X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fs_client.pod;h=8d19079973a4c7566260f6aa2d917dec92d7f22b;hp=cd9093eaba25cf9045e7db6d6ea5ff37bea44a32;hb=a32fc687dedf6d4368dc0fc18320654191c16bb8;hpb=dd46d58f65bd3a342bbcd8586680942be643fc7d;ds=sidebyside diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index cd9093eaba..8d19079973 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -8,7 +8,7 @@ s_client - SSL/TLS client program =head1 SYNOPSIS B B -[B<-connect> host:port>] +[B<-connect host:port>] [B<-verify depth>] [B<-cert filename>] [B<-key filename>] @@ -18,10 +18,12 @@ B B [B<-pause>] [B<-showcerts>] [B<-debug>] +[B<-msg>] [B<-nbio_test>] [B<-state>] [B<-nbio>] [B<-crlf>] +[B<-ign_eof>] [B<-quiet>] [B<-ssl2>] [B<-ssl3>] @@ -31,6 +33,9 @@ B B [B<-no_tls1>] [B<-bugs>] [B<-cipher cipherlist>] +[B<-starttls protocol>] +[B<-engine id>] +[B<-rand file(s)>] =head1 DESCRIPTION @@ -109,22 +114,32 @@ prints out the SSL session states. print extensive debugging information including a hex dump of all traffic. +=item B<-msg> + +show all protocol messages with hex dump. + =item B<-nbio_test> -tests non blocking I/O +tests non-blocking I/O =item B<-nbio> -turns on non blocking I/O +turns on non-blocking I/O =item B<-crlf> this option translated a line feed from the terminal into CR+LF as required by some servers. +=item B<-ign_eof> + +inhibit shutting down the connection when end of file is reached in the +input. + =item B<-quiet> -inhibit printing of session and certificate information. +inhibit printing of session and certificate information. This implicitly +turns on B<-ign_eof> as well. =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> @@ -144,8 +159,31 @@ option enables various workarounds. =item B<-cipher cipherlist> -this allows the cipher list sent by the client to be modified. See the -B command for more information. +this allows the cipher list sent by the client to be modified. Although +the server determines which cipher suite is used it should take the first +supported cipher in the list sent by the client. See the B +command for more information. + +=item B<-starttls protocol> + +send the protocol-specific message(s) to switch to TLS for communication. +B is a keyword for the intended protocol. Currently, the only +supported keywords are "smtp" and "pop3". + +=item B<-engine id> + +specifying an engine (by it's unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=item B<-rand file(s)> + +a file or files containing random data used to seed the random number +generator, or an EGD socket (see L). +Multiple files can be specified separated by a OS-dependent character. +The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for +all others. =back @@ -153,9 +191,10 @@ B command for more information. If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the -server. If the line begins with an B then the session will be -renegotiated. If the line begins with a B the connection will be closed -down. +server. When used interactively (which means neither B<-quiet> nor B<-ign_eof> +have been given), the session will be renegotiated if the line begins with an +B, and if the line begins with a B or if end of file is reached, the +connection will be closed down. =head1 NOTES @@ -169,7 +208,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page. If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, -B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried +B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried in case it is a buggy server. In particular you should play with these options B submitting a bug report to an OpenSSL mailing list. @@ -180,7 +219,7 @@ the clients certificate authority in its "acceptable CA list" when it requests a certificate. By using B the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it -is necessary to use the B<-prexit> command and send an HTTP request +is necessary to use the B<-prexit> option and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> @@ -206,6 +245,6 @@ information whenever a session is renegotiated. =head1 SEE ALSO -sess_id(1), s_server(1), ciphers(1) +L, L, L =cut