summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/s_server.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/s_server.1')
-rw-r--r--secure/usr.bin/openssl/man/s_server.122
1 files changed, 20 insertions, 2 deletions
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index 6306f20..27400a0 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.35
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2007-03-15" "0.9.8e" "OpenSSL"
+.TH S_SERVER 1 "2009-06-14" "0.9.8k" "OpenSSL"
.SH "NAME"
s_server \- SSL/TLS server program
.SH "SYNOPSIS"
@@ -139,6 +139,8 @@ s_server \- SSL/TLS server program
[\fB\-context id\fR]
[\fB\-verify depth\fR]
[\fB\-Verify depth\fR]
+[\fB\-crl_check\fR]
+[\fB\-crl_check_all\fR]
[\fB\-cert filename\fR]
[\fB\-certform DER|PEM\fR]
[\fB\-key keyfile\fR]
@@ -175,6 +177,8 @@ s_server \- SSL/TLS server program
[\fB\-WWW\fR]
[\fB\-HTTP\fR]
[\fB\-engine id\fR]
+[\fB\-tlsextdebug\fR]
+[\fB\-no_ticket\fR]
[\fB\-id_prefix arg\fR]
[\fB\-rand file(s)\fR]
.SH "DESCRIPTION"
@@ -249,6 +253,11 @@ client certificate chain and makes the server request a certificate from
the client. With the \fB\-verify\fR option a certificate is requested but the
client does not have to send one, with the \fB\-Verify\fR option the client
must supply a certificate or an error occurs.
+.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
+.IX Item "-crl_check, -crl_check_all"
+Check the peer certificate has not been revoked by its \s-1CA\s0.
+The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR
+option all CRLs of all CAs in the chain are checked.
.IP "\fB\-CApath directory\fR" 4
.IX Item "-CApath directory"
The directory to use for client certificate verification. This directory
@@ -301,6 +310,12 @@ the client sends a list of supported ciphers the first client cipher
also included in the server list is used. Because the client specifies
the preference order, the order of the server cipherlist irrelevant. See
the \fBciphers\fR command for more information.
+.IP "\fB\-tlsextdebug\fR" 4
+.IX Item "-tlsextdebug"
+print out a hex dump of any \s-1TLS\s0 extensions received from the server.
+.IP "\fB\-no_ticket\fR" 4
+.IX Item "-no_ticket"
+disable RFC4507bis session ticket support.
.IP "\fB\-www\fR" 4
.IX Item "-www"
sends a status message back to the client when it connects. This includes
@@ -385,6 +400,9 @@ is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret thi
mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes.
.PP
The session parameters can printed out using the \fBsess_id\fR program.
+.PP
+\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly
+enabled at compile time using for example the \fBenable-tlsext\fR switch.
.SH "BUGS"
.IX Header "BUGS"
Because this program has a lot of options and also because some of
OpenPOWER on IntegriCloud