Docs and usage messages for RFC4507bis support.

diff --git a/apps/s_client.c b/apps/s_client.c
index 59a4daa98a263a0c4a7006038f3ff0c2a6d1a329..21a3a71fc0881c9283948d5a2da8be6156313b39 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -326,6 +326,8 @@ static void sc_usage(void)
        BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 #ifndef OPENSSL_NO_TLSEXT
        BIO_printf(bio_err," -servername host  - Set TLS extension servername in ClientHello\n");
+       BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
+       BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
 #endif
        }
 

diff --git a/apps/s_server.c b/apps/s_server.c
index ac36039a145c0411692fc18d105525fbadeb0472..279cc5519672da9fafb7c95fed071b8e0c831c42 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -474,6 +474,8 @@ static void sv_usage(void)
        BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT2);
        BIO_printf(bio_err," -key2 arg     - Private Key file to use for servername, in cert file if\n");
        BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
+       BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
+       BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
 #endif
        }
 

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index afdc3f7df2f772075da9d5d85666a77c317e0e55..f99f5ac45635a9e5025be296e3e00145bb9121a2 100644 (file)
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -38,6 +38,10 @@ B<openssl> B<s_client>
 [B<-cipher cipherlist>]
 [B<-starttls protocol>]
 [B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
+[B<-sess_out filename>]
+[B<-sess_in filename>]
 [B<-rand file(s)>]
 
 =head1 DESCRIPTION
@@ -196,6 +200,23 @@ send the protocol-specific message(s) to switch to TLS for communication.
 B<protocol> is a keyword for the intended protocol.  Currently, the only
 supported keywords are "smtp", "pop3", "imap", and "ftp".
 
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support. 
+
+=item B<-sess_out filename>
+
+output SSL session to B<filename>
+
+=item B<-sess_in sess.pem>
+
+load SSL session from B<filename>. The client will attempt to resume a
+connection from this session.
+
 =item B<-engine id>
 
 specifying an engine (by it's unique B<id> string) will cause B<s_client>
@@ -256,6 +277,10 @@ on the command line is no guarantee that the certificate works.
 If there are problems verifying a server certificate then the
 B<-showcerts> option can be used to show the whole chain.
 
+Since the SSLv23 client hello cannot include compression methods or extensions
+these will only be supported if its use is disabled, for example by using the
+B<-no_sslv2> option.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of

diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 8c15addde3512201901217e556b0ae627ff99c27..b58687464546a8480f366d2aa2493a073e86b2a9 100644 (file)
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -48,6 +48,8 @@ B<openssl> B<s_server>
 [B<-WWW>]
 [B<-HTTP>]
 [B<-engine id>]
+[B<-tlsextdebug>]
+[B<-no_ticket>]
 [B<-id_prefix arg>]
 [B<-rand file(s)>]
 
@@ -215,6 +217,14 @@ also included in the server list is used. Because the client specifies
 the preference order, the order of the server cipherlist irrelevant. See
 the B<ciphers> command for more information.
 
+=item B<-tlsextdebug>
+
+print out a hex dump of any TLS extensions received from the server.
+
+=item B<-no_ticket>
+
+disable RFC4507bis session ticket support. 
+
 =item B<-www>
 
 sends a status message back to the client when it connects. This includes