doc: Add missing options in s_{server,client}

[openssl.git] / doc / man1 / s_client.pod

diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index fb1680a1a53e5833b83725570435a0627ff7734b..24ef1e4bc3ad4fc5364adb8df8cef11fae5d9d28 100644 (file)
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -50,6 +50,7 @@ B<openssl> B<s_client>
 [B<-no_alt_chains>]
 [B<-use_deltas>]
 [B<-auth_level num>]
+[B<-nameopt option>]
 [B<-verify_depth num>]
 [B<-verify_email email>]
 [B<-verify_hostname hostname>]
@@ -88,6 +89,8 @@ B<openssl> B<s_client>
 [B<-bugs>]
 [B<-comp>]
 [B<-no_comp>]
+[B<-sigalgs sigalglist>]
+[B<-curves curvelist>]
 [B<-cipher cipherlist>]
 [B<-serverpref>]
 [B<-starttls protocol>]
@@ -104,6 +107,8 @@ B<openssl> B<s_client>
 [B<-nextprotoneg protocols>]
 [B<-ct|noct>]
 [B<-ctlogfile>]
+[B<-keylogfile file>]
+[B<-early_data file>]
 
 =head1 DESCRIPTION
 
@@ -187,6 +192,13 @@ will never fail due to a server certificate verify failure.
 Return verification errors instead of continuing. This will typically
 abort the handshake with a fatal error.
 
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)> manual page for details.
+
 =item B<-CApath directory>
 
 The directory to use for server certificate verification. This directory
@@ -425,6 +437,19 @@ OpenSSL 1.1.0.
 only provide a brief summary of connection parameters instead of the
 normal verbose output.
 
+=item B<-sigalgs sigalglist>
+
+Specifies the list of signature algorithms that are sent by the client.
+The server selects one entry in the list based on its preferences.
+For example strings, see L<SSL_CTX_set1_sigalgs(3)>
+
+=item B<-curves curvelist>
+
+Specifies the list of supported curves to be sent by the client. The curve is
+is ultimately selected by the server. For a list of all curves, use:
+
+    $ openssl ecparam -list_curves
+
 =item B<-cipher cipherlist>
 
 this allows the cipher list sent by the client to be modified. Although
@@ -437,7 +462,7 @@ command for more information.
 send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
 supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server",
-"irc", "postgres", "lmtp" and "nntp".
+"irc", "postgres", "lmtp", "nntp", "sieve" and "ldap".
 
 =item B<-xmpphost hostname>
 
@@ -520,6 +545,17 @@ for SCTs.
 A file containing a list of known Certificate Transparency logs. See
 L<SSL_CTX_set_ctlog_list_file(3)> for the expected file format.
 
+=item B<-keylogfile file>
+
+Appends TLS secrets to the specified keylog file such that external programs
+(like Wireshark) can decrypt TLS connections.
+
+=item B<-early_data file>
+
+Reads the contents of the specified file and attempts to send it as early data
+to the server. This will only work with resumed sessions that support early
+data and when the server accepts the early data.
+
 =back
 
 =head1 CONNECTED COMMANDS