1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sp \" Vertical space (when we can't use .PP)
6.if t .sp .5v
7.if n .sp
8..
9.de Vb \" Begin verbatim text
--- 23 unchanged lines hidden (view full) ---
33. ds C` ""
34. ds C' ""
35'br\}
36.el\{\
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
41'br\}
42.\"
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
47.\" If the F register is turned on, we'll generate index entries on stderr for
48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
51.ie \nF \{\
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
54..
55. nr % 0
56. rr F
57.\}
58.el \{\
59. de IX
60..
61.\}
62.\"
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
66.if n \{\
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
--- 49 unchanged lines hidden (view full) ---
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
122.\}
123.rm #[ #] #H #V #F C
124.\" ========================================================================
125.\"
126.IX Title "S_SERVER 1"
127.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL"
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
132.SH "NAME"
133s_server \- SSL/TLS server program
134.SH "SYNOPSIS"
135.IX Header "SYNOPSIS"
--- 49 unchanged lines hidden (view full) ---
185[\fB\-status\fR]
186[\fB\-status_verbose\fR]
187[\fB\-status_timeout nsec\fR]
188[\fB\-status_url url\fR]
189[\fB\-nextprotoneg protocols\fR]
190.SH "DESCRIPTION"
191.IX Header "DESCRIPTION"
192The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens
193for connections on a given port using \s-1SSL/TLS\s0.
194.SH "OPTIONS"
195.IX Header "OPTIONS"
196.IP "\fB\-accept port\fR" 4
197.IX Item "-accept port"
198the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used.
199.IP "\fB\-context id\fR" 4
200.IX Item "-context id"
201sets the \s-1SSL\s0 context id. It can be given any string value. If this option
202is not present a default value will be used.
203.IP "\fB\-cert certname\fR" 4
204.IX Item "-cert certname"
205The certificate to use, most servers cipher suites require the use of a
206certificate and some require a certificate with a certain public key type:
207for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
208(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
209.IP "\fB\-certform format\fR" 4
210.IX Item "-certform format"
211The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
212.IP "\fB\-key keyfile\fR" 4
213.IX Item "-key keyfile"
214The private key to use. If not specified then the certificate file will
215be used.
216.IP "\fB\-keyform format\fR" 4
217.IX Item "-keyform format"
218The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
219.IP "\fB\-pass arg\fR" 4
220.IX Item "-pass arg"
221the private key password source. For more information about the format of \fBarg\fR
222see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
223.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4
224.IX Item "-dcert filename, -dkey keyname"
225specify an additional certificate and private key, these behave in the
226same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default
227if they are not specified (no additional certificate and key is used). As
228noted above some cipher suites require a certificate containing a key of
229a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
230and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
231a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
232by using an appropriate certificate.
233.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
234.IX Item "-dcertform format, -dkeyform format, -dpass arg"
235additional certificate and private key format and passphrase respectively.
236.IP "\fB\-nocert\fR" 4
237.IX Item "-nocert"
238if this option is set then no certificate is used. This restricts the
--- 24 unchanged lines hidden (view full) ---
263the client. With the \fB\-verify\fR option a certificate is requested but the
264client does not have to send one, with the \fB\-Verify\fR option the client
265must supply a certificate or an error occurs.
266.Sp
267If the ciphersuite cannot request a client certificate (for example an
268anonymous ciphersuite or \s-1PSK\s0) this option has no effect.
269.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
270.IX Item "-crl_check, -crl_check_all"
271Check the peer certificate has not been revoked by its \s-1CA\s0.
272The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR
273option all CRLs of all CAs in the chain are checked.
274.IP "\fB\-CApath directory\fR" 4
275.IX Item "-CApath directory"
276The directory to use for client certificate verification. This directory
277must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are
278also used when building the server certificate chain.
279.IP "\fB\-CAfile file\fR" 4
--- 14 unchanged lines hidden (view full) ---
294.IP "\fB\-nbio_test\fR" 4
295.IX Item "-nbio_test"
296tests non blocking I/O
297.IP "\fB\-nbio\fR" 4
298.IX Item "-nbio"
299turns on non blocking I/O
300.IP "\fB\-crlf\fR" 4
301.IX Item "-crlf"
302this option translated a line feed from the terminal into \s-1CR+LF\s0.
303.IP "\fB\-quiet\fR" 4
304.IX Item "-quiet"
305inhibit printing of session and certificate information.
306.IP "\fB\-psk_hint hint\fR" 4
307.IX Item "-psk_hint hint"
308Use the \s-1PSK\s0 identity hint \fBhint\fR when using a \s-1PSK\s0 cipher suite.
309.IP "\fB\-psk key\fR" 4
310.IX Item "-psk key"
--- 153 unchanged lines hidden ---
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sp \" Vertical space (when we can't use .PP)
6.if t .sp .5v
7.if n .sp
8..
9.de Vb \" Begin verbatim text
--- 23 unchanged lines hidden (view full) ---
33. ds C` ""
34. ds C' ""
35'br\}
36.el\{\
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
41'br\}
42.\"
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
47.\" If the F register is turned on, we'll generate index entries on stderr for
48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
51.ie \nF \{\
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
54..
55. nr % 0
56. rr F
57.\}
58.el \{\
59. de IX
60..
61.\}
62.\"
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
66.if n \{\
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
--- 49 unchanged lines hidden (view full) ---
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
122.\}
123.rm #[ #] #H #V #F C
124.\" ========================================================================
125.\"
126.IX Title "S_SERVER 1"
127.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL"
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
132.SH "NAME"
133s_server \- SSL/TLS server program
134.SH "SYNOPSIS"
135.IX Header "SYNOPSIS"
--- 49 unchanged lines hidden (view full) ---
185[\fB\-status\fR]
186[\fB\-status_verbose\fR]
187[\fB\-status_timeout nsec\fR]
188[\fB\-status_url url\fR]
189[\fB\-nextprotoneg protocols\fR]
190.SH "DESCRIPTION"
191.IX Header "DESCRIPTION"
192The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens
193for connections on a given port using \s-1SSL/TLS\s0.
194.SH "OPTIONS"
195.IX Header "OPTIONS"
196.IP "\fB\-accept port\fR" 4
197.IX Item "-accept port"
198the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used.
199.IP "\fB\-context id\fR" 4
200.IX Item "-context id"
201sets the \s-1SSL\s0 context id. It can be given any string value. If this option
202is not present a default value will be used.
203.IP "\fB\-cert certname\fR" 4
204.IX Item "-cert certname"
205The certificate to use, most servers cipher suites require the use of a
206certificate and some require a certificate with a certain public key type:
207for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
208(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
209.IP "\fB\-certform format\fR" 4
210.IX Item "-certform format"
211The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
212.IP "\fB\-key keyfile\fR" 4
213.IX Item "-key keyfile"
214The private key to use. If not specified then the certificate file will
215be used.
216.IP "\fB\-keyform format\fR" 4
217.IX Item "-keyform format"
218The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
219.IP "\fB\-pass arg\fR" 4
220.IX Item "-pass arg"
221the private key password source. For more information about the format of \fBarg\fR
222see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
223.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4
224.IX Item "-dcert filename, -dkey keyname"
225specify an additional certificate and private key, these behave in the
226same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default
227if they are not specified (no additional certificate and key is used). As
228noted above some cipher suites require a certificate containing a key of
229a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
230and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
231a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
232by using an appropriate certificate.
233.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
234.IX Item "-dcertform format, -dkeyform format, -dpass arg"
235additional certificate and private key format and passphrase respectively.
236.IP "\fB\-nocert\fR" 4
237.IX Item "-nocert"
238if this option is set then no certificate is used. This restricts the
--- 24 unchanged lines hidden (view full) ---
263the client. With the \fB\-verify\fR option a certificate is requested but the
264client does not have to send one, with the \fB\-Verify\fR option the client
265must supply a certificate or an error occurs.
266.Sp
267If the ciphersuite cannot request a client certificate (for example an
268anonymous ciphersuite or \s-1PSK\s0) this option has no effect.
269.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
270.IX Item "-crl_check, -crl_check_all"
271Check the peer certificate has not been revoked by its \s-1CA\s0.
272The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR
273option all CRLs of all CAs in the chain are checked.
274.IP "\fB\-CApath directory\fR" 4
275.IX Item "-CApath directory"
276The directory to use for client certificate verification. This directory
277must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are
278also used when building the server certificate chain.
279.IP "\fB\-CAfile file\fR" 4
--- 14 unchanged lines hidden (view full) ---
294.IP "\fB\-nbio_test\fR" 4
295.IX Item "-nbio_test"
296tests non blocking I/O
297.IP "\fB\-nbio\fR" 4
298.IX Item "-nbio"
299turns on non blocking I/O
300.IP "\fB\-crlf\fR" 4
301.IX Item "-crlf"
302this option translated a line feed from the terminal into \s-1CR+LF\s0.
303.IP "\fB\-quiet\fR" 4
304.IX Item "-quiet"
305inhibit printing of session and certificate information.
306.IP "\fB\-psk_hint hint\fR" 4
307.IX Item "-psk_hint hint"
308Use the \s-1PSK\s0 identity hint \fBhint\fR when using a \s-1PSK\s0 cipher suite.
309.IP "\fB\-psk key\fR" 4
310.IX Item "-psk key"
--- 153 unchanged lines hidden ---