X.509 server example updated to include OCSP stapling

2 files changed, 14 insertions, 2 deletions

diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am
index 4fb5f47a1a..ac0b554e66 100644
--- a/doc/examples/Makefile.am
+++ b/doc/examples/Makefile.am
@@ -43,7 +43,7 @@ CXX_LDADD = ../../lib/libgnutlsxx.la \
 noinst_PROGRAMS = ex-client-resume ex-client-dtls
 noinst_PROGRAMS += ex-cert-select ex-client-x509
 noinst_PROGRAMS += ex-serv-dtls ex-client-xssl1 ex-client-xssl2
-noinst_PROGRAMS += print-ciphersuites
+noinst_PROGRAMS += print-ciphersuites ex-serv-x509
 
 ex_client_xssl1_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
 ex_client_xssl2_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c
index 8929242070..2060f80a8b 100644
--- a/doc/examples/ex-serv-x509.c
+++ b/doc/examples/ex-serv-x509.c
@@ -20,7 +20,16 @@
 #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
 #define CRLFILE "crl.pem"
 
-/* This is a sample TLS 1.0 echo server, using X.509 authentication.
+/* The OCSP status file contains up to date information about revocation
+ * of the server's certificate. That can be periodically be updated
+ * using:
+ * $ ocsptool --ask --load-cert your_cert.pem --load-issuer your_issuer.pem
+ *            --load-signer your_issuer.pem --outfile ocsp-status.der
+ */
+#define OCSP_STATUS_FILE "ocsp-status.der"
+
+/* This is a sample TLS 1.0 echo server, using X.509 authentication and
+ * OCSP stapling support.
  */
 
 #define MAX_BUF 1024
@@ -80,6 +89,9 @@ main (void)
       exit(1);
     }
 
+  /* loads an OCSP status request if available */
+  gnutls_certificate_set_ocsp_status_request_file(x509_cred, OCSP_STATUS_FILE, 0);
+
   generate_dh_params ();
 
   gnutls_priority_init (&priority_cache, "PERFORMANCE:%SERVER_PRECEDENCE", NULL);