Add some documentation for the new QUIC mode in s_client

Also mentions the new FIN command in s_client advance mode

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20580)

diff --git a/CHANGES.md b/CHANGES.md
index 60ef9febd79e3053c753568322a45dd46f371471..13816d2cd67c7660c37d242c95b61a12a5031c56 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -25,6 +25,13 @@ OpenSSL 3.2
 
 ### Changes between 3.1 and 3.2 [xx XXX xxxx]
 
+ * Added the "-quic" option to s_client to enable connectivity to QUIC servers.
+   QUIC requires the use of ALPN, so this must be specified via the "-alpn"
+   option. Use of the "advanced" s_client command command via the "-adv" option
+   is recommended.
+
+   *Matt Caswell*
+
  * Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case

diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index d05183737d3164d38801ff3de1fed85e54249ad8..84cf6fdd81f1f54e69e8667b99bc886216ecff9c 100644 (file)
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -20,6 +20,7 @@ B<openssl> B<s_client>
 [B<-unix> I<path>]
 [B<-4>]
 [B<-6>]
+[B<-quic>]
 [B<-servername> I<name>]
 [B<-noservername>]
 [B<-verify> I<depth>]
@@ -214,6 +215,11 @@ Use IPv4 only.
 
 Use IPv6 only.
 
+=item B<-quic>
+
+Connect using the QUIC protocol. If specified then the B<-alpn> option must also
+be provided.
+
 =item B<-servername> I<name>
 
 Set the TLS SNI (Server Name Indication) extension in the ClientHello message to
@@ -940,6 +946,11 @@ to update its keys. The default is "req".
 
 Initiate a renegotiation with the server. (D)TLSv1.2 or below only.
 
+=item B<fin>
+
+Indicate FIN on the current stream. QUIC only. Once FIN has been sent any
+further text entered for this stream is ignored.
+
 =back
 
 =head1 NOTES