diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/s_server.1')
-rw-r--r-- | secure/usr.bin/openssl/man/s_server.1 | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 6306f20..27400a0 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.35 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 .\" .\" Standard preamble: .\" ======================================================================== @@ -129,7 +129,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2007-03-15" "0.9.8e" "OpenSSL" +.TH S_SERVER 1 "2009-06-14" "0.9.8k" "OpenSSL" .SH "NAME" s_server \- SSL/TLS server program .SH "SYNOPSIS" @@ -139,6 +139,8 @@ s_server \- SSL/TLS server program [\fB\-context id\fR] [\fB\-verify depth\fR] [\fB\-Verify depth\fR] +[\fB\-crl_check\fR] +[\fB\-crl_check_all\fR] [\fB\-cert filename\fR] [\fB\-certform DER|PEM\fR] [\fB\-key keyfile\fR] @@ -175,6 +177,8 @@ s_server \- SSL/TLS server program [\fB\-WWW\fR] [\fB\-HTTP\fR] [\fB\-engine id\fR] +[\fB\-tlsextdebug\fR] +[\fB\-no_ticket\fR] [\fB\-id_prefix arg\fR] [\fB\-rand file(s)\fR] .SH "DESCRIPTION" @@ -249,6 +253,11 @@ client certificate chain and makes the server request a certificate from the client. With the \fB\-verify\fR option a certificate is requested but the client does not have to send one, with the \fB\-Verify\fR option the client must supply a certificate or an error occurs. +.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 +.IX Item "-crl_check, -crl_check_all" +Check the peer certificate has not been revoked by its \s-1CA\s0. +The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR +option all CRLs of all CAs in the chain are checked. .IP "\fB\-CApath directory\fR" 4 .IX Item "-CApath directory" The directory to use for client certificate verification. This directory @@ -301,6 +310,12 @@ the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the \fBciphers\fR command for more information. +.IP "\fB\-tlsextdebug\fR" 4 +.IX Item "-tlsextdebug" +print out a hex dump of any \s-1TLS\s0 extensions received from the server. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +disable RFC4507bis session ticket support. .IP "\fB\-www\fR" 4 .IX Item "-www" sends a status message back to the client when it connects. This includes @@ -385,6 +400,9 @@ is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret thi mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. .PP The session parameters can printed out using the \fBsess_id\fR program. +.PP +\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly +enabled at compile time using for example the \fBenable-tlsext\fR switch. .SH "BUGS" .IX Header "BUGS" Because this program has a lot of options and also because some of |