Document certificate status request options.

2014-07-06 22:16:21 +01:00 · 2014-07-06 22:16:21 +01:00 · cba3f1c739
commit cba3f1c739
parent a44f219c00
2 changed files with 29 additions and 0 deletions
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@ -76,6 +76,7 @@ B<openssl> B<s_client>
 [B<-sess_in filename>]
 [B<-rand file(s)>]
 [B<-serverinfo types>]
+[B<-status>]

 =head1 DESCRIPTION

@ -327,6 +328,11 @@ a list of comma-separated TLS Extension Types (numbers between 0 and
 The server's response (if any) will be encoded and displayed as a PEM
 file.

+=item B<-status>
+
+sends a certificate status request to the server (OCSP stapling). The server
+response (if any) is printed out.
+
 =back

 =head1 CONNECTED COMMANDS
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@ -84,6 +84,10 @@ B<openssl> B<s_server>
 [B<-rand file(s)>]
 [B<-serverinfo file>]
 [B<-no_resumption_on_reneg>]
+[B<-status>]
+[B<-status_verbose>]
+[B<-status_timeout nsec>]
+[B<-status_url url>]
 =head1 DESCRIPTION

 The B<s_server> command implements a generic SSL/TLS server which listens
@ -364,6 +368,25 @@ ServerHello extension will be returned.

 set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.

+=item B<-status>
+
+enables certificate status request support (aka OCSP stapling).
+
+=item B<-status_verbose>
+
+enables certificate status request support (aka OCSP stapling) and gives
+a verbose printout of the OCSP response.
+
+=item B<-status_timeout nsec>
+
+sets the timeout for OCSP response to B<nsec> seconds.
+
+=item B<-status_url url>
+
+sets a fallback responder URL to use if no responder URL is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
+
 =back

 =head1 CONNECTED COMMANDS