Add ocsp_require_stapling config option for tls - allows a connection

to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
author: beck <> 2016-11-04 05:13:13 +0000
committer: beck <> 2016-11-04 05:13:13 +0000
commit: 75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60 (patch)
tree: beb66ed0e210e9dcdda1ae81df9eaf1ac13b84b6 /src/usr.bin/nc/nc.1
parent: 634ebace8103bf766f556cfe3aefdcdc5974a402 (diff)
download: openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.tar.gz
openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.tar.bz2
openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.zip
1 files changed, 7 insertions, 5 deletions
diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1
index 8b7c92aa63..313ec1f19c 100644
--- a/src/usr.bin/nc/nc.1
+++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: nc.1,v 1.74 2016/07/02 05:58:00 jmc Exp $
+.\"     $OpenBSD: nc.1,v 1.75 2016/11/04 05:13:13 beck Exp $
 .\"
 .\" Copyright (c) 1996 David Sacerdote
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 2 2016 $
+.Dd $Mdocdate: November 4 2016 $
 .Dt NC 1
 .Os
 .Sh NAME
@@ -229,10 +229,12 @@ which allows legacy TLS protocols;
 .Ar noverify ,
 which disables certificate verification;
 .Ar noname ,
-which disables certificate name checking; or
+which disables certificate name checking;
 .Ar clientcert ,
-which requires a client certificate on incoming connections.
+which requires a client certificate on incoming connections; or
-It is illegal to specify TLS options if not using TLS.
+.Ar muststaple ,
+which requires the peer to provide a valid stapled OCSP response 
+with the handshake. It is illegal to specify TLS options if not using TLS.
 .Pp
 For IPv4 TOS value
 .Ar keyword
author	beck <>	2016-11-04 05:13:13 +0000
committer	beck <>	2016-11-04 05:13:13 +0000
commit	75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60 (patch)
tree	beb66ed0e210e9dcdda1ae81df9eaf1ac13b84b6 /src/usr.bin/nc/nc.1
parent	634ebace8103bf766f556cfe3aefdcdc5974a402 (diff)
download	openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.tar.gz openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.tar.bz2 openbsd-75d6d2ca7daaedc9ebe7930439f3c31b2fbf5f60.zip

diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1 index 8b7c92aa63..313ec1f19c 100644 --- a/src/usr.bin/nc/nc.1 +++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: nc.1,v 1.74 2016/07/02 05:58:00 jmc Exp $	1	.\" $OpenBSD: nc.1,v 1.75 2016/11/04 05:13:13 beck Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 1996 David Sacerdote	3	.\" Copyright (c) 1996 David Sacerdote
4	.\" All rights reserved.	4	.\" All rights reserved.
@@ -25,7 +25,7 @@
25	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	25	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	26	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	.\"	27	.\"
28	.Dd $Mdocdate: July 2 2016 $	28	.Dd $Mdocdate: November 4 2016 $
29	.Dt NC 1	29	.Dt NC 1
30	.Os	30	.Os
31	.Sh NAME	31	.Sh NAME
@@ -229,10 +229,12 @@ which allows legacy TLS protocols;
229	.Ar noverify ,	229	.Ar noverify ,
230	which disables certificate verification;	230	which disables certificate verification;
231	.Ar noname ,	231	.Ar noname ,
232	which disables certificate name checking; or	232	which disables certificate name checking;
233	.Ar clientcert ,	233	.Ar clientcert ,
234	which requires a client certificate on incoming connections.	234	which requires a client certificate on incoming connections; or
235	It is illegal to specify TLS options if not using TLS.	235	.Ar muststaple ,
		236	which requires the peer to provide a valid stapled OCSP response
		237	with the handshake. It is illegal to specify TLS options if not using TLS.
236	.Pp	238	.Pp
237	For IPv4 TOS value	239	For IPv4 TOS value
238	.Ar keyword	240	.Ar keyword