doc: document tls_feature option in the sample template

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 30 May 2016 09:23:39 +0000 (11:23 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 30 May 2016 09:23:39 +0000 (11:23 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 30 May 2016 09:23:39 +0000 (11:23 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 30 May 2016 09:23:39 +0000 (11:23 +0200)
diff --git a/src/certtool-args.def b/src/certtool-args.def

index 95d805211913ef85927fd847a26c34589bc74806..146760f74ff8912080abee26feab16fbb81531aa 100644 (file)
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -790,6 +790,14 @@ expiration_days = 700
  # An email in case of a person
  email = "none@@none.org"
  
+# TLS feature (rfc7633) extension. That can is used to indicate mandatory TLS
+# extension features to be provided by the server. In practice this is used
+# to require the Status Request (extid: 5) extension from the server. That is,
+# to require the server holding this certificate to provide a stapled OCSP response.
+
+# To ask for OCSP status request use:
+#tls_feature = 5
+
  # Challenge password used in certificate requests
  challenge_password = 123456
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 30 May 2016 09:23:39 +0000 (11:23 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 30 May 2016 09:23:39 +0000 (11:23 +0200)