1 files changed, 31 insertions, 21 deletions
diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1
index 8cb96e8734..461e9e41be 100644
--- a/src/usr.bin/nc/nc.1
+++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: nc.1,v 1.69 2015/09/11 21:07:01 beck Exp $
+.\"     $OpenBSD: nc.1,v 1.70 2015/09/12 07:56:56 jmc Exp $
 .\"
 .\" Copyright (c) 1996 David Sacerdote
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 11 2015 $
+.Dd $Mdocdate: September 12 2015 $
 .Dt NC 1
 .Os
 .Sh NAME
@@ -34,12 +34,17 @@
 .Sh SYNOPSIS
 .Nm nc
 .Bk -words
-.Op Fl 46DdFhklNnrStUuvz
+.Op Fl 46cDdFhklNnrStUuvz
+.Op Fl C Ar certfile
+.Op Fl e Ar name
+.Op Fl H Ar hash
 .Op Fl I Ar length
 .Op Fl i Ar interval
+.Op Fl K Ar keyfile
 .Op Fl O Ar length
 .Op Fl P Ar proxy_username
 .Op Fl p Ar source_port
+.Op Fl R Ar CAfile
 .Op Fl s Ar source
 .Op Fl T Ar keyword
 .Op Fl V Ar rtable
@@ -98,17 +103,19 @@ to use IPv4 addresses only.
 Forces
 .Nm
 to use IPv6 addresses only.
-.It Fl C Ar certificate_filename
+.It Fl C Ar certfile
 Specifies the filename from which the public key part of the TLS
-certificate is loaded, in PEM format. May only be used with TLS.
+certificate is loaded, in PEM format.
+May only be used with TLS.
 .It Fl c
-If using a TCP socket to connect or listen, use TLS. Illegal if not using TCP sockets.
+If using a TCP socket to connect or listen, use TLS.
+Illegal if not using TCP sockets.
 .It Fl D
 Enable debugging on the socket.
 .It Fl d
 Do not attempt to read from stdin.
 .It Fl e Ar name
-specify the name that must be present in the peer certificate when using TLS.
+Specify the name that must be present in the peer certificate when using TLS.
 Illegal if not using TLS.
 .It Fl F
 Pass the first connected socket using
@@ -125,7 +132,7 @@ using the
 .Xr ssh_config 5
 .Cm ProxyUseFdpass
 option).
-.It Fl H Ar hash_string
+.It Fl H Ar hash
 Specifies the required hash string of the peer certificate when using TLS.
 The string format required is that used by
 .Xr tls_peer_cert_hash 3 .
@@ -139,9 +146,10 @@ Specifies the size of the TCP receive buffer.
 .It Fl i Ar interval
 Specifies a delay time interval between lines of text sent and received.
 Also causes a delay time between connections to multiple ports.
-.It Fl K Ar key_filename
+.It Fl K Ar keyfile
 Specifies the filename from which the private key
-is loaded in PEM format. May only be used with TLS.
+is loaded in PEM format.
+May only be used with TLS.
 .It Fl k
 Forces
 .Nm
@@ -188,10 +196,11 @@ should use, subject to privilege restrictions and availability.
 It is an error to use this option in conjunction with the
 .Fl l
 option.
-.It Fl R Ar CA_filename
+.It Fl R Ar CAfile
-Specifies the filename from which the root CA bundle for Certificate
+Specifies the filename from which the root CA bundle for certificate
-verification is loaded in pem format. Illegal if not using TLS.
+verification is loaded, in PEM format.
-Default value is
+Illegal if not using TLS.
+The default is
 .Pa /etc/ssl/cert.pem .
 .It Fl r
 Specifies that source and/or destination ports should be chosen randomly
@@ -214,14 +223,15 @@ For TLS options
 .Ar keyword
 may be one of
 .Ar tlslegacy ,
-which allows legacy TLS protocols,
+which allows legacy TLS protocols;
 .Ar noverify ,
-which disables certificate verification
+which disables certificate verification;
 .Ar noname ,
-which disables certificate name checking, or
+which disables certificate name checking; or
-.Ar clientcert,
+.Ar clientcert ,
-which requires a client certificate on incoming connections .
+which requires a client certificate on incoming connections.
 It is illegal to specify TLS options if not using TLS.
+.Pp
 For IPv4 TOS value
 .Ar keyword
 may be one of
@@ -463,8 +473,8 @@ the source port, with a timeout of 5 seconds:
 .Pp
 .Dl $ nc -p 31337 -w 5 host.example.com 42
 .Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate
+Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-TLS. Check for a different name in the certificate for validation.
+Check for a different name in the certificate for validation.
 .Pp
 .Dl $  nc -v -c -e adsf.au.doubleclick.net www.google.ca 443
 .Pp

diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1 index 8cb96e8734..461e9e41be 100644 --- a/src/usr.bin/nc/nc.1 +++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: nc.1,v 1.69 2015/09/11 21:07:01 beck Exp $	1	.\" $OpenBSD: nc.1,v 1.70 2015/09/12 07:56:56 jmc Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 1996 David Sacerdote	3	.\" Copyright (c) 1996 David Sacerdote
4	.\" All rights reserved.	4	.\" All rights reserved.
@@ -25,7 +25,7 @@
25	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	25	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	26	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	.\"	27	.\"
28	.Dd $Mdocdate: September 11 2015 $	28	.Dd $Mdocdate: September 12 2015 $
29	.Dt NC 1	29	.Dt NC 1
30	.Os	30	.Os
31	.Sh NAME	31	.Sh NAME
@@ -34,12 +34,17 @@
34	.Sh SYNOPSIS	34	.Sh SYNOPSIS
35	.Nm nc	35	.Nm nc
36	.Bk -words	36	.Bk -words
37	.Op Fl 46DdFhklNnrStUuvz	37	.Op Fl 46cDdFhklNnrStUuvz
		38	.Op Fl C Ar certfile
		39	.Op Fl e Ar name
		40	.Op Fl H Ar hash
38	.Op Fl I Ar length	41	.Op Fl I Ar length
39	.Op Fl i Ar interval	42	.Op Fl i Ar interval
		43	.Op Fl K Ar keyfile
40	.Op Fl O Ar length	44	.Op Fl O Ar length
41	.Op Fl P Ar proxy_username	45	.Op Fl P Ar proxy_username
42	.Op Fl p Ar source_port	46	.Op Fl p Ar source_port
		47	.Op Fl R Ar CAfile
43	.Op Fl s Ar source	48	.Op Fl s Ar source
44	.Op Fl T Ar keyword	49	.Op Fl T Ar keyword
45	.Op Fl V Ar rtable	50	.Op Fl V Ar rtable
@@ -98,17 +103,19 @@ to use IPv4 addresses only.
98	Forces	103	Forces
99	.Nm	104	.Nm
100	to use IPv6 addresses only.	105	to use IPv6 addresses only.
101	.It Fl C Ar certificate_filename	106	.It Fl C Ar certfile
102	Specifies the filename from which the public key part of the TLS	107	Specifies the filename from which the public key part of the TLS
103	certificate is loaded, in PEM format. May only be used with TLS.	108	certificate is loaded, in PEM format.
		109	May only be used with TLS.
104	.It Fl c	110	.It Fl c
105	If using a TCP socket to connect or listen, use TLS. Illegal if not using TCP sockets.	111	If using a TCP socket to connect or listen, use TLS.
		112	Illegal if not using TCP sockets.
106	.It Fl D	113	.It Fl D
107	Enable debugging on the socket.	114	Enable debugging on the socket.
108	.It Fl d	115	.It Fl d
109	Do not attempt to read from stdin.	116	Do not attempt to read from stdin.
110	.It Fl e Ar name	117	.It Fl e Ar name
111	specify the name that must be present in the peer certificate when using TLS.	118	Specify the name that must be present in the peer certificate when using TLS.
112	Illegal if not using TLS.	119	Illegal if not using TLS.
113	.It Fl F	120	.It Fl F
114	Pass the first connected socket using	121	Pass the first connected socket using
@@ -125,7 +132,7 @@ using the
125	.Xr ssh_config 5	132	.Xr ssh_config 5
126	.Cm ProxyUseFdpass	133	.Cm ProxyUseFdpass
127	option).	134	option).
128	.It Fl H Ar hash_string	135	.It Fl H Ar hash
129	Specifies the required hash string of the peer certificate when using TLS.	136	Specifies the required hash string of the peer certificate when using TLS.
130	The string format required is that used by	137	The string format required is that used by
131	.Xr tls_peer_cert_hash 3 .	138	.Xr tls_peer_cert_hash 3 .
@@ -139,9 +146,10 @@ Specifies the size of the TCP receive buffer.
139	.It Fl i Ar interval	146	.It Fl i Ar interval
140	Specifies a delay time interval between lines of text sent and received.	147	Specifies a delay time interval between lines of text sent and received.
141	Also causes a delay time between connections to multiple ports.	148	Also causes a delay time between connections to multiple ports.
142	.It Fl K Ar key_filename	149	.It Fl K Ar keyfile
143	Specifies the filename from which the private key	150	Specifies the filename from which the private key
144	is loaded in PEM format. May only be used with TLS.	151	is loaded in PEM format.
		152	May only be used with TLS.
145	.It Fl k	153	.It Fl k
146	Forces	154	Forces
147	.Nm	155	.Nm
@@ -188,10 +196,11 @@ should use, subject to privilege restrictions and availability.
188	It is an error to use this option in conjunction with the	196	It is an error to use this option in conjunction with the
189	.Fl l	197	.Fl l
190	option.	198	option.
191	.It Fl R Ar CA_filename	199	.It Fl R Ar CAfile
192	Specifies the filename from which the root CA bundle for Certificate	200	Specifies the filename from which the root CA bundle for certificate
193	verification is loaded in pem format. Illegal if not using TLS.	201	verification is loaded, in PEM format.
194	Default value is	202	Illegal if not using TLS.
		203	The default is
195	.Pa /etc/ssl/cert.pem .	204	.Pa /etc/ssl/cert.pem .
196	.It Fl r	205	.It Fl r
197	Specifies that source and/or destination ports should be chosen randomly	206	Specifies that source and/or destination ports should be chosen randomly
@@ -214,14 +223,15 @@ For TLS options
214	.Ar keyword	223	.Ar keyword
215	may be one of	224	may be one of
216	.Ar tlslegacy ,	225	.Ar tlslegacy ,
217	which allows legacy TLS protocols,	226	which allows legacy TLS protocols;
218	.Ar noverify ,	227	.Ar noverify ,
219	which disables certificate verification	228	which disables certificate verification;
220	.Ar noname ,	229	.Ar noname ,
221	which disables certificate name checking, or	230	which disables certificate name checking; or
222	.Ar clientcert,	231	.Ar clientcert ,
223	which requires a client certificate on incoming connections .	232	which requires a client certificate on incoming connections.
224	It is illegal to specify TLS options if not using TLS.	233	It is illegal to specify TLS options if not using TLS.
		234	.Pp
225	For IPv4 TOS value	235	For IPv4 TOS value
226	.Ar keyword	236	.Ar keyword
227	may be one of	237	may be one of
@@ -463,8 +473,8 @@ the source port, with a timeout of 5 seconds:
463	.Pp	473	.Pp
464	.Dl $ nc -p 31337 -w 5 host.example.com 42	474	.Dl $ nc -p 31337 -w 5 host.example.com 42
465	.Pp	475	.Pp
466	Open a TCP connection to port 443 of www.google.ca, and negotiate	476	Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
467	TLS. Check for a different name in the certificate for validation.	477	Check for a different name in the certificate for validation.
468	.Pp	478	.Pp
469	.Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443	479	.Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443
470	.Pp	480	.Pp