From cc8709a090b9664ab77ed6d89decb0c0fa4c6e09 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 21 Jan 2000 22:38:52 +0000 Subject: [PATCH] Docs for sess_id utility. --- doc/apps/rsa.pod | 6 +- doc/apps/s_server.pod | 4 +- doc/apps/sess_id.pod | 151 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 156 insertions(+), 5 deletions(-) create mode 100644 doc/apps/sess_id.pod diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod index 05c64eb470..29886d52f3 100644 --- a/doc/apps/rsa.pod +++ b/doc/apps/rsa.pod @@ -70,9 +70,9 @@ read the input file password from the environment variable B. =item B<-out filename> -This specifies the output filename to write a key to or standard output by -is not specified. If any encryption options are set then a pass phrase will be -prompted for. The output filename should B be the same as the input +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should B be the same as the input filename. =item B<-passout password> diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 5b6a20221d..ddd08c990e 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -55,8 +55,8 @@ the TCP port to listen on for connections. If not specified 4433 is used. =item B<-context id> -sets the SSL context id. If a client certificate is being requested then -this option must be set. It can be given any string value. +sets the SSL context id. It can be given any string value. If this option +is not present a default value will be used. =item B<-cert certname> diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod new file mode 100644 index 0000000000..151064c389 --- /dev/null +++ b/doc/apps/sess_id.pod @@ -0,0 +1,151 @@ + +=pod + +=head1 NAME + +sess_id - SSL/TLS session handling utility + +=head1 SYNOPSIS + +B B +[B<-inform PEM|DER>] +[B<-outform PEM|DER>] +[B<-in filename>] +[B<-out filename>] +[B<-text>] +[B<-noout>] +[B<-context ID>] + +=head1 DESCRIPTION + +The B process the encoded version of the SSL session structure +and optionally prints out SSL session details (for example the SSL session +master key) in human readable format. Since this is a diagnostic tool that +needs some knowledge of the SSL protocol to use properly, most users will +not need to use it. + +=over 4 + +=item B<-inform DER|PEM> + +This specifies the input format. The B option uses an ASN1 DER encoded +format containing session details. The precise format can vary from one version +to the next. The B form is the default format: it consists of the B +format base64 encoded with additional header and footer lines. + +=item B<-outform DER|PEM> + +This specifies the output format, the options have the same meaning as the +B<-inform> option. + +=item B<-in filename> + +This specifies the input filename to read session information from or standard +input by default. + +=item B<-out filename> + +This specifies the output filename to write session information toor standard +output if this option is not specified. + +=item B<-text> + +prints out the various public or private key components in +plain text in addition to the encoded version. + +=item B<-cert> + +if a certificate is present in the session it will be output using this option, +if the B<-text> option is also present then it will be printed out in text form. + +=item B<-noout> + +this option prevents output of the encoded version of the session. + +=item B<-context ID> + +this option can set the session id so the output session information uses the +supplied ID. The ID can be any string of characters. This option wont normally +be used. + +=back + +=head1 OUTPUT + +Typical output: + + SSL-Session: + Protocol : TLSv1 + Cipher : 0016 + Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED + Session-ID-ctx: 01000000 + Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD + Key-Arg : None + Start Time: 948459261 + Timeout : 300 (sec) + Verify return code 0 (ok) + +Theses are described below in more detail. + +=over 4 + +=item B + +this is the protocol in use TLSv1, SSLv3 or SSLv2. + +=item B + +the cipher used this is the actual raw SSL or TLS cipher code, see the SSL +or TLS specifications for more information. + +=item B + +the SSL session ID in hex format. + +=item B + +the session ID context in hex format. + +=item B + +this is the SSL session master key. + +=item B + +the key argument, this is only used in SSL v2. + +=item B + +this is the session start time represented as an integer in standard Unix format. + +=item B + +the timeout in seconds. + +=item B + +this is the return code when an SSL client certificate is verified. + +=back + +=head1 NOTES + +The PEM encoded session format uses the header and footer lines: + + -----BEGIN SSL SESSION PARAMETERS----- + -----END SSL SESSION PARAMETERS----- + +Since the SSL session output contains the master key it is possible to read the contents +of an encrypted session using this information. Therefore appropriate security precautions +should be taken if the information is being output by a "real" application. This is +however strongly discouraged and should only be used for debugging purposes. + +=head1 BUGS + +The cipher and start time should be printed out in human readable form. + +=head1 SEE ALSO + +ciphers(1), s_server(1) + +=cut -- 2.25.1