1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Long: doh-cert-status 5Help: Verify DoH server cert status OCSP-staple 6Added: 7.76.0 7Category: dns tls 8Multi: boolean 9See-also: 10 - doh-insecure 11Example: 12 - --doh-cert-status --doh-url https://doh.example $URL 13--- 14 15# `--doh-cert-status` 16 17Same as --cert-status but used for DoH (DNS-over-HTTPS). 18 19Verifies the status of the DoH servers' certificate by using the Certificate 20Status Request (aka. OCSP stapling) TLS extension. 21 22If this option is enabled and the DoH server sends an invalid (e.g. expired) 23response, if the response suggests that the server certificate has been 24revoked, or no response at all is received, the verification fails. 25 26This support is currently only implemented in the OpenSSL and GnuTLS backends. 27
