-crl_check / -crl_check_all don't do anything. Other status options added to help
verify_return_error needs something better but I can't quite explain it. Some documentation for it is in the CHANGELOG Cheers, Daniel
Index: apps/s_server.c =================================================================== RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v retrieving revision 1.143 diff -u -b -B -r1.143 s_server.c --- apps/s_server.c 18 Aug 2009 11:15:33 -0000 1.143 +++ apps/s_server.c 31 Aug 2009 11:16:18 -0000 @@ -410,13 +410,9 @@ BIO_printf(bio_err," -context arg - set session ID context\n"); BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err," -verify_return_error - errors are returned via callback\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ - " The CRL(s) are appended to the certificate file\n"); - BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ - " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ - " the certificate file.\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); @@ -441,6 +437,7 @@ BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err," -debug - Print more output\n"); BIO_printf(bio_err," -msg - Show protocol messages\n"); + BIO_printf(bio_err," -hack - Enable a hack to account for a Netscape cipher change bug\n"); BIO_printf(bio_err," -state - Print the SSL states\n"); BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); @@ -483,6 +480,10 @@ BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); #ifndef OPENSSL_NO_TLSEXT + BIO_printf(bio_err," -status - Provide status information if client requests it\n"); + BIO_printf(bio_err," -status_url url - Status url to retreive OCSP information from\n"); + BIO_printf(bio_err," -status_verbose - be verbose on status retreival\n"); + BIO_printf(bio_err," -status_timeout arg - time in seconds for status retreival\n"); BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n");
