X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Fs_server.pod;h=a8e52782301c45f15ecfe1fcd48ac23913308369;hp=1de307a0ff4418294d6d4c80bb92cffd1ab1b6e7;hb=b948ee27b0206a392bfd7340779b29ed9375e197;hpb=6d3d5793673b225b2347ef45b74d0d9994f3132c diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 1de307a0ff..a8e5278230 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -34,9 +34,33 @@ B B [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-attime timestamp>] +[B<-check_ss_sig>] +[B<-explicit_policy>] +[B<-extended_crl>] +[B<-ignore_critical>] +[B<-inhibit_any>] +[B<-inhibit_map>] +[B<-issuer_checks>] +[B<-partial_chain>] +[B<-policy arg>] +[B<-policy_check>] +[B<-policy_print>] +[B<-purpose purpose>] +[B<-suiteB_128>] +[B<-suiteB_128_only>] +[B<-suiteB_192>] [B<-trusted_first>] +[B<-use_deltas>] +[B<-verify_depth num>] +[B<-verify_email email>] +[B<-verify_hostname hostname>] +[B<-verify_ip ip>] +[B<-verify_name name>] +[B<-x509_strict>] [B<-nocert>] [B<-cipher cipherlist>] +[B<-serverpref>] [B<-quiet>] [B<-no_tmp_rsa>] [B<-ssl2>] @@ -59,8 +83,6 @@ B B [B<-id_prefix arg>] [B<-rand file(s)>] [B<-serverinfo file>] -[B<-auth>] -[B<-auth_require_reneg>] [B<-no_resumption_on_reneg>] =head1 DESCRIPTION @@ -184,9 +206,14 @@ and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. -=item B<-trusted_first> +=item B<-attime>, B<-check_ss_sig>, B, B<-extended_crl>, +B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, +B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, +B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, +B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, +B<-verify_ip>, B<-verify_name>, B<-x509_strict> -Set certificate verification option. +Set different peer certificate verification options. See the L|verify(1)> manual page for details. =item B<-state> @@ -265,6 +292,10 @@ also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the B command for more information. +=item B<-serverpref> + +use the server's cipher preferences, rather than the client's preferences. + =item B<-tlsextdebug> print out a hex dump of any TLS extensions received from the server. @@ -329,19 +360,9 @@ followed by "length" bytes of extension data). If the client sends an empty TLS ClientHello extension matching the type, the corresponding ServerHello extension will be returned. -=item B<-auth> - -send RFC 5878 client and server authorization extensions in the Client Hello as well as -supplemental data if the server also sent the authorization extensions in the Server Hello. - -=item B<-auth_require_reneg> - -only send RFC 5878 client and server authorization extensions during renegotiation. - =item B<-no_resumption_on_reneg> -set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Required in order to receive supplemental data -during renegotiation if auth and auth_require_reneg are set. +set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. =back