1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Title: CURLOPT_DOH_SSL_VERIFYSTATUS 5Section: 3 6Source: libcurl 7See-also: 8 - CURLOPT_DOH_SSL_VERIFYHOST (3) 9 - CURLOPT_DOH_SSL_VERIFYPEER (3) 10 - CURLOPT_SSL_VERIFYSTATUS (3) 11Protocol: 12 - TLS 13TLS-backend: 14 - OpenSSL 15 - GnuTLS 16Added-in: 7.76.0 17--- 18 19# NAME 20 21CURLOPT_DOH_SSL_VERIFYSTATUS - verify the DoH SSL certificate's status 22 23# SYNOPSIS 24 25~~~c 26#include <curl/curl.h> 27 28CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYSTATUS, 29 long verify); 30~~~ 31 32# DESCRIPTION 33 34Pass a long as parameter set to 1 to enable or 0 to disable. 35 36This option determines whether libcurl verifies the status of the DoH 37(DNS-over-HTTPS) server cert using the "Certificate Status Request" TLS 38extension (aka. OCSP stapling). 39 40This option is the DoH equivalent of CURLOPT_SSL_VERIFYSTATUS(3) and 41only affects requests to the DoH server. 42 43If this option is enabled and the server does not support the TLS extension, 44the verification fails. 45 46# DEFAULT 47 480 49 50# %PROTOCOLS% 51 52# EXAMPLE 53 54~~~c 55int main(void) 56{ 57 CURL *curl = curl_easy_init(); 58 if(curl) { 59 curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); 60 61 curl_easy_setopt(curl, CURLOPT_DOH_URL, 62 "https://cloudflare-dns.com/dns-query"); 63 64 /* Ask for OCSP stapling when verifying the DoH server */ 65 curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYSTATUS, 1L); 66 67 curl_easy_perform(curl); 68 } 69} 70~~~ 71 72# %AVAILABILITY% 73 74# RETURN VALUE 75 76Returns CURLE_OK if OCSP stapling is supported by the SSL backend, otherwise 77returns CURLE_NOT_BUILT_IN. 78
