From: Dmitry Belyavskiy Date: Wed, 9 May 2018 15:30:41 +0000 (+0300) Subject: Documentation for missing s_client/s_server options X-Git-Tag: OpenSSL_1_1_1-pre8~52 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=7cacbe9d66b3bcedb57ef87da051e69d6e5b7f14 Documentation for missing s_client/s_server options Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6209) --- diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 373b2d760c..69bae9429d 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -23,9 +23,19 @@ B B [B<-certform DER|PEM>] [B<-key filename>] [B<-keyform DER|PEM>] +[B<-cert_chain filename>] +[B<-build_chain>] +[B<-xkey>] +[B<-xcert>] +[B<-xchain>] +[B<-xchain_build>] +[B<-xcertform PEM|DER>] +[B<-xkeyform PEM|DER>] [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-chainCApath directory>] +[B<-chainCAfile filename>] [B<-no-CAfile>] [B<-no-CApath>] [B<-requestCAfile filename>] @@ -60,6 +70,7 @@ B B [B<-verify_hostname hostname>] [B<-verify_ip ip>] [B<-verify_name name>] +[B<-build_chain>] [B<-x509_strict>] [B<-reconnect>] [B<-showcerts>] @@ -212,6 +223,34 @@ be used. The private format to use: DER or PEM. PEM is the default. +=item B<-cert_chain> + +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +B<-cert> option. + +=item B<-build_chain> + +Specify whether the application should build the certificate chain to be +provided to the server. + +=item B<-xkey infile>, B<-xcert infile>, B<-xchain> + +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When +specified, the callback returning the first valid chain will be in use by the +client. + +=item B<-xchain_build> + +Specify whether the application should build the certificate chain to be +provided to the server for the extra certificates provided via B<-xkey infile>, +B<-xcert infile>, B<-xchain> options. + +=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER> + +Extra certificate and private key format respectively. + =item B<-pass arg> the private key password source. For more information about the format of B @@ -240,7 +279,7 @@ set multiple options. See the L manual page for details. =item B<-CApath directory> The directory to use for server certificate verification. This directory -must be in "hash format", see B for more information. These are +must be in "hash format", see L for more information. These are also used when building the client certificate chain. =item B<-CAfile file> @@ -248,6 +287,16 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +=item B<-chainCApath directory> + +The directory to use for building the chain provided to the server. This +directory must be in "hash format", see L for more information. + +=item B<-chainCAfile file> + +A file containing trusted certificates to use when attempting to build the +client certificate chain. + =item B<-no-CAfile> Do not load the trusted CA certificates from the default file location diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index f89d4de6cf..2b7db637b1 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -246,6 +246,17 @@ certificate and some require a certificate with a certain public key type: for example the DSS cipher suites require a certificate containing a DSS (DSA) key. If not specified then the filename "server.pem" will be used. +=item B<-cert_chain> + +A file containing trusted certificates to use when attempting to build the +client/server certificate chain related to the certificate specified via the +B<-cert> option. + +=item B<-build_chain> + +Specify whether the application should build the certificate chain to be +provided to the client. + =item B<-nameopt val> Option which determines how the subject or issuer names are displayed. The @@ -295,10 +306,33 @@ and some a DSS (DSA) key. By using RSA and DSS certificates and keys a server can support clients which only support RSA or DSS cipher suites by using an appropriate certificate. +=item B<-dcert_chain> + +A file containing trusted certificates to use when attempting to build the +server certificate chain when a certificate specified via the B<-dcert> option +is in use. + =item B<-dcertform PEM|DER>, B<-dkeyform PEM|DER>, B<-dpass val> Additional certificate and private key format and passphrase respectively. +=item B<-xkey infile>, B<-xcert infile>, B<-xchain> + +Specify an extra certificate, private key and certificate chain. These behave +in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When +specified, the callback returning the first valid chain will be in use by +the server. + +=item B<-xchain_build> + +Specify whether the application should build the certificate chain to be +provided to the client for the extra certificates provided via B<-xkey infile>, +B<-xcert infile>, B<-xchain> options. + +=item B<-xcertform PEM|DER>, B<-xkeyform PEM|DER> + +Extra certificate and private key format respectively. + =item B<-nbio_test> Tests non blocking I/O. @@ -333,9 +367,19 @@ a certificate is requested. =item B<-CApath dir> The directory to use for client certificate verification. This directory -must be in "hash format", see B for more information. These are +must be in "hash format", see L for more information. These are also used when building the server certificate chain. +=item B<-chainCApath dir> + +The directory to use for building the chain provided to the client. This +directory must be in "hash format", see L for more information. + +=item B<-chainCAfile file> + +A file containing trusted certificates to use when attempting to build the +server certificate chain. + =item B<-no-CAfile> Do not load the trusted CA certificates from the default file location.