The branch OpenSSL_1_0_2-stable has been updated
via e77017b39c60ddbb4775e6b0d45a81fe7128caf7 (commit)
from 9668efbcf3b924f23320b58b8f44bbe8b9490e5e (commit)
- Log -----------------------------------------------------------------
commit e77017b39c60ddbb4775e6b0d45a81fe7128caf7
Author: Matt Caswell <[email protected]>
Date: Tue Apr 24 10:27:32 2018 +0100
Fix documentation for the -showcerts s_client option
This option shows the certificates as sent by the server. It is not the
full verified chain.
Fixes #4933
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/6069)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 2 +-
doc/apps/s_client.pod | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index c855668..9b09672 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -337,7 +337,7 @@ static void sc_usage(void)
BIO_printf(bio_err,
" -prexit - print session information even on connection
failure\n");
BIO_printf(bio_err,
- " -showcerts - show all certificates in the chain\n");
+ " -showcerts - Show all certificates sent by the server\n");
BIO_printf(bio_err, " -debug - extra output\n");
#ifdef WATT32
BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index d2cad29..77cc071 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -141,8 +141,9 @@ pauses 1 second between each read and write call.
=item B<-showcerts>
-display the whole server certificate chain: normally only the server
-certificate itself is displayed.
+Displays the server certificate list as sent by the server: it only consists of
+certificates the server has sent (in the order the server has sent them). It is
+B<not> a verified chain.
=item B<-prexit>
@@ -354,7 +355,8 @@ a client certificate. Therefor merely including a client
certificate
on the command line is no guarantee that the certificate works.
If there are problems verifying a server certificate then the
-B<-showcerts> option can be used to show the whole chain.
+B<-showcerts> option can be used to show all the certificates sent by the
+server.
Since the SSLv23 client hello cannot include compression methods or extensions
these will only be supported if its use is disabled, for example by using the
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
