Document certificate status request options.

2 files changed, 29 insertions, 0 deletions

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index f4155c4064..4bccba1f2e 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -76,6 +76,7 @@ B<openssl> B<s_client>
 [B<-sess_in filename>]
 [B<-rand file(s)>]
 [B<-serverinfo types>]
+[B<-status>]
 
 =head1 DESCRIPTION
 
@@ -327,6 +328,11 @@ a list of comma-separated TLS Extension Types (numbers between 0 and
 The server's response (if any) will be encoded and displayed as a PEM
 file.
 
+=item B<-status>
+
+sends a certificate status request to the server (OCSP stapling). The server
+response (if any) is printed out.
+
 =back
 
 =head1 CONNECTED COMMANDS
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index a8e5278230..0ba7588ac7 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -84,6 +84,10 @@ B<openssl> B<s_server>
 [B<-rand file(s)>]
 [B<-serverinfo file>]
 [B<-no_resumption_on_reneg>]
+[B<-status>]
+[B<-status_verbose>]
+[B<-status_timeout nsec>]
+[B<-status_url url>]
 =head1 DESCRIPTION
 
 The B<s_server> command implements a generic SSL/TLS server which listens
@@ -364,6 +368,25 @@ ServerHello extension will be returned.
 
 set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.
 
+=item B<-status>
+
+enables certificate status request support (aka OCSP stapling).
+
+=item B<-status_verbose>
+
+enables certificate status request support (aka OCSP stapling) and gives
+a verbose printout of the OCSP response.
+
+=item B<-status_timeout nsec>
+
+sets the timeout for OCSP response to B<nsec> seconds.
+
+=item B<-status_url url>
+
+sets a fallback responder URL to use if no responder URL is present in the
+server certificate. Without this option an error is returned if the server
+certificate does not contain a responder address.
+
 =back
 
 =head1 CONNECTED COMMANDS