FALSE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"Fs", "form-string", TRUE}, Loading Loading @@ -1363,6 +1364,10 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ GetStr(&config->pinnedpubkey, nextarg); break; case 'q': /* --cert-status */ config->verifystatus = TRUE; break; default: /* certificate file */ { char *certname, *passphrase; Loading src/tool_operate.c +3 −0 Original line number Diff line number Diff line Loading @@ -1038,6 +1038,9 @@ static CURLcode operate_do(struct GlobalConfig *global, /* libcurl default is strict verifyhost -> 2L */ /* my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); */ } if(config->verifystatus) my_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L); } if(built_in_protos & (CURLPROTO_SCP|CURLPROTO_SFTP)) { Loading Loading
docs/curl.1 +10 −0 Original line number Diff line number Diff line Loading @@ -552,6 +552,16 @@ This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends. If this option is used several times, the last one will be used. (Added in 7.39.0) .IP "--cert-status" (SSL) Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka. OCSP stapling) TLS extension. If this option is enabled and the server sends an invalid (e.g. expired) response, if the response suggests that the server certificate has been revoked, or no response at all is received, the verification fails. This is currently only implemented in the GnuTLS and NSS backends. (Added in 7.41.0) .IP "-f, --fail" (HTTP) Fail silently (no output at all) on server errors. This is mostly done to better enable scripts etc to better deal with failed attempts. In normal Loading
src/tool_cfgable.h +1 −0 Original line number Diff line number Diff line Loading @@ -126,6 +126,7 @@ struct OperationConfig { bool globoff; bool use_httpget; bool insecure_ok; /* set TRUE to allow insecure SSL connects */ bool verifystatus; bool create_dirs; bool ftp_create_dirs; bool ftp_skip_ip; Loading
src/tool_getparam.c +5 −0 Original line number Diff line number Diff line Loading @@ -217,6 +217,7 @@ static const struct LongShort aliases[]= { {"En", "ssl-allow-beast", FALSE}, {"Eo", "login-options", TRUE}, {"Ep", "pinnedpubkey", TRUE}, {"Eq", "cert-status", FALSE}, {"f", "fail", FALSE}, {"F", "form", TRUE}, {"Fs", "form-string", TRUE}, Loading Loading @@ -1363,6 +1364,10 @@ ParameterError getparameter(char *flag, /* f or -long-flag */ GetStr(&config->pinnedpubkey, nextarg); break; case 'q': /* --cert-status */ config->verifystatus = TRUE; break; default: /* certificate file */ { char *certname, *passphrase; Loading
src/tool_operate.c +3 −0 Original line number Diff line number Diff line Loading @@ -1038,6 +1038,9 @@ static CURLcode operate_do(struct GlobalConfig *global, /* libcurl default is strict verifyhost -> 2L */ /* my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); */ } if(config->verifystatus) my_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L); } if(built_in_protos & (CURLPROTO_SCP|CURLPROTO_SFTP)) { Loading
