1 files changed, 16 insertions, 10 deletions

diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index 9da80bc..9df5590 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -124,7 +124,7 @@
 .\" ========================================================================
 .\"
 .IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2012-05-10" "0.9.8x" "OpenSSL"
+.TH S_CLIENT 1 "2012-05-10" "1.0.1c" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -214,6 +214,10 @@ also used when building the client certificate chain.
 .IX Item "-CAfile file"
 A file containing trusted certificates to use during server authentication
 and to use when attempting to build the client certificate chain.
+.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig\fR" 4
+.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig"
+Set various certificate chain valiadition option. See the
+\&\fBverify\fR manual page for details.
 .IP "\fB\-reconnect\fR" 4
 .IX Item "-reconnect"
 reconnects to the same server 5 times using the same session \s-1ID\s0, this can
@@ -262,6 +266,14 @@ input.
 .IX Item "-quiet"
 inhibit printing of session and certificate information.  This implicitly
 turns on \fB\-ign_eof\fR as well.
+.IP "\fB\-psk_identity identity\fR" 4
+.IX Item "-psk_identity identity"
+Use the \s-1PSK\s0 identity \fBidentity\fR when using a \s-1PSK\s0 cipher suite.
+.IP "\fB\-psk key\fR" 4
+.IX Item "-psk key"
+Use the \s-1PSK\s0 key \fBkey\fR when using a \s-1PSK\s0 cipher suite. The key is
+given as a hexadecimal number without leading 0x, for example \-psk
+1a2b3c4d.
 .IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4
 .IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1"
 these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default
@@ -289,13 +301,10 @@ send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication.
 supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", and \*(L"ftp\*(R".
 .IP "\fB\-tlsextdebug\fR" 4
 .IX Item "-tlsextdebug"
-print out a hex dump of any \s-1TLS\s0 extensions received from the server. Note: this
-option is only available if extension support is explicitly enabled at compile
-time
+print out a hex dump of any \s-1TLS\s0 extensions received from the server.
 .IP "\fB\-no_ticket\fR" 4
 .IX Item "-no_ticket"
-disable RFC4507bis session ticket support. Note: this option is only available
-if extension support is explicitly enabled at compile time
+disable RFC4507bis session ticket support.
 .IP "\fB\-sess_out filename\fR" 4
 .IX Item "-sess_out filename"
 output \s-1SSL\s0 session to \fBfilename\fR
@@ -305,7 +314,7 @@ load \s-1SSL\s0 session from \fBfilename\fR. The client will attempt to resume a
 connection from this session.
 .IP "\fB\-engine id\fR" 4
 .IX Item "-engine id"
-specifying an engine (by it's unique \fBid\fR string) will cause \fBs_client\fR
+specifying an engine (by its unique \fBid\fR string) will cause \fBs_client\fR
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed. The engine will then be set as the default
 for all available algorithms.
@@ -363,9 +372,6 @@ If there are problems verifying a server certificate then the
 Since the SSLv23 client hello cannot include compression methods or extensions
 these will only be supported if its use is disabled, for example by using the
 \&\fB\-no_sslv2\fR option.
-.PP
-\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly
-enabled at compile time using for example the \fBenable-tlsext\fR switch.
 .SH "BUGS"
 .IX Header "BUGS"
 Because this program has a lot of options and also because some of