X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=doc%2Fman1%2Fopenssl-s_client.pod.in;h=bd4ceee5df1536a3e0a0c06b54bc1150bf2fb6b3;hb=ecf15b16ee8223a9a383b97ee41126fbedf89bb5;hp=367e59e925bbaf63779180c94b8553e1c20440a5;hpb=09b90e0ed7915809fcd4ee1e250d881b77d06d45;p=openssl.git diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index 367e59e925..bd4ceee5df 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -192,7 +192,7 @@ When used with the B<-proxy> flag, the program will attempt to authenticate with the specified proxy using basic (base64) authentication. NB: Basic authentication is insecure; the credentials are sent to the proxy in easily reversible base64 encoding before any TLS/SSL session is established. -Therefore these credentials are easily recovered by anyone able to sniff/trace +Therefore, these credentials are easily recovered by anyone able to sniff/trace the network. Use with caution. =item B<-proxy_pass> I @@ -234,7 +234,7 @@ Suppresses sending of the SNI (Server Name Indication) extension in the ClientHello message. Cannot be used in conjunction with the B<-servername> or <-dane_tlsa_domain> options. -=item B<-cert> I +=item B<-cert> I The client certificate to use, if one is requested by the server. The default is not to use a certificate. @@ -248,8 +248,9 @@ This option has no effect and is retained for backward compatibility only. =item B<-cert_chain> -A file containing untrusted certificates to use when attempting to build the +A file or URI of untrusted certificates to use when attempting to build the certificate chain related to the certificate specified via the B<-cert> option. +The input can be in PEM, DER, or PKCS#12 format. =item B<-build_chain> @@ -282,7 +283,8 @@ See L for details. =item B<-pass> I -the private key password source. For more information about the format of I +the private key and certifiate file password source. +For more information about the format of I see L. =item B<-verify> I @@ -478,11 +480,11 @@ File to send output of B<-msg> or B<-trace> to, default standard output. =item B<-nbio_test> -Tests non-blocking I/O +Tests nonblocking I/O =item B<-nbio> -Turns on non-blocking I/O +Turns on nonblocking I/O =item B<-crlf> @@ -854,14 +856,14 @@ is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using this command, the CA list can be viewed -and checked. However some servers only request client authentication +and checked. However, some servers only request client authentication after a specific URL is requested. To obtain the list in this case it is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefore merely including a client certificate +a client certificate. Therefore, merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the @@ -870,7 +872,7 @@ server. This command is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will -accept any certificate chain (trusted or not) sent by the peer. None test +accept any certificate chain (trusted or not) sent by the peer. Non-test applications should B do this as it makes them vulnerable to a MITM attack. This behaviour can be changed by with the B<-verify_return_error> option: any verify errors are then returned aborting the handshake. @@ -910,6 +912,8 @@ The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.