Add ocsp_require_stapling config option for tls - allows a connection

to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
author: beck <> 2016-11-04 05:13:13 +0000
committer: beck <> 2016-11-04 05:13:13 +0000
commit: dfcc608101125b045153abb36d8b26d283aeb812 (patch)
tree: beb66ed0e210e9dcdda1ae81df9eaf1ac13b84b6 /src/lib/libtls/tls.h
parent: 85d1a393066ebc8950b3667cae2d5c9e9da47ed8 (diff)
download: openbsd-dfcc608101125b045153abb36d8b26d283aeb812.tar.gz
openbsd-dfcc608101125b045153abb36d8b26d283aeb812.tar.bz2
openbsd-dfcc608101125b045153abb36d8b26d283aeb812.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 3929cb848e..2f998d4561 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.39 2016/11/02 15:18:42 beck Exp $ */
+/* $OpenBSD: tls.h,v 1.40 2016/11/04 05:13:13 beck Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -117,6 +117,7 @@ void tls_config_insecure_noverifyname(struct tls_config *_config);
 void tls_config_insecure_noverifytime(struct tls_config *_config);
 void tls_config_verify(struct tls_config *_config);
+void tls_config_ocsp_require_stapling(struct tls_config *_config);
 void tls_config_verify_client(struct tls_config *_config);
 void tls_config_verify_client_optional(struct tls_config *_config);
author	beck <>	2016-11-04 05:13:13 +0000
committer	beck <>	2016-11-04 05:13:13 +0000
commit	dfcc608101125b045153abb36d8b26d283aeb812 (patch)
tree	beb66ed0e210e9dcdda1ae81df9eaf1ac13b84b6 /src/lib/libtls/tls.h
parent	85d1a393066ebc8950b3667cae2d5c9e9da47ed8 (diff)
download	openbsd-dfcc608101125b045153abb36d8b26d283aeb812.tar.gz openbsd-dfcc608101125b045153abb36d8b26d283aeb812.tar.bz2 openbsd-dfcc608101125b045153abb36d8b26d283aeb812.zip