diff options
author | Matt Caswell <matt@openssl.org> | 2018-04-24 10:27:32 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-04-25 10:56:02 +0100 |
commit | e77017b39c60ddbb4775e6b0d45a81fe7128caf7 (patch) | |
tree | 6a11755b97c1da156d07cc90a07de8d30432d5e9 /doc | |
parent | 9668efbcf3b924f23320b58b8f44bbe8b9490e5e (diff) |
Fix documentation for the -showcerts s_client option
This option shows the certificates as sent by the server. It is not the
full verified chain.
Fixes #4933
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6069)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/s_client.pod | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index d2cad29d21..77cc0718ec 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -141,8 +141,9 @@ pauses 1 second between each read and write call. =item B<-showcerts> -display the whole server certificate chain: normally only the server -certificate itself is displayed. +Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +B<not> a verified chain. =item B<-prexit> @@ -354,7 +355,8 @@ a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the -B<-showcerts> option can be used to show the whole chain. +B<-showcerts> option can be used to show all the certificates sent by the +server. Since the SSLv23 client hello cannot include compression methods or extensions these will only be supported if its use is disabled, for example by using the |