| s_server.1 (279264) | s_server.1 (273399) |
|---|---|
| 1.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) | 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) |
| 2.\" 3.\" Standard preamble: 4.\" ======================================================================== 5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text --- 23 unchanged lines hidden (view full) --- 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' | 2.\" 3.\" Standard preamble: 4.\" ======================================================================== 5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text --- 23 unchanged lines hidden (view full) --- 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' |
| 41. ds C` 42. ds C' | |
| 43'br\} 44.\" 45.\" Escape single quotes in literal strings from groff's Unicode transform. 46.ie \n(.g .ds Aq \(aq 47.el .ds Aq ' 48.\" 49.\" If the F register is turned on, we'll generate index entries on stderr for 50.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index 51.\" entries marked with X<> in POD. Of course, you'll have to process the 52.\" output yourself in some meaningful fashion. | 41'br\} 42.\" 43.\" Escape single quotes in literal strings from groff's Unicode transform. 44.ie \n(.g .ds Aq \(aq 45.el .ds Aq ' 46.\" 47.\" If the F register is turned on, we'll generate index entries on stderr for 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index 49.\" entries marked with X<> in POD. Of course, you'll have to process the 50.\" output yourself in some meaningful fashion. |
| 53.\" 54.\" Avoid warning from groff about undefined register 'F'. 55.de IX | 51.ie \nF \{\ 52. de IX 53. tm Index:\\$1\t\\n%\t"\\$2" |
| 56.. | 54.. |
| 57.nr rF 0 58.if \n(.g .if rF .nr rF 1 59.if (\n(rF:(\n(.g==0)) \{ 60. if \nF \{ 61. de IX 62. tm Index:\\$1\t\\n%\t"\\$2" | 55. nr % 0 56. rr F 57.\} 58.el \{\ 59. de IX |
| 63.. | 60.. |
| 64. if !\nF==2 \{ 65. nr % 0 66. nr F 2 67. \} 68. \} | |
| 69.\} | 61.\} |
| 70.rr rF | |
| 71.\" 72.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 73.\" Fear. Run. Save yourself. No user-serviceable parts. 74. \" fudge factors for nroff and troff 75.if n \{\ 76. ds #H 0 77. ds #V .8m 78. ds #F .3m --- 49 unchanged lines hidden (view full) --- 128. ds Th \o'LP' 129. ds ae ae 130. ds Ae AE 131.\} 132.rm #[ #] #H #V #F C 133.\" ======================================================================== 134.\" 135.IX Title "S_SERVER 1" | 62.\" 63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 64.\" Fear. Run. Save yourself. No user-serviceable parts. 65. \" fudge factors for nroff and troff 66.if n \{\ 67. ds #H 0 68. ds #V .8m 69. ds #F .3m --- 49 unchanged lines hidden (view full) --- 119. ds Th \o'LP' 120. ds ae ae 121. ds Ae AE 122.\} 123.rm #[ #] #H #V #F C 124.\" ======================================================================== 125.\" 126.IX Title "S_SERVER 1" |
| 136.TH S_SERVER 1 "2015-01-15" "1.0.1l" "OpenSSL" | 127.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL" |
| 137.\" For nroff, turn off justification. Always turn off hyphenation; it makes 138.\" way too many mistakes in technical documents. 139.if n .ad l 140.nh 141.SH "NAME" 142s_server \- SSL/TLS server program 143.SH "SYNOPSIS" 144.IX Header "SYNOPSIS" --- 49 unchanged lines hidden (view full) --- 194[\fB\-status\fR] 195[\fB\-status_verbose\fR] 196[\fB\-status_timeout nsec\fR] 197[\fB\-status_url url\fR] 198[\fB\-nextprotoneg protocols\fR] 199.SH "DESCRIPTION" 200.IX Header "DESCRIPTION" 201The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens | 128.\" For nroff, turn off justification. Always turn off hyphenation; it makes 129.\" way too many mistakes in technical documents. 130.if n .ad l 131.nh 132.SH "NAME" 133s_server \- SSL/TLS server program 134.SH "SYNOPSIS" 135.IX Header "SYNOPSIS" --- 49 unchanged lines hidden (view full) --- 185[\fB\-status\fR] 186[\fB\-status_verbose\fR] 187[\fB\-status_timeout nsec\fR] 188[\fB\-status_url url\fR] 189[\fB\-nextprotoneg protocols\fR] 190.SH "DESCRIPTION" 191.IX Header "DESCRIPTION" 192The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens |
| 202for connections on a given port using \s-1SSL/TLS.\s0 | 193for connections on a given port using \s-1SSL/TLS\s0. |
| 203.SH "OPTIONS" 204.IX Header "OPTIONS" 205.IP "\fB\-accept port\fR" 4 206.IX Item "-accept port" 207the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. 208.IP "\fB\-context id\fR" 4 209.IX Item "-context id" 210sets the \s-1SSL\s0 context id. It can be given any string value. If this option 211is not present a default value will be used. 212.IP "\fB\-cert certname\fR" 4 213.IX Item "-cert certname" 214The certificate to use, most servers cipher suites require the use of a 215certificate and some require a certificate with a certain public key type: | 194.SH "OPTIONS" 195.IX Header "OPTIONS" 196.IP "\fB\-accept port\fR" 4 197.IX Item "-accept port" 198the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. 199.IP "\fB\-context id\fR" 4 200.IX Item "-context id" 201sets the \s-1SSL\s0 context id. It can be given any string value. If this option 202is not present a default value will be used. 203.IP "\fB\-cert certname\fR" 4 204.IX Item "-cert certname" 205The certificate to use, most servers cipher suites require the use of a 206certificate and some require a certificate with a certain public key type: |
| 216for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS 217\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. | 207for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 208(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. |
| 218.IP "\fB\-certform format\fR" 4 219.IX Item "-certform format" | 209.IP "\fB\-certform format\fR" 4 210.IX Item "-certform format" |
| 220The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. | 211The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. |
| 221.IP "\fB\-key keyfile\fR" 4 222.IX Item "-key keyfile" 223The private key to use. If not specified then the certificate file will 224be used. 225.IP "\fB\-keyform format\fR" 4 226.IX Item "-keyform format" | 212.IP "\fB\-key keyfile\fR" 4 213.IX Item "-key keyfile" 214The private key to use. If not specified then the certificate file will 215be used. 216.IP "\fB\-keyform format\fR" 4 217.IX Item "-keyform format" |
| 227The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. | 218The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. |
| 228.IP "\fB\-pass arg\fR" 4 229.IX Item "-pass arg" 230the private key password source. For more information about the format of \fBarg\fR | 219.IP "\fB\-pass arg\fR" 4 220.IX Item "-pass arg" 221the private key password source. For more information about the format of \fBarg\fR |
| 231see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). | 222see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). |
| 232.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 233.IX Item "-dcert filename, -dkey keyname" 234specify an additional certificate and private key, these behave in the 235same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default 236if they are not specified (no additional certificate and key is used). As 237noted above some cipher suites require a certificate containing a key of 238a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key | 223.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 224.IX Item "-dcert filename, -dkey keyname" 225specify an additional certificate and private key, these behave in the 226same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default 227if they are not specified (no additional certificate and key is used). As 228noted above some cipher suites require a certificate containing a key of 229a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key |
| 239and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys | 230and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys |
| 240a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites 241by using an appropriate certificate. 242.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4 243.IX Item "-dcertform format, -dkeyform format, -dpass arg" 244additional certificate and private key format and passphrase respectively. 245.IP "\fB\-nocert\fR" 4 246.IX Item "-nocert" 247if this option is set then no certificate is used. This restricts the --- 24 unchanged lines hidden (view full) --- 272the client. With the \fB\-verify\fR option a certificate is requested but the 273client does not have to send one, with the \fB\-Verify\fR option the client 274must supply a certificate or an error occurs. 275.Sp 276If the ciphersuite cannot request a client certificate (for example an 277anonymous ciphersuite or \s-1PSK\s0) this option has no effect. 278.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 279.IX Item "-crl_check, -crl_check_all" | 231a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites 232by using an appropriate certificate. 233.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4 234.IX Item "-dcertform format, -dkeyform format, -dpass arg" 235additional certificate and private key format and passphrase respectively. 236.IP "\fB\-nocert\fR" 4 237.IX Item "-nocert" 238if this option is set then no certificate is used. This restricts the --- 24 unchanged lines hidden (view full) --- 263the client. With the \fB\-verify\fR option a certificate is requested but the 264client does not have to send one, with the \fB\-Verify\fR option the client 265must supply a certificate or an error occurs. 266.Sp 267If the ciphersuite cannot request a client certificate (for example an 268anonymous ciphersuite or \s-1PSK\s0) this option has no effect. 269.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 270.IX Item "-crl_check, -crl_check_all" |
| 280Check the peer certificate has not been revoked by its \s-1CA.\s0 | 271Check the peer certificate has not been revoked by its \s-1CA\s0. |
| 281The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR 282option all CRLs of all CAs in the chain are checked. 283.IP "\fB\-CApath directory\fR" 4 284.IX Item "-CApath directory" 285The directory to use for client certificate verification. This directory 286must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are 287also used when building the server certificate chain. 288.IP "\fB\-CAfile file\fR" 4 --- 14 unchanged lines hidden (view full) --- 303.IP "\fB\-nbio_test\fR" 4 304.IX Item "-nbio_test" 305tests non blocking I/O 306.IP "\fB\-nbio\fR" 4 307.IX Item "-nbio" 308turns on non blocking I/O 309.IP "\fB\-crlf\fR" 4 310.IX Item "-crlf" | 272The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR 273option all CRLs of all CAs in the chain are checked. 274.IP "\fB\-CApath directory\fR" 4 275.IX Item "-CApath directory" 276The directory to use for client certificate verification. This directory 277must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are 278also used when building the server certificate chain. 279.IP "\fB\-CAfile file\fR" 4 --- 14 unchanged lines hidden (view full) --- 294.IP "\fB\-nbio_test\fR" 4 295.IX Item "-nbio_test" 296tests non blocking I/O 297.IP "\fB\-nbio\fR" 4 298.IX Item "-nbio" 299turns on non blocking I/O 300.IP "\fB\-crlf\fR" 4 301.IX Item "-crlf" |
| 311this option translated a line feed from the terminal into \s-1CR+LF.\s0 | 302this option translated a line feed from the terminal into \s-1CR+LF\s0. |
| 312.IP "\fB\-quiet\fR" 4 313.IX Item "-quiet" 314inhibit printing of session and certificate information. 315.IP "\fB\-psk_hint hint\fR" 4 316.IX Item "-psk_hint hint" 317Use the \s-1PSK\s0 identity hint \fBhint\fR when using a \s-1PSK\s0 cipher suite. 318.IP "\fB\-psk key\fR" 4 319.IX Item "-psk key" --- 153 unchanged lines hidden --- | 303.IP "\fB\-quiet\fR" 4 304.IX Item "-quiet" 305inhibit printing of session and certificate information. 306.IP "\fB\-psk_hint hint\fR" 4 307.IX Item "-psk_hint hint" 308Use the \s-1PSK\s0 identity hint \fBhint\fR when using a \s-1PSK\s0 cipher suite. 309.IP "\fB\-psk key\fR" 4 310.IX Item "-psk key" --- 153 unchanged lines hidden --- |