diff options
| author | Rob Stradling <rob@comodo.com> | 2015-12-04 14:35:43 +0000 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2015-12-10 19:27:40 +0100 |
| commit | ba67253db19d0319f672d47aa359032e5e66d1b8 (patch) | |
| tree | 69b3f0a9523ac9b506608b72e04c495b2c6ef98f /doc | |
| parent | f8137a62d94c0a5809a4363b7b4aab3adcb8201c (diff) | |
| download | openssl-ba67253db19d0319f672d47aa359032e5e66d1b8.tar.gz | |
Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
GH: #495, MR: #1435
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/apps/x509v3_config.pod | 14 | ||||
| -rw-r--r-- | doc/crypto/X509V3_get_d2i.pod | 2 |
2 files changed, 16 insertions, 0 deletions
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index e965be6480..c2c710b6c7 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -399,6 +399,20 @@ Example: noCheck = ignored +=head2 TLS Feature (aka Must Staple) + +This is a multi-valued extension consisting of a list of TLS extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a TLS client sends a listed extension, the TLS server is expected to +include that extension in its reply. + +The supported names are: B<status_request> and B<status_request_v2>. + +Example: + + tlsfeature = status_request + + =head1 DEPRECATED EXTENSIONS The following extensions are non standard, Netscape specific and largely diff --git a/doc/crypto/X509V3_get_d2i.pod b/doc/crypto/X509V3_get_d2i.pod index 82500106cc..4b50a10221 100644 --- a/doc/crypto/X509V3_get_d2i.pod +++ b/doc/crypto/X509V3_get_d2i.pod @@ -139,6 +139,8 @@ RFC5280. Policy Constraints NID_policy_constraints Inhibit Any Policy NID_inhibit_any_policy + TLS Feature NID_tlsfeature + =head2 NETSCAPE CERTIFICATE EXTENSIONS The following are (largely obsolete) Netscape certificate extensions. |