Add BIO_bind function to bind local address for a socket.

[openssl.git] / doc / man1 / s_client.pod

diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 94356daffb7d95cddf3f0e0d9afec7e55f836333..6e47140f41c71673566e461d0de3b0fd4c36f57f 100644 (file)
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+openssl-s_client,
 s_client - SSL/TLS client program
 
 =head1 SYNOPSIS
@@ -9,6 +10,7 @@ s_client - SSL/TLS client program
 B<openssl> B<s_client>
 [B<-help>]
 [B<-connect host:port>]
+[B<-bind host:port>]
 [B<-proxy host:port>]
 [B<-unix path>]
 [B<-4>]
@@ -93,26 +95,31 @@ B<openssl> B<s_client>
 [B<-bugs>]
 [B<-comp>]
 [B<-no_comp>]
+[B<-allow_no_dhe_kex>]
 [B<-sigalgs sigalglist>]
 [B<-curves curvelist>]
 [B<-cipher cipherlist>]
 [B<-serverpref>]
 [B<-starttls protocol>]
 [B<-xmpphost hostname>]
+[B<-name hostname>]
 [B<-engine id>]
 [B<-tlsextdebug>]
 [B<-no_ticket>]
 [B<-sess_out filename>]
 [B<-sess_in filename>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
 [B<-serverinfo types>]
 [B<-status>]
 [B<-alpn protocols>]
 [B<-nextprotoneg protocols>]
-[B<-ct|noct>]
+[B<-ct>]
+[B<-noct>]
 [B<-ctlogfile>]
 [B<-keylogfile file>]
 [B<-early_data file>]
+[B<-force_pha>]
 [B<target>]
 
 =head1 DESCRIPTION
@@ -141,6 +148,12 @@ select the host and port using the optional target positional argument instead.
 If neither this nor the target positonal argument are specified then an attempt
 is made to connect to the local host on port 4433.
 
+=item B<-bind host:port>]
+
+This specifies the host address and or port to bind as the source for the
+connection.  For Unix-domain sockets the port is ignored and the host is
+used as the source socket address.
+
 =item B<-proxy host:port>
 
 When used with the B<-connect> flag, the program uses the host and port
@@ -511,6 +524,22 @@ specifies the host for the "to" attribute of the stream element.
 If this option is not specified, then the host specified with "-connect"
 will be used.
 
+This option is an alias of the B<-name> option for "xmpp" and "xmpp-server".
+
+=item B<-name hostname>
+
+This option is used to specify hostname information for various protocols
+used with B<-starttls> option. Currently only "xmpp", "xmpp-server",
+"smtp" and "lmtp" can utilize this B<-name> option.
+
+If this option is used with "-starttls xmpp" or "-starttls xmpp-server",
+if specifies the host for the "to" attribute of the stream element. If this
+option is not specified, then the host specified with "-connect" will be used.
+
+If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies
+the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If
+this option is not specified, then "mail.example.com" will be used.
+
 =item B<-tlsextdebug>
 
 Print out a hex dump of any TLS extensions received from the server.
@@ -535,14 +564,19 @@ to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
 
-=item B<-rand file(s)>
+=item B<-rand file...>
 
 A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
 Multiple files can be specified separated by an OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
 =item B<-serverinfo types>
 
 A list of comma-separated TLS Extension Types (numbers between 0 and
@@ -569,7 +603,7 @@ client to advertise support for the TLS extension but disconnect just
 after receiving ServerHello with a list of server supported protocols.
 The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
 
-=item B<-ct|noct>
+=item B<-ct>, B<-noct>
 
 Use one of these two options to control whether Certificate Transparency (CT)
 is enabled (B<-ct>) or disabled (B<-noct>).
@@ -595,6 +629,11 @@ Reads the contents of the specified file and attempts to send it as early data
 to the server. This will only work with resumed sessions that support early
 data and when the server accepts the early data.
 
+=item B<-force_pha>
+
+For TLSv1.3 only, always send the Post-Handshake Authentication extension,
+whether or not a certificate has been provided via B<-cert>.
+
 =item B<[target]>
 
 Rather than providing B<-connect>, the target hostname and optional port may
@@ -654,6 +693,9 @@ applications should B<not> do this as it makes them vulnerable to a MITM
 attack. This behaviour can be changed by with the B<-verify_return_error>
 option: any verify errors are then returned aborting the handshake.
 
+The B<-bind> option may be useful if the server or a firewall requires
+connections to come from some particular address and or port.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of the
@@ -672,11 +714,12 @@ L<SSL_CTX_set_max_pipelines(3)>
 
 =head1 HISTORY
 
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The B<-no_alt_chains> option was first added to OpenSSL 1.1.0.
+The B<-name> option was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy