Use the PSK key key when using a PSK cipher suite. The default value is "Client_identity" (without the quotes). Use the PSK identity identity when using a PSK cipher suite.
Can be used to override the implicit -ign_eof after -quiet. Shut down the connection when end of file is reached in the input. This implicitly turns on -ign_eof as well. Inhibit printing of session and certificate information. Inhibit shutting down the connection when end of file is reached in the input. This option translated a line feed from the terminal into CR+LF as required by some servers. Show all protocol messages with hex dump. Print extensive debugging information including a hex dump of all traffic. Note: the output produced by this option is not always accurate because a connection might never have been established. This option is useful because the cipher in use may be renegotiated or the connection may fail because a client certificate is required or is requested only after an attempt is made to access a certain URL. Normally information will only be printed out once if the connection succeeds. This will always attempt to print out information even if the connection fails. Print session information when the program exits. showcertsĭisplays the server certificate list as sent by the server: it only consists of certificates the server has sent (in the order the server has sent them). Pauses 1 second between each read and write call. Reconnects to the same server 5 times using the same session ID, this can be used as a test that session caching is working. Set various certificate chain valiadition option. purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains CAfile fileĪ file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. These are also used when building the client certificate chain. This directory must be in "hash format", see verify for more information. The directory to use for server certificate verification. This will typically abort the handshake with a fatal error.
MAN OPENSSL VERIFICATION
Return verification errors instead of continuing. As a side effect the connection will never fail due to a server certificate verify failure. Currently the verify operation continues after errors so all the problems with a certificate chain can be seen. This specifies the maximum length of the server certificate chain and turns on server certificate verification. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1). If not specified then the certificate file will be used. The certificate format to use: DER or PEM. The certificate to use, if one is requested by the server. Set the TLS SNI (Server Name Indication) extension in the ClientHello message. If not specified then an attempt is made to connect to the local host on port 4433.
This specifies the host and optional port to connect to. It is a very useful diagnostic tool for SSL servers. The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.
Openssl-s_client, s_client - SSL/TLS client program SYNOPSIS
0 kommentar(er)
