From eba0aa995d4354ab9e35206e683b9abf4ab67b04 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 3 Jul 2014 16:17:54 -0400 Subject: [PATCH] More bugfixes from the doc-fix merge; errors found by DrH, thanks. --- doc/apps/s_client.pod | 64 ++++--------------------------------------- doc/apps/verify.pod | 47 ------------------------------- 2 files changed, 6 insertions(+), 105 deletions(-) diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 2e52876eea..a623b8c78b 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -23,26 +23,17 @@ B B [B<-crl_check>] [B<-crl_check_all>] [B<-explicit_policy>] -[B<-extended_crl>] [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] [B<-issuer_checks>] -[B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] [B<-policy_print>] [B<-purpose purpose>] -[B<-suiteB_128>] -[B<-suiteB_128_only>] -[B<-suiteB_192>] [B<-trusted_first>] [B<-use_deltas>] [B<-verify_depth num>] -[B<-verify_email email>] -[B<-verify_hostname hostname>] -[B<-verify_ip ip>] -[B<-verify_name name>] [B<-x509_strict>] [B<-reconnect>] [B<-pause>] @@ -71,9 +62,6 @@ B B [B<-sess_out filename>] [B<-sess_in filename>] [B<-rand file(s)>] -[B<-serverinfo types>] -[B<-auth>] -[B<-auth_require_reneg>] =head1 DESCRIPTION @@ -138,12 +126,12 @@ A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, -B, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, -B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, -B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, -B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, -B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, -B<-verify_name>, B<-x509_strict> +B, B<-ignore_critical>, B<-inhibit_any>, +B<-inhibit_map>, B<-issuer_checks>, B<-policy>, +B<-policy_check>, B<-policy_print>, B<-purpose>, +B<-trusted_first>, B<-use_deltas>, +B<-verify_depth>, +B<-x509_strict> Set various certificate chain valiadition options. See the L|verify(1)> manual page for details. @@ -185,15 +173,6 @@ print extensive debugging information including a hex dump of all traffic. show all protocol messages with hex dump. -=item B<-trace> - -show verbose trace output of protocol messages. OpenSSL needs to be compiled -with B for this option to work. - -=item B<-msgfile> - -file to send output of B<-msg> or B<-trace> to, default standard output. - =item B<-nbio_test> tests non-blocking I/O @@ -217,16 +196,6 @@ input. inhibit printing of session and certificate information. This implicitly turns on B<-ign_eof> as well. -=item B<-psk_identity identity> - -Use the PSK identity B when using a PSK cipher suite. - -=item B<-psk key> - -Use the PSK key B when using a PSK cipher suite. The key is -given as a hexadecimal number without leading 0x, for example -psk -1a2b3c4d. - =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> these options disable the use of certain SSL or TLS protocols. By default @@ -243,11 +212,6 @@ support SSL v2 and may need the B<-ssl2> option. there are several known bug in SSL and TLS implementations. Adding this option enables various workarounds. -=item B<-brief> - -only provide a brief summary of connection parameters instead of the -normal verbose output. - =item B<-cipher cipherlist> this allows the cipher list sent by the client to be modified. Although @@ -300,22 +264,6 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. -=item B<-serverinfo types> - -a list of comma-separated TLS Extension Types (numbers between 0 and -65535). Each type will be sent as an empty ClientHello TLS Extension. -The server's response (if any) will be encoded and displayed as a PEM -file. - -=item B<-auth> - -send RFC 5878 client and server authorization extensions in the Client Hello as well as -supplemental data if the server also sent the authorization extensions in the Server Hello. - -=item B<-auth_require_reneg> - -only send RFC 5878 client and server authorization extensions during renegotiation. - =back =head1 CONNECTED COMMANDS diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 1e9680286b..8a3cc6a15a 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -14,29 +14,20 @@ B B [B<-crl_check>] [B<-crl_check_all>] [B<-explicit_policy>] -[B<-extended_crl>] [B<-help>] [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] [B<-issuer_checks>] -[B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] [B<-policy_print>] [B<-purpose purpose>] -[B<-suiteB_128>] -[B<-suiteB_128_only>] -[B<-suiteB_192>] [B<-trusted_first>] [B<-untrusted file>] [B<-use_deltas>] [B<-verbose>] [B<-verify_depth num>] -[B<-verify_email email>] -[B<-verify_hostname hostname>] -[B<-verify_ip ip>] -[B<-verify_name name>] [B<-x509_strict>] [B<->] [certificates] @@ -88,11 +79,6 @@ to look up valid CRLs. Set policy variable require-explicit-policy (see RFC5280). -=item B<-extended_crl> - -Enable extended CRL features such as indirect CRLs and alternate CRL -signing keys. - =item B<-help> Print out a usage message. @@ -119,10 +105,6 @@ rejected. The presence of rejection messages does not itself imply that anything is wrong; during the normal verification process, several rejections may take place. -=item B<-partial_chain> - -Allow partial certificate chain if at least one certificate is in trusted store. - =item B<-policy arg> Enable policy processing and add B to the user-initial-policy-set (see @@ -145,14 +127,6 @@ Currently accepted uses are B, B, B, B, B. See the B section for more information. -=item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192> - -enable the Suite B mode operation at 128 bit Level of Security, 128 bit or -192 bit, or only 192 bit Level of Security respectively. -See RFC6460 for details. In particular the supported signature algorithms are -reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves -P-256 and P-384. - =item B<-trusted_first> Use certificates in CA file or CA directory before certificates in untrusted @@ -176,27 +150,6 @@ Print extra information about the operations being performed. Limit the maximum depth of the certificate chain to B certificates. -=item B<-verify_email email> - -Verify if the B matches the email address in Subject Alternative Name or -the email in the subject Distinguished Name. - -=item B<-verify_hostname hostname> - -Verify if the B matches DNS name in Subject Alternative Name or -Common Name in the subject certificate. - -=item B<-verify_ip ip> - -Verify if the B matches the IP address in Subject Alternative Name of -the subject certificate. - -=item B<-verify_name name> - -Use default verification options like trust model and required certificate -policies identified by B. -Supported usages include: default, pkcs7, smime_sign, ssl_client, ssl_server. - =item B<-x509_strict> For strict X.509 compliance, disable non-compliant workarounds for broken -- 2.25.1