X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman1%2Fs_client.pod;h=6e47140f41c71673566e461d0de3b0fd4c36f57f;hp=c262d4a4963e1ce204f9ffceca07e4003f78b6ae;hb=ebc0168384e9bbc29c02b85adb01036609769761;hpb=4e2bd9cb0f1a602a5c02906eb9d5bd1a592b684b diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index c262d4a496..6e47140f41 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-s_client, s_client - SSL/TLS client program =head1 SYNOPSIS @@ -9,6 +10,7 @@ s_client - SSL/TLS client program B B [B<-help>] [B<-connect host:port>] +[B<-bind host:port>] [B<-proxy host:port>] [B<-unix path>] [B<-4>] @@ -100,20 +102,24 @@ B B [B<-serverpref>] [B<-starttls protocol>] [B<-xmpphost hostname>] +[B<-name hostname>] [B<-engine id>] [B<-tlsextdebug>] [B<-no_ticket>] [B<-sess_out filename>] [B<-sess_in filename>] -[B<-rand file(s)>] +[B<-rand file...>] +[B<-writerand file>] [B<-serverinfo types>] [B<-status>] [B<-alpn protocols>] [B<-nextprotoneg protocols>] -[B<-ct|noct>] +[B<-ct>] +[B<-noct>] [B<-ctlogfile>] [B<-keylogfile file>] [B<-early_data file>] +[B<-force_pha>] [B] =head1 DESCRIPTION @@ -142,6 +148,12 @@ select the host and port using the optional target positional argument instead. If neither this nor the target positonal argument are specified then an attempt is made to connect to the local host on port 4433. +=item B<-bind host:port>] + +This specifies the host address and or port to bind as the source for the +connection. For Unix-domain sockets the port is ignored and the host is +used as the source socket address. + =item B<-proxy host:port> When used with the B<-connect> flag, the program uses the host and port @@ -512,6 +524,22 @@ specifies the host for the "to" attribute of the stream element. If this option is not specified, then the host specified with "-connect" will be used. +This option is an alias of the B<-name> option for "xmpp" and "xmpp-server". + +=item B<-name hostname> + +This option is used to specify hostname information for various protocols +used with B<-starttls> option. Currently only "xmpp", "xmpp-server", +"smtp" and "lmtp" can utilize this B<-name> option. + +If this option is used with "-starttls xmpp" or "-starttls xmpp-server", +if specifies the host for the "to" attribute of the stream element. If this +option is not specified, then the host specified with "-connect" will be used. + +If this option is used with "-starttls lmtp" or "-starttls smtp", it specifies +the name to use in the "LMTP LHLO" or "SMTP EHLO" message, respectively. If +this option is not specified, then "mail.example.com" will be used. + =item B<-tlsextdebug> Print out a hex dump of any TLS extensions received from the server. @@ -536,14 +564,19 @@ to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. -=item B<-rand file(s)> +=item B<-rand file...> A file or files containing random data used to seed the random number -generator, or an EGD socket (see L). +generator. Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item [B<-writerand file>] + +Writes random data to the specified I upon exit. +This can be used with a subsequent B<-rand> flag. + =item B<-serverinfo types> A list of comma-separated TLS Extension Types (numbers between 0 and @@ -570,7 +603,7 @@ client to advertise support for the TLS extension but disconnect just after receiving ServerHello with a list of server supported protocols. The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used. -=item B<-ct|noct> +=item B<-ct>, B<-noct> Use one of these two options to control whether Certificate Transparency (CT) is enabled (B<-ct>) or disabled (B<-noct>). @@ -596,6 +629,11 @@ Reads the contents of the specified file and attempts to send it as early data to the server. This will only work with resumed sessions that support early data and when the server accepts the early data. +=item B<-force_pha> + +For TLSv1.3 only, always send the Post-Handshake Authentication extension, +whether or not a certificate has been provided via B<-cert>. + =item B<[target]> Rather than providing B<-connect>, the target hostname and optional port may @@ -655,6 +693,9 @@ applications should B do this as it makes them vulnerable to a MITM attack. This behaviour can be changed by with the B<-verify_return_error> option: any verify errors are then returned aborting the handshake. +The B<-bind> option may be useful if the server or a firewall requires +connections to come from some particular address and or port. + =head1 BUGS Because this program has a lot of options and also because some of the @@ -673,11 +714,12 @@ L =head1 HISTORY -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The B<-no_alt_chains> option was first added to OpenSSL 1.1.0. +The B<-name> option was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy