commit - ebf3373d66fba1ff5fbfd822edefd83cc50a7630
commit + ea47a245aa0702a719e4e56b2c2a7a29bff526a4
blob - acda5da3a1af327595cec18b5761df584bd8fc4d
blob + 68f3749376dc40cc97bf3422cb2761f2e1a192fe
--- regress/gg.1
+++ regress/gg.1
.Sh SYNOPSIS
.Nm
.Bk -words
-.Op Fl 23bchNVv
+.Op Fl 23bchNOVv
.Op Fl C Pa cert.pem Fl K Pa key.pem
.Op Fl H Ar hostname
.Op Fl T Ar timeout
.It Fl N
Don't check whether the peer certificate name matches the requested
hostname.
+.It Fl O
+Require that a valid stapled OCSP response be provided during the TLS
+handshake.
.It Fl T Ar timeout
Kill
.Nm
blob - 5537c68eec8de396ddc247ac2c6af97fd8e47a92
blob + 36efa51012779de897c5122e9398def47354ebcb
--- regress/gg.c
+++ regress/gg.c
#include <string.h>
-int flag2, flag3, bflag, cflag, hflag, Nflag, Vflag, vflag;
+int flag2, flag3, bflag, cflag, hflag, Nflag, Oflag, Vflag, vflag;
const char *cert, *key;
static void
ssize_t len;
hostname = NULL;
- while ((ch = getopt(argc, argv, "23C:cbH:hK:NT:Vv")) != -1) {
+ while ((ch = getopt(argc, argv, "23C:cbH:hK:NOT:Vv")) != -1) {
switch (ch) {
case '2':
flag2 = 1;
case 'N':
Nflag = 1;
break;
+ case 'O':
+ Oflag = 1;
+ break;
case 'T':
timer = strtonum(optarg, 1, 1000, &errstr);
if (errstr != NULL)
if (Nflag)
tls_config_insecure_noverifyname(conf);
+ if (Oflag)
+ tls_config_ocsp_require_stapling(conf);
+
if (flag2 && tls_config_set_protocols(conf, TLS_PROTOCOL_TLSv1_2) == -1)
errx(1, "cannot set TLSv1.2");
if (flag3 && tls_config_set_protocols(conf, TLS_PROTOCOL_TLSv1_3) == -1)