提交 cba3f1c7 编写于 作者: D Dr. Stephen Henson

Document certificate status request options.

上级 a44f219c
...@@ -76,6 +76,7 @@ B<openssl> B<s_client> ...@@ -76,6 +76,7 @@ B<openssl> B<s_client>
[B<-sess_in filename>] [B<-sess_in filename>]
[B<-rand file(s)>] [B<-rand file(s)>]
[B<-serverinfo types>] [B<-serverinfo types>]
[B<-status>]
=head1 DESCRIPTION =head1 DESCRIPTION
...@@ -327,6 +328,11 @@ a list of comma-separated TLS Extension Types (numbers between 0 and ...@@ -327,6 +328,11 @@ a list of comma-separated TLS Extension Types (numbers between 0 and
The server's response (if any) will be encoded and displayed as a PEM The server's response (if any) will be encoded and displayed as a PEM
file. file.
=item B<-status>
sends a certificate status request to the server (OCSP stapling). The server
response (if any) is printed out.
=back =back
=head1 CONNECTED COMMANDS =head1 CONNECTED COMMANDS
......
...@@ -84,6 +84,10 @@ B<openssl> B<s_server> ...@@ -84,6 +84,10 @@ B<openssl> B<s_server>
[B<-rand file(s)>] [B<-rand file(s)>]
[B<-serverinfo file>] [B<-serverinfo file>]
[B<-no_resumption_on_reneg>] [B<-no_resumption_on_reneg>]
[B<-status>]
[B<-status_verbose>]
[B<-status_timeout nsec>]
[B<-status_url url>]
=head1 DESCRIPTION =head1 DESCRIPTION
The B<s_server> command implements a generic SSL/TLS server which listens The B<s_server> command implements a generic SSL/TLS server which listens
...@@ -364,6 +368,25 @@ ServerHello extension will be returned. ...@@ -364,6 +368,25 @@ ServerHello extension will be returned.
set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.
=item B<-status>
enables certificate status request support (aka OCSP stapling).
=item B<-status_verbose>
enables certificate status request support (aka OCSP stapling) and gives
a verbose printout of the OCSP response.
=item B<-status_timeout nsec>
sets the timeout for OCSP response to B<nsec> seconds.
=item B<-status_url url>
sets a fallback responder URL to use if no responder URL is present in the
server certificate. Without this option an error is returned if the server
certificate does not contain a responder address.
=back =back
=head1 CONNECTED COMMANDS =head1 CONNECTED COMMANDS
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册