... where "OCSP stapling" means "get the server to do the related work
but don't care what you get back".
Perhaps this doesn't save any time for anybody that would want to test
such a thing, but who knows?
Index: support/ab.c
===================================================================
--- support/ab.c (revision 1679028)
+++ support/ab.c (working copy)
@@ -1287,6 +1287,8 @@
bio = BIO_new_socket(fd, BIO_NOCLOSE);
SSL_set_bio(c->ssl, bio, bio);
SSL_set_connect_state(c->ssl);
+ SSL_set_tlsext_host_name(c->ssl, hostname);
+ SSL_set_tlsext_status_type(c->ssl, TLSEXT_STATUSTYPE_ocsp);
if (verbosity >= 4) {
BIO_set_callback(bio, ssl_print_cb);
BIO_set_callback_arg(bio, (void *)bio_err);
The lack of SNI is a pretty big hole now; it probably doesn't need much
extra in the way of #if/if to do the right thing.
