===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.166
retrieving revision 1.167
diff -c -r1.166 -r1.167
*** src/usr.bin/nc/netcat.c	2016/11/03 15:54:39	1.166
--- src/usr.bin/nc/netcat.c	2016/11/04 05:13:13	1.167
***************
*** 1,4 ****
! /* $OpenBSD: netcat.c,v 1.166 2016/11/03 15:54:39 beck Exp $ */
  /*
   * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
   * Copyright (c) 2015 Bob Beck.  All rights reserved.
--- 1,4 ----
! /* $OpenBSD: netcat.c,v 1.167 2016/11/04 05:13:13 beck Exp $ */
  /*
   * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
   * Copyright (c) 2015 Bob Beck.  All rights reserved.
***************
*** 71,76 ****
--- 71,77 ----
  #define TLS_NOVERIFY	(1 << 2)
  #define TLS_NONAME	(1 << 3)
  #define TLS_CCERT	(1 << 4)
+ #define TLS_MUSTSTAPLE	(1 << 5)
  
  /* Command Line Options */
  int	dflag;					/* detached, no stdin */
***************
*** 468,473 ****
--- 469,476 ----
  				    "together");
  			tls_config_insecure_noverifycert(tls_cfg);
  		}
+ 		if (TLSopt & TLS_MUSTSTAPLE)
+ 			tls_config_ocsp_require_stapling(tls_cfg);
  
  		if (Pflag) {
  			if (pledge("stdio inet dns tty", NULL) == -1)
***************
*** 1502,1507 ****
--- 1505,1511 ----
  		{ "noverify",		TLS_NOVERIFY },
  		{ "noname",		TLS_NONAME },
  		{ "clientcert",		TLS_CCERT},
+ 		{ "muststaple",		TLS_MUSTSTAPLE},
  		{ NULL,			-1 },
  	};