Fix documentation for the -showcerts s_client option

This option shows the certificates as sent by the server. It is not the full verified chain. Fixes #4933 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6067)
author: Matt Caswell <matt@openssl.org> 2018-04-24 10:27:32 +0100
committer: Matt Caswell <matt@openssl.org> 2018-04-25 10:50:54 +0100
commit: bdb59d97a6a92498926ad8b3d5e166258339b447 (patch)
tree: b284bbef257d1c5a68519638543b5fb27cb98f0c /doc/man1
parent: 4522e130c87c341342c640bba970f4b89755f1cb (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index a06d3a6291..5d33e1c993 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -333,8 +333,9 @@ be used as a test that session caching is working.
 
 =item B<-showcerts>
 
-Display the whole server certificate chain: normally only the server
-certificate itself is displayed.
+Displays the server certificate list as sent by the server: it only consists of
+certificates the server has sent (in the order the server has sent them). It is
+B<not> a verified chain.
 
 =item B<-prexit>
 
@@ -695,7 +696,8 @@ a client certificate. Therefor merely including a client certificate
 on the command line is no guarantee that the certificate works.
 
 If there are problems verifying a server certificate then the
-B<-showcerts> option can be used to show the whole chain.
+B<-showcerts> option can be used to show all the certificates sent by the
+server.
 
 The B<s_client> utility is a test tool and is designed to continue the
 handshake after any certificate verification errors. As a result it will
author	Matt Caswell <matt@openssl.org>	2018-04-24 10:27:32 +0100
committer	Matt Caswell <matt@openssl.org>	2018-04-25 10:50:54 +0100
commit	bdb59d97a6a92498926ad8b3d5e166258339b447 (patch)
tree	b284bbef257d1c5a68519638543b5fb27cb98f0c /doc/man1
parent	4522e130c87c341342c640bba970f4b89755f1cb (diff)