From 2ea8009a06abaf0096774d1fa3d0d7f6d2f98cf5 Mon Sep 17 00:00:00 2001
From: landry <>
Date: Tue, 11 Aug 2015 05:01:03 +0000
Subject: Improve openssl s_client -starttls xmpp support.

From https://rt.openssl.org/Ticket/Display.html?id=2860&user=guest&pass=guest
- add a -xmpphost option to specify the xmpp virtual host
- fix an infinite loop when the vhost isnt what the server expects
- fix communication with openfire & prosody servers

with tweaks & ok bcook@ doug@ manpage bits jmc@
---
 src/usr.bin/openssl/openssl.1 | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'src/usr.bin/openssl/openssl.1')

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 8d49bf7b36..ea6f9fcbb0 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.18 2015/08/02 12:43:44 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.19 2015/08/11 05:01:03 landry Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: August 2 2015 $
+.Dd $Mdocdate: August 11 2015 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -6487,6 +6487,7 @@ which it can be seen agrees with the recovered value above.
 .Op Fl tlsextdebug
 .Op Fl verify Ar depth
 .Op Fl x509_strict
+.Op Fl xmpphost Ar host
 .Ek
 .nr nS 0
 .Pp
@@ -6675,6 +6676,13 @@ Currently the verify operation continues after errors so all the problems
 with a certificate chain can be seen.
 As a side effect the connection will never fail due to a server
 certificate verify failure.
+.It Fl xmpphost Ar hostname
+This option, when used with
+.Fl starttls Ar xmpp ,
+specifies the host for the "to" attribute of the stream element.
+If this option is not specified then the host specified with
+.Fl connect
+will be used.
 .El
 .Sh S_CLIENT CONNECTED COMMANDS
 If a connection is established with an SSL server, any data received
-- 
cgit v1.2.3-55-g6feb