Commit 7cacbe9d authored by Dmitry Belyavskiy's avatar Dmitry Belyavskiy Committed by Matt Caswell
Browse files

Documentation for missing s_client/s_server options 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6209)
parent 896dcb80

doc/man1/s_client.pod

+50 −1
Original line number Diff line number Diff line
@@ -23,9 +23,19 @@ B<openssl> B<s_client> 
[B<-certform DER|PEM>]

[B<-key filename>]

[B<-keyform DER|PEM>]

[B<-cert_chain filename>]

[B<-build_chain>]

[B<-xkey>]

[B<-xcert>]

[B<-xchain>]

[B<-xchain_build>]

[B<-xcertform PEM|DER>]

[B<-xkeyform PEM|DER>]

[B<-pass arg>]

[B<-CApath directory>]

[B<-CAfile filename>]

[B<-chainCApath directory>]

[B<-chainCAfile filename>]

[B<-no-CAfile>]

[B<-no-CApath>]

[B<-requestCAfile filename>]
@@ -60,6 +70,7 @@ B<openssl> B<s_client> 
[B<-verify_hostname hostname>]

[B<-verify_ip ip>]

[B<-verify_name name>]

[B<-build_chain>]

[B<-x509_strict>]

[B<-reconnect>]

[B<-showcerts>]
@@ -212,6 +223,34 @@ be used. 


The private format to use: DER or PEM. PEM is the default.



=item B<-cert_chain>



A file containing trusted certificates to use when attempting to build the

client/server certificate chain related to the certificate specified via the

B<-cert> option.



=item B<-build_chain>



Specify whether the application should build the certificate chain to be

provided to the server.



=item B<-xkey infile>, B<-xcert infile>, B<-xchain>



Specify an extra certificate, private key and certificate chain. These behave

in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options.  When

specified, the callback returning the first valid chain will be in use by the

client.



=item B<-xchain_build>



Specify whether the application should build the certificate chain to be

provided to the server for the extra certificates provided via B<-xkey infile>,

B<-xcert infile>, B<-xchain> options.



=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER>



Extra certificate and private key format respectively.



=item B<-pass arg>



the private key password source. For more information about the format of B<arg>
@@ -240,7 +279,7 @@ set multiple options. See the L<x509(1)> manual page for details. 
=item B<-CApath directory>



The directory to use for server certificate verification. This directory

must be in "hash format", see B<verify> for more information. These are

must be in "hash format", see L<verify(1)> for more information. These are

also used when building the client certificate chain.



=item B<-CAfile file>
@@ -248,6 +287,16 @@ also used when building the client certificate chain. 
A file containing trusted certificates to use during server authentication

and to use when attempting to build the client certificate chain.



=item B<-chainCApath directory>



The directory to use for building the chain provided to the server. This

directory must be in "hash format", see L<verify(1)> for more information.



=item B<-chainCAfile file>



A file containing trusted certificates to use when attempting to build the

client certificate chain.



=item B<-no-CAfile>



Do not load the trusted CA certificates from the default file location

doc/man1/s_server.pod

+45 −1
Original line number Diff line number Diff line
@@ -246,6 +246,17 @@ certificate and some require a certificate with a certain public key type: 
for example the DSS cipher suites require a certificate containing a DSS

(DSA) key. If not specified then the filename "server.pem" will be used.



=item B<-cert_chain>



A file containing trusted certificates to use when attempting to build the

client/server certificate chain related to the certificate specified via the

B<-cert> option.



=item B<-build_chain>



Specify whether the application should build the certificate chain to be

provided to the client.



=item B<-nameopt val>



Option which determines how the subject or issuer names are displayed. The
@@ -295,10 +306,33 @@ and some a DSS (DSA) key. By using RSA and DSS certificates and keys 
a server can support clients which only support RSA or DSS cipher suites

by using an appropriate certificate.



=item B<-dcert_chain>



A file containing trusted certificates to use when attempting to build the

server certificate chain when a certificate specified via the B<-dcert> option

is in use.



=item B<-dcertform PEM|DER>, B<-dkeyform PEM|DER>, B<-dpass val>



Additional certificate and private key format and passphrase respectively.



=item B<-xkey infile>, B<-xcert infile>, B<-xchain>



Specify an extra certificate, private key and certificate chain. These behave

in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options.  When

specified, the callback returning the first valid chain will be in use by

the server.



=item B<-xchain_build>



Specify whether the application should build the certificate chain to be

provided to the client for the extra certificates provided via B<-xkey infile>,

B<-xcert infile>, B<-xchain> options.



=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER>



Extra certificate and private key format respectively.



=item B<-nbio_test>



Tests non blocking I/O.
@@ -333,9 +367,19 @@ a certificate is requested. 
=item B<-CApath dir>



The directory to use for client certificate verification. This directory

must be in "hash format", see B<verify> for more information. These are

must be in "hash format", see L<verify(1)> for more information. These are

also used when building the server certificate chain.



=item B<-chainCApath dir>



The directory to use for building the chain provided to the client. This

directory must be in "hash format", see L<verify(1)> for more information.



=item B<-chainCAfile file>



A file containing trusted certificates to use when attempting to build the

server certificate chain.



=item B<-no-CAfile>



Do not load the trusted CA certificates from the default file location.