Remove -WX option from debug-VC-WIN32

[openssl.git] / doc / apps / s_server.pod

diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index d1aecfa197715f31d45fdfa5e4534c8f5931d464..9d37d401bd9a1a9b2d35d4462cae1008529a1a48 100644 (file)
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -46,6 +46,7 @@ B<openssl> B<s_server>
 [B<-no_tls1>]
 [B<-no_dhe>]
 [B<-bugs>]
+[B<-brief>]
 [B<-hack>]
 [B<-www>]
 [B<-WWW>]
@@ -55,7 +56,10 @@ B<openssl> B<s_server>
 [B<-no_ticket>]
 [B<-id_prefix arg>]
 [B<-rand file(s)>]
-
+[B<-serverinfo file>]
+[B<-auth>]
+[B<-auth_require_reneg>]
+[B<-no_resumption_on_reneg>]
 =head1 DESCRIPTION
 
 The B<s_server> command implements a generic SSL/TLS server which listens
@@ -63,6 +67,11 @@ for connections on a given port using SSL/TLS.
 
 =head1 OPTIONS
 
+In addition to the options below the B<s_server> utility also supports the
+common and server only options documented in the
+L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS> manual
+page.
+
 =over 4
 
 =item B<-accept port>
@@ -116,7 +125,7 @@ by using an appropriate certificate.
 
 =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
 
-addtional certificate and private key format and passphrase respectively.
+additional certificate and private key format and passphrase respectively.
 
 =item B<-nocert>
 
@@ -180,6 +189,15 @@ print extensive debugging information including a hex dump of all traffic.
 
 show all protocol messages with hex dump.
 
+=item B<-trace>
+
+show verbose trace output of protocol messages. OpenSSL needs to be compiled
+with B<enable-ssl-trace> for this option to work.
+
+=item B<-msgfile>
+
+file to send output of B<-msg> or B<-trace> to, default standard output.
+
 =item B<-nbio_test>
 
 tests non blocking I/O
@@ -217,6 +235,11 @@ servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
 there are several known bug in SSL and TLS implementations. Adding this
 option enables various workarounds.
 
+=item B<-brief>
+
+only provide a brief summary of connection parameters instead of the
+normal verbose output.
+
 =item B<-hack>
 
 this option enables a further workaround for some some early Netscape
@@ -259,6 +282,11 @@ requested the file ./page.html will be loaded. The files loaded are
 assumed to contain a complete and correct HTTP response (lines that
 are part of the HTTP response line and headers must end with CRLF).
 
+=item B<-rev>
+
+simple test server which just reverses the text received from the client
+and sends it back to the server. Also sets B<-brief>.
+
 =item B<-engine id>
 
 specifying an engine (by its unique B<id> string) will cause B<s_server>
@@ -281,6 +309,28 @@ Multiple files can be specified separated by a OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
+=item B<-serverinfo file>
+
+a file containing one or more blocks of PEM data.  Each PEM block
+must encode a TLS ServerHello extension (2 bytes type, 2 bytes length,
+followed by "length" bytes of extension data).  If the client sends
+an empty TLS ClientHello extension matching the type, the corresponding
+ServerHello extension will be returned.
+
+=item B<-auth>
+
+send RFC 5878 client and server authorization extensions in the Client Hello as well as
+supplemental data if the server also sent the authorization extensions in the Server Hello.
+
+=item B<-auth_require_reneg>
+
+only send RFC 5878 client and server authorization extensions during renegotiation.
+
+=item B<-no_resumption_on_reneg>
+
+set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.  Required in order to receive supplemental data
+during renegotiation if auth and auth_require_reneg are set.
+
 =back
 
 =head1 CONNECTED COMMANDS