Search…
README
How to read this book
The cURL project
Network and protocols
Install curl
Source code
Build curl
Command line basics
Using curl
Verbose
Version
Persistent connections
Downloads
Uploads
Transfer controls
Connections
Timeouts
.netrc
Proxies
Exit status
SCP and SFTP
Reading email
Sending email
MQTT
TFTP
TELNET
DICT
TLS
Ciphers
Enable TLS
TLS versions
Verifying server certificates
Certificate pinning
OCSP stapling
Client certificates
TLS auth
TLS backends
SSLKEYLOGFILE
Copy as curl
HTTP with curl
FTP with curl
Using libcurl
HTTP with libcurl
Bindings
libcurl internals
Index
Powered By GitBook
OCSP stapling
This uses the TLS extension called Certificate Status Request to ask the server to provide a fresh "proof" from the CA in the handshake, that the certificate that it returns is still valid. This is a way to make really sure the server's certificate has not been revoked.
If the server does not support this extension, the test will fail and curl returns an error. And it is still far too common that servers do not support this.
Ask for the handshake to use the status request like this:
curl --cert-status https://example.com/
This feature is only supported by the OpenSSL, GnuTLS and NSS backends.
Previous
Certificate pinning
Next
Client certificates
Last modified 4mo ago
Export as PDF
Copy link
Edit on GitHub