projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Document "openssl s_server" -crl_check* options
[openssl.git]
/
doc
/
apps
/
s_server.pod
diff --git
a/doc/apps/s_server.pod
b/doc/apps/s_server.pod
index 7c1a9581d9619f52a5f8a693c03cd20f9c7f41e6..7f159a39ed8837bf5bcee54250472e72f34cee56 100644
(file)
--- a/
doc/apps/s_server.pod
+++ b/
doc/apps/s_server.pod
@@
-12,6
+12,8
@@
B<openssl> B<s_server>
[B<-context id>]
[B<-verify depth>]
[B<-Verify depth>]
[B<-context id>]
[B<-verify depth>]
[B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
[B<-cert filename>]
[B<-certform DER|PEM>]
[B<-key keyfile>]
[B<-cert filename>]
[B<-certform DER|PEM>]
[B<-key keyfile>]
@@
-48,6
+50,8
@@
B<openssl> B<s_server>
[B<-WWW>]
[B<-HTTP>]
[B<-engine id>]
[B<-WWW>]
[B<-HTTP>]
[B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
[B<-id_prefix arg>]
[B<-rand file(s)>]
[B<-id_prefix arg>]
[B<-rand file(s)>]
@@
-140,6
+144,12
@@
the client. With the B<-verify> option a certificate is requested but the
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.
+=item B<-crl_check>, B<-crl_check_all>
+
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
+
=item B<-CApath directory>
The directory to use for client certificate verification. This directory
=item B<-CApath directory>
The directory to use for client certificate verification. This directory
@@
-181,6
+191,16
@@
this option translated a line feed from the terminal into CR+LF.
inhibit printing of session and certificate information.
inhibit printing of session and certificate information.
+=item B<-psk_hint hint>
+
+Use the PSK identity hint B<hint> when using a PSK cipher suite.
+
+=item B<-psk key>
+
+Use the PSK key B<key> when using a PSK cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example -psk
+1a2b3c4d.
+
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
these options disable the use of certain SSL or TLS protocols. By default
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
these options disable the use of certain SSL or TLS protocols. By default
@@
-205,6
+225,14
@@
also included in the server list is used. Because the client specifies
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support.
+
=item B<-www>
sends a status message back to the client when it connects. This includes
=item B<-www>
sends a status message back to the client when it connects. This includes