Docs and usage messages for RFC4507bis support.

[openssl.git] / doc / apps / s_client.pod

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 8d19079973a4c7566260f6aa2d917dec92d7f22b..f99f5ac45635a9e5025be296e3e00145bb9121a2 100644 (file)
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -11,7 +11,10 @@ B<openssl> B<s_client>
 [B<-connect host:port>]
 [B<-verify depth>]
 [B<-cert filename>]
+[B<-certform DER|PEM>]
 [B<-key filename>]
+[B<-keyform DER|PEM>]
+[B<-pass arg>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
 [B<-reconnect>]
@@ -35,6 +38,10 @@ B<openssl> B<s_client>
 [B<-cipher cipherlist>]
 [B<-starttls protocol>]
 [B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-sess_out filename>]
+[B<-sess_in filename>]
 [B<-rand file(s)>]
 
 =head1 DESCRIPTION
@@ -57,11 +64,24 @@ then an attempt is made to connect to the local host on port 4433.
 The certificate to use, if one is requested by the server. The default is
 not to use a certificate.
 
+=item B<-certform format>
+
+The certificate format to use: DER or PEM. PEM is the default.
+
 =item B<-key keyfile>
 
 The private key to use. If not specified then the certificate file will
 be used.
 
+=item B<-keyform format>
+
+The private format to use: DER or PEM. PEM is the default.
+
+=item B<-pass arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
 =item B<-verify depth>
 
 The verify depth to use. This specifies the maximum length of the
@@ -141,6 +161,16 @@ input.
 inhibit printing of session and certificate information.  This implicitly
 turns on B<-ign_eof> as well.
 
+=item B<-psk_identity identity>
+
+Use the PSK identity B<identity> when using a PSK cipher suite.
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+
 =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
 
 these options disable the use of certain SSL or TLS protocols. By default
@@ -168,7 +198,24 @@ command for more information.
 
 send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
-supported keywords are "smtp" and "pop3".
+supported keywords are "smtp", "pop3", "imap", and "ftp".
+
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support. 
+
+=item B<-sess_out filename>
+
+output SSL session to B<filename>
+
+=item B<-sess_in sess.pem>
+
+load SSL session from B<filename>. The client will attempt to resume a
+connection from this session.
 
 =item B<-engine id>
 
@@ -230,6 +277,10 @@ on the command line is no guarantee that the certificate works.
 If there are problems verifying a server certificate then the
 B<-showcerts> option can be used to show the whole chain.
 
+Since the SSLv23 client hello cannot include compression methods or extensions
+these will only be supported if its use is disabled, for example by using the
+B<-no_sslv2> option.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of