In s_server.c rev. 1.33, jsing added support for "openssl s_server -groups";

document it and deprecate "openssl s_server -named_curve". While here, fix the error in the synopsis for "openssl s_client -groups" and use unified argument naming and similar wording like in SSL_CTX_set1_groups_list(3). OK jsing@
author: schwarze <> 2020-04-25 19:18:40 +0000
committer: schwarze <> 2020-04-25 19:18:40 +0000
commit: 5cc822f1448fb7207634aaf43b8c593d45ab2da1 (patch)
tree: 5b307b6463d7b456a1e83bebdc401f74263f0432
parent: 0c17397515d125e3fcf933229b2031dbee799fc3 (diff)
download: openbsd-5cc822f1448fb7207634aaf43b8c593d45ab2da1.tar.gz
openbsd-5cc822f1448fb7207634aaf43b8c593d45ab2da1.tar.bz2
openbsd-5cc822f1448fb7207634aaf43b8c593d45ab2da1.zip
1 files changed, 18 insertions, 6 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 32a433458f..a1401951e3 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.120 2020/02/19 20:42:12 kn Exp $
+.\" $OpenBSD: openssl.1,v 1.121 2020/04/25 19:18:40 schwarze Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: February 19 2020 $
+.Dd $Mdocdate: April 25 2020 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -2405,7 +2405,7 @@ The value to use for the generator
 .Ar g .
 .It ec_paramgen_curve : Ns Ar curve
 (EC)
-The EC curve to use.
+The elliptic curve to use.
 .El
 .It Fl text
 Print the private/public key in plain text.
@@ -4224,7 +4224,7 @@ Verify the input data and output the recovered data.
 .Op Fl debug
 .Op Fl dtls1
 .Op Fl extended_crl
-.Op Fl groups
+.Op Fl groups Ar list
 .Op Fl host Ar host
 .Op Fl ign_eof
 .Op Fl ignore_critical
@@ -4368,8 +4368,11 @@ as required by some servers.
 Print extensive debugging information, including a hex dump of all traffic.
 .It Fl dtls1
 Permit only DTLS1.0.
-.It Fl groups Ar ecgroups
+.It Fl groups Ar list
-Specify a colon-separated list of permitted EC curve groups.
+Set the supported elliptic curve groups to the colon separated
+.Ar list
+of group NIDs or names as documented in
+.Xr SSL_CTX_set1_groups_list 3 .
 .It Fl host Ar host
 The
 .Ar host
@@ -4528,6 +4531,7 @@ will be used.
 .Op Fl dkeyform Cm der | pem
 .Op Fl dpass Ar arg
 .Op Fl dtls1
+.Op Fl groups Ar list
 .Op Fl HTTP
 .Op Fl id_prefix Ar arg
 .Op Fl key Ar keyfile
@@ -4692,6 +4696,11 @@ If this fails, a static set of parameters hard coded into the
 program will be used.
 .It Fl dtls1
 Permit only DTLS1.0.
+.It Fl groups Ar list
+Set the supported elliptic curve groups to the colon separated
+.Ar list
+of group NIDs or names as documented in
+.Xr SSL_CTX_set1_groups_list 3 .
 .It Fl HTTP
 Emulate a simple web server.
 Pages are resolved relative to the current directory.
@@ -4728,6 +4737,9 @@ Show all protocol messages with hex dump.
 Set the link layer MTU.
 .It Fl named_curve Ar arg
 Specify the elliptic curve name to use for ephemeral ECDH keys.
+This option is deprecated; use
+.Fl groups
+instead.
 .It Fl nbio
 Turn on non-blocking I/O.
 .It Fl nbio_test
author	schwarze <>	2020-04-25 19:18:40 +0000
committer	schwarze <>	2020-04-25 19:18:40 +0000
commit	5cc822f1448fb7207634aaf43b8c593d45ab2da1 (patch)
tree	5b307b6463d7b456a1e83bebdc401f74263f0432
parent	0c17397515d125e3fcf933229b2031dbee799fc3 (diff)
download	openbsd-5cc822f1448fb7207634aaf43b8c593d45ab2da1.tar.gz openbsd-5cc822f1448fb7207634aaf43b8c593d45ab2da1.tar.bz2 openbsd-5cc822f1448fb7207634aaf43b8c593d45ab2da1.zip

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 32a433458f..a1401951e3 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.120 2020/02/19 20:42:12 kn Exp $	1	.\" $OpenBSD: openssl.1,v 1.121 2020/04/25 19:18:40 schwarze Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -110,7 +110,7 @@
110	.\" copied and put under another distribution licence	110	.\" copied and put under another distribution licence
111	.\" [including the GNU Public Licence.]	111	.\" [including the GNU Public Licence.]
112	.\"	112	.\"
113	.Dd $Mdocdate: February 19 2020 $	113	.Dd $Mdocdate: April 25 2020 $
114	.Dt OPENSSL 1	114	.Dt OPENSSL 1
115	.Os	115	.Os
116	.Sh NAME	116	.Sh NAME
@@ -2405,7 +2405,7 @@ The value to use for the generator
2405	.Ar g .	2405	.Ar g .
2406	.It ec_paramgen_curve : Ns Ar curve	2406	.It ec_paramgen_curve : Ns Ar curve
2407	(EC)	2407	(EC)
2408	The EC curve to use.	2408	The elliptic curve to use.
2409	.El	2409	.El
2410	.It Fl text	2410	.It Fl text
2411	Print the private/public key in plain text.	2411	Print the private/public key in plain text.
@@ -4224,7 +4224,7 @@ Verify the input data and output the recovered data.
4224	.Op Fl debug	4224	.Op Fl debug
4225	.Op Fl dtls1	4225	.Op Fl dtls1
4226	.Op Fl extended_crl	4226	.Op Fl extended_crl
4227	.Op Fl groups	4227	.Op Fl groups Ar list
4228	.Op Fl host Ar host	4228	.Op Fl host Ar host
4229	.Op Fl ign_eof	4229	.Op Fl ign_eof
4230	.Op Fl ignore_critical	4230	.Op Fl ignore_critical
@@ -4368,8 +4368,11 @@ as required by some servers.
4368	Print extensive debugging information, including a hex dump of all traffic.	4368	Print extensive debugging information, including a hex dump of all traffic.
4369	.It Fl dtls1	4369	.It Fl dtls1
4370	Permit only DTLS1.0.	4370	Permit only DTLS1.0.
4371	.It Fl groups Ar ecgroups	4371	.It Fl groups Ar list
4372	Specify a colon-separated list of permitted EC curve groups.	4372	Set the supported elliptic curve groups to the colon separated
		4373	.Ar list
		4374	of group NIDs or names as documented in
		4375	.Xr SSL_CTX_set1_groups_list 3 .
4373	.It Fl host Ar host	4376	.It Fl host Ar host
4374	The	4377	The
4375	.Ar host	4378	.Ar host
@@ -4528,6 +4531,7 @@ will be used.
4528	.Op Fl dkeyform Cm der \| pem	4531	.Op Fl dkeyform Cm der \| pem
4529	.Op Fl dpass Ar arg	4532	.Op Fl dpass Ar arg
4530	.Op Fl dtls1	4533	.Op Fl dtls1
		4534	.Op Fl groups Ar list
4531	.Op Fl HTTP	4535	.Op Fl HTTP
4532	.Op Fl id_prefix Ar arg	4536	.Op Fl id_prefix Ar arg
4533	.Op Fl key Ar keyfile	4537	.Op Fl key Ar keyfile
@@ -4692,6 +4696,11 @@ If this fails, a static set of parameters hard coded into the
4692	program will be used.	4696	program will be used.
4693	.It Fl dtls1	4697	.It Fl dtls1
4694	Permit only DTLS1.0.	4698	Permit only DTLS1.0.
		4699	.It Fl groups Ar list
		4700	Set the supported elliptic curve groups to the colon separated
		4701	.Ar list
		4702	of group NIDs or names as documented in
		4703	.Xr SSL_CTX_set1_groups_list 3 .
4695	.It Fl HTTP	4704	.It Fl HTTP
4696	Emulate a simple web server.	4705	Emulate a simple web server.
4697	Pages are resolved relative to the current directory.	4706	Pages are resolved relative to the current directory.
@@ -4728,6 +4737,9 @@ Show all protocol messages with hex dump.
4728	Set the link layer MTU.	4737	Set the link layer MTU.
4729	.It Fl named_curve Ar arg	4738	.It Fl named_curve Ar arg
4730	Specify the elliptic curve name to use for ephemeral ECDH keys.	4739	Specify the elliptic curve name to use for ephemeral ECDH keys.
		4740	This option is deprecated; use
		4741	.Fl groups
		4742	instead.
4731	.It Fl nbio	4743	.It Fl nbio
4732	Turn on non-blocking I/O.	4744	Turn on non-blocking I/O.
4733	.It Fl nbio_test	4745	.It Fl nbio_test