Documentation for the -precert flag for "openssl req"

[openssl.git] / doc / man1 / s_server.pod

diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index b6c56599725b948dcad47be691ec2e23c1ba9312..94289e810b404403cbe98804f6556bd1c0378e31 100644 (file)
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -8,8 +8,13 @@ s_server - SSL/TLS server program
 
 B<openssl> B<s_server>
 [B<-help>]
-[B<-accept port>]
+[B<-port port>]
+[B<-accept val>]
 [B<-naccept count>]
+[B<-unix val>]
+[B<-unlink>]
+[B<-4>]
+[B<-6>]
 [B<-context id>]
 [B<-verify depth>]
 [B<-Verify depth>]
@@ -56,6 +61,7 @@ B<openssl> B<s_server>
 [B<-no_alt_chains>]
 [B<-use_deltas>]
 [B<-auth_level num>]
+[B<-nameopt option>]
 [B<-verify_depth num>]
 [B<-verify_return_error>]
 [B<-verify_email email>]
@@ -104,6 +110,7 @@ B<openssl> B<s_server>
 [B<-status_verbose>]
 [B<-status_timeout nsec>]
 [B<-status_url url>]
+[B<-status_file file>]
 [B<-alpn protocols>]
 [B<-nextprotoneg protocols>]
 
@@ -125,14 +132,34 @@ manual page.
 
 Print out a usage message.
 
-=item B<-accept port>
+=item B<-port port>
 
 The TCP port to listen on for connections. If not specified 4433 is used.
 
+=item B<-accept val>
+
+The optional TCP host and port to listen on for connections. If not specified, *:4433 is used.
+
 =item B<-naccept count>
 
 The server will exit after receiving B<number> connections, default unlimited.
 
+=item B<-unix val>
+
+Unix domain socket to accept on.
+
+=item B<-unlink>
+
+For -unix, unlink existing socket first.
+
+=item B<-4>
+
+Use IPv4 only.
+
+=item B<-6>
+
+Use IPv6 only.
+
 =item B<-context id>
 
 Sets the SSL context id. It can be given any string value. If this option
@@ -235,6 +262,13 @@ must supply a certificate or an error occurs.
 If the ciphersuite cannot request a client certificate (for example an
 anonymous ciphersuite or PSK) this option has no effect.
 
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)> manual page for details.
+
 =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
 B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
 B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
@@ -476,6 +510,11 @@ Sets a fallback responder URL to use if no responder URL is present in the
 server certificate. Without this option an error is returned if the server
 certificate does not contain a responder address.
 
+=item B<-status_file file>
+
+Overrides any OCSP responder URLs from the certificate and always provides the
+OCSP Response stored in the file. The file must be in DER format.
+
 =item B<-alpn protocols>, B<-nextprotoneg protocols>
 
 these flags enable the 
@@ -526,6 +565,11 @@ cause the client to disconnect due to a protocol violation.
 
 print out some session cache status information.
 
+=item B<-keylogfile path>
+
+Appends TLS secrets to the specified keylog file such that external programs
+(like Wireshark) can decrypt TLS connections.
+
 =back
 
 =head1 NOTES