[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Jun 8 15:57:04 UTC 2018
The branch master has been updated
via 7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14 (commit)
from 896dcb80651bd92546b73f4eac62bc211fca5a7d (commit)
- Log -----------------------------------------------------------------
commit 7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14
Author: Dmitry Belyavskiy <beldmit at gmail.com>
Date: Wed May 9 18:30:41 2018 +0300
Documentation for missing s_client/s_server options
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6209)
-----------------------------------------------------------------------
Summary of changes:
doc/man1/s_client.pod | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
doc/man1/s_server.pod | 46 +++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 95 insertions(+), 2 deletions(-)
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 373b2d7..69bae94 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -23,9 +23,19 @@ B<openssl> B<s_client>
[B<-certform DER|PEM>]
[B<-key filename>]
[B<-keyform DER|PEM>]
+[B<-cert_chain filename>]
+[B<-build_chain>]
+[B<-xkey>]
+[B<-xcert>]
+[B<-xchain>]
+[B<-xchain_build>]
+[B<-xcertform PEM|DER>]
+[B<-xkeyform PEM|DER>]
[B<-pass arg>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-chainCApath directory>]
+[B<-chainCAfile filename>]
[B<-no-CAfile>]
[B<-no-CApath>]
[B<-requestCAfile filename>]
@@ -60,6 +70,7 @@ B<openssl> B<s_client>
[B<-verify_hostname hostname>]
[B<-verify_ip ip>]
[B<-verify_name name>]
+[B<-build_chain>]
[B<-x509_strict>]
[B<-reconnect>]
[B<-showcerts>]
@@ -212,6 +223,34 @@ be used.
The private format to use: DER or PEM. PEM is the default.
+=item B<-cert_chain>
+
+A file containing trusted certificates to use when attempting to build the
+client/server certificate chain related to the certificate specified via the
+B<-cert> option.
+
+=item B<-build_chain>
+
+Specify whether the application should build the certificate chain to be
+provided to the server.
+
+=item B<-xkey infile>, B<-xcert infile>, B<-xchain>
+
+Specify an extra certificate, private key and certificate chain. These behave
+in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When
+specified, the callback returning the first valid chain will be in use by the
+client.
+
+=item B<-xchain_build>
+
+Specify whether the application should build the certificate chain to be
+provided to the server for the extra certificates provided via B<-xkey infile>,
+B<-xcert infile>, B<-xchain> options.
+
+=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER>
+
+Extra certificate and private key format respectively.
+
=item B<-pass arg>
the private key password source. For more information about the format of B<arg>
@@ -240,7 +279,7 @@ set multiple options. See the L<x509(1)> manual page for details.
=item B<-CApath directory>
The directory to use for server certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
+must be in "hash format", see L<verify(1)> for more information. These are
also used when building the client certificate chain.
=item B<-CAfile file>
@@ -248,6 +287,16 @@ also used when building the client certificate chain.
A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
+=item B<-chainCApath directory>
+
+The directory to use for building the chain provided to the server. This
+directory must be in "hash format", see L<verify(1)> for more information.
+
+=item B<-chainCAfile file>
+
+A file containing trusted certificates to use when attempting to build the
+client certificate chain.
+
=item B<-no-CAfile>
Do not load the trusted CA certificates from the default file location
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index f89d4de..2b7db63 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -246,6 +246,17 @@ certificate and some require a certificate with a certain public key type:
for example the DSS cipher suites require a certificate containing a DSS
(DSA) key. If not specified then the filename "server.pem" will be used.
+=item B<-cert_chain>
+
+A file containing trusted certificates to use when attempting to build the
+client/server certificate chain related to the certificate specified via the
+B<-cert> option.
+
+=item B<-build_chain>
+
+Specify whether the application should build the certificate chain to be
+provided to the client.
+
=item B<-nameopt val>
Option which determines how the subject or issuer names are displayed. The
@@ -295,10 +306,33 @@ and some a DSS (DSA) key. By using RSA and DSS certificates and keys
a server can support clients which only support RSA or DSS cipher suites
by using an appropriate certificate.
+=item B<-dcert_chain>
+
+A file containing trusted certificates to use when attempting to build the
+server certificate chain when a certificate specified via the B<-dcert> option
+is in use.
+
=item B<-dcertform PEM|DER>, B<-dkeyform PEM|DER>, B<-dpass val>
Additional certificate and private key format and passphrase respectively.
+=item B<-xkey infile>, B<-xcert infile>, B<-xchain>
+
+Specify an extra certificate, private key and certificate chain. These behave
+in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When
+specified, the callback returning the first valid chain will be in use by
+the server.
+
+=item B<-xchain_build>
+
+Specify whether the application should build the certificate chain to be
+provided to the client for the extra certificates provided via B<-xkey infile>,
+B<-xcert infile>, B<-xchain> options.
+
+=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER>
+
+Extra certificate and private key format respectively.
+
=item B<-nbio_test>
Tests non blocking I/O.
@@ -333,9 +367,19 @@ a certificate is requested.
=item B<-CApath dir>
The directory to use for client certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
+must be in "hash format", see L<verify(1)> for more information. These are
also used when building the server certificate chain.
+=item B<-chainCApath dir>
+
+The directory to use for building the chain provided to the client. This
+directory must be in "hash format", see L<verify(1)> for more information.
+
+=item B<-chainCAfile file>
+
+A file containing trusted certificates to use when attempting to build the
+server certificate chain.
+
=item B<-no-CAfile>
Do not load the trusted CA certificates from the default file location.
More information about the openssl-commits
mailing list