=head1 SYNOPSIS
+=for openssl duplicate options
+
B<CA.pl>
B<-?> |
B<-h> |
[B<-tls1_1>]
[B<-tls1_2>]
[B<-tls1_3>]
-[B<-s>]
[B<-psk>]
[B<-srp>]
[B<-stdname>]
=head1 SYNOPSIS
+=for openssl duplicate options
+
B<openssl> B<cms>
[B<-help>]
=head1 SYNOPSIS
+=for openssl duplicate options
+
B<openssl> B<pkcs12>
[B<-help>]
[B<-passin> I<arg>]
=item B<-out> I<filename>
The filename to write certificates and private keys to, standard output by
-default. They are all written in PEM format.
+default. They are all written in PEM format.
=item B<-info>
values
=head1 SYNOPSIS
+=for openssl duplicate options
B<openssl>
B<rehash>
[B<-msg>]
[B<-timeout>]
[B<-mtu> I<size>]
-[B<-no_etm>]
[B<-no_ems>]
[B<-keymatexport> I<label>]
[B<-keymatexportlen> I<len>]
[B<-max_pipelines>]
[B<-read_buf>]
[B<-ignore_unexpected_eof>]
-[B<-bugs>]
[B<-no_tx_cert_comp>]
[B<-no_rx_cert_comp>]
-[B<-comp>]
-[B<-no_comp>]
[B<-brief>]
-[B<-legacy_server_connect>]
-[B<-no_legacy_server_connect>]
-[B<-allow_no_dhe_kex>]
-[B<-prefer_no_dhe_kex>]
-[B<-sigalgs> I<sigalglist>]
-[B<-curves> I<curvelist>]
-[B<-cipher> I<cipherlist>]
-[B<-ciphersuites> I<val>]
-[B<-serverpref>]
[B<-starttls> I<protocol>]
-[B<-name> I<hostname>]
[B<-xmpphost> I<hostname>]
[B<-name> I<hostname>]
[B<-tlsextdebug>]
-[B<-no_ticket>]
[B<-sess_out> I<filename>]
-[B<-serverinfo> I<types>]
[B<-sess_in> I<filename>]
[B<-serverinfo> I<types>]
[B<-status>]
Set MTU of the link layer to the specified size.
-=item B<-no_etm>
-
-Disable Encrypt-then-MAC negotiation.
-
=item B<-no_ems>
Disable Extended master secret negotiation.
closed connection will be treated as if the close_notify alert was received.
For more information on shutting down a connection, see L<SSL_shutdown(3)>.
-=item B<-bugs>
-
-There are several known bugs in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
=item B<-no_tx_cert_comp>
Disables support for sending TLSv1.3 compressed certificates.
Disables support for receiving TLSv1.3 compressed certificate.
-=item B<-comp>
-
-Enables support for SSL/TLS compression.
-This option was introduced in OpenSSL 1.1.0.
-TLS compression is not recommended and is off by default as of
-OpenSSL 1.1.0. TLS compression can only be used in security level 1 or
-lower. From OpenSSL 3.2.0 and above the default security level is 2, so this
-option will have no effect without also changing the security level. Use the
-B<-cipher> option to change the security level. See L<openssl-ciphers(1)> for
-more information.
-
-=item B<-no_comp>
-
-Disables support for SSL/TLS compression.
-TLS compression is not recommended and is off by default as of
-OpenSSL 1.1.0.
-
=item B<-brief>
Only provide a brief summary of connection parameters instead of the
normal verbose output.
-=item B<-sigalgs> I<sigalglist>
-
-Specifies the list of signature algorithms that are sent by the client.
-The server selects one entry in the list based on its preferences.
-For example strings, see L<SSL_CTX_set1_sigalgs(3)>
-
-=item B<-curves> I<curvelist>
-
-Specifies the list of supported curves to be sent by the client. The curve is
-ultimately selected by the server.
-
-The list of available groups includes various built-in named EC curves, as well
-as X25519 and X448, FFDHE groups, and any additional groups implemented in the
-default or 3rd-party providers.
-The commands below list the available groups for TLS 1.2 and TLS 1.3,
-respectively:
-
- $ openssl list -tls1_2 -tls-groups
- $ openssl list -tls1_3 -tls-groups
-
-=item B<-cipher> I<cipherlist>
-
-This allows the TLSv1.2 and below cipher list sent by the client to be modified.
-This list will be combined with any TLSv1.3 ciphersuites that have been
-configured. Although the server determines which ciphersuite is used it should
-take the first supported cipher in the list sent by the client. See
-L<openssl-ciphers(1)> for more information.
-
-=item B<-ciphersuites> I<val>
-
-This allows the TLSv1.3 ciphersuites sent by the client to be modified. This
-list will be combined with any TLSv1.2 and below ciphersuites that have been
-configured. Although the server determines which cipher suite is used it should
-take the first supported cipher in the list sent by the client. See
-L<openssl-ciphers(1)> for more information. The format for this list is a simple
-colon (":") separated list of TLSv1.3 ciphersuite names.
-
=item B<-starttls> I<protocol>
Send the protocol-specific message(s) to switch to TLS for communication.
Print out a hex dump of any TLS extensions received from the server.
-=item B<-no_ticket>
-
-Disable RFC4507bis session ticket support.
-
=item B<-sess_out> I<filename>
Output SSL session to I<filename>.
=head1 SYNOPSIS
+=for openssl duplicate options
+
B<openssl> B<s_server>
[B<-help>]
[B<-port> I<+int>]
[B<-verify_quiet>]
[B<-ign_eof>]
[B<-no_ign_eof>]
-[B<-no_etm>]
[B<-no_ems>]
[B<-status>]
[B<-status_verbose>]
[B<-max_pipelines> I<+int>]
[B<-naccept> I<+int>]
[B<-read_buf> I<+int>]
-[B<-bugs>]
[B<-no_tx_cert_comp>]
[B<-no_rx_cert_comp>]
-[B<-no_comp>]
-[B<-comp>]
-[B<-no_ticket>]
-[B<-serverpref>]
-[B<-legacy_renegotiation>]
-[B<-no_renegotiation>]
-[B<-no_resumption_on_reneg>]
-[B<-allow_no_dhe_kex>]
-[B<-prefer_no_dhe_kex>]
-[B<-prioritize_chacha>]
-[B<-strict>]
-[B<-sigalgs> I<val>]
-[B<-client_sigalgs> I<val>]
-[B<-groups> I<val>]
-[B<-curves> I<val>]
-[B<-named_curve> I<val>]
-[B<-cipher> I<val>]
-[B<-ciphersuites> I<val>]
[B<-dhparam> I<infile>]
-[B<-record_padding> I<val>]
-[B<-debug_broken_protocol>]
[B<-nbio>]
[B<-psk_identity> I<val>]
[B<-psk_hint> I<val>]
Do not ignore input EOF.
-=item B<-no_etm>
-
-Disable Encrypt-then-MAC negotiation.
-
=item B<-no_ems>
Disable Extended master secret negotiation.
and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
further information).
-=item B<-bugs>
-
-There are several known bugs in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
=item B<-no_tx_cert_comp>
Disables support for sending TLSv1.3 compressed certificates.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
-=item B<-comp>
-
-Enables support for SSL/TLS compression.
-This option was introduced in OpenSSL 1.1.0.
-TLS compression is not recommended and is off by default as of
-OpenSSL 1.1.0. TLS compression can only be used in security level 1 or
-lower. From OpenSSL 3.2.0 and above the default security level is 2, so this
-option will have no effect without also changing the security level. Use the
-B<-cipher> option to change the security level. See L<openssl-ciphers(1)> for
-more information.
-
-=item B<-no_ticket>
-
-Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
-is negotiated. See B<-num_tickets>.
-
=item B<-num_tickets>
Control the number of tickets that will be sent to the client after a full
handshake in TLSv1.3. The default number of tickets is 2. This option does not
affect the number of tickets sent after a resumption handshake.
-=item B<-serverpref>
-
-Use the server's cipher preferences, rather than the client's preferences.
-
-=item B<-prioritize_chacha>
-
-Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
-
-=item B<-no_resumption_on_reneg>
-
-Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
-
-=item B<-client_sigalgs> I<val>
-
-Signature algorithms to support for client certificate authentication
-(colon-separated list).
-
-=item B<-named_curve> I<val>
-
-Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
-
-The list of available groups includes various built-in named EC curves, as well
-as X25519 and X448, FFDHE groups, and any additional groups implemented in the
-default or 3rd-party providers.
-The commands below list the available groups for TLS 1.2 and TLS 1.3,
-respectively.
-
- $ openssl list -tls1_2 -tls-groups
- $ openssl list -tls1_3 -tls-groups
-
-=item B<-cipher> I<val>
-
-This allows the list of TLSv1.2 and below ciphersuites used by the server to be
-modified. This list is combined with any TLSv1.3 ciphersuites that have been
-configured. When the client sends a list of supported ciphers the first client
-cipher also included in the server list is used. Because the client specifies
-the preference order, the order of the server cipherlist is irrelevant. See
-L<openssl-ciphers(1)> for more information.
-
-=item B<-ciphersuites> I<val>
-
-This allows the list of TLSv1.3 ciphersuites used by the server to be modified.
-This list is combined with any TLSv1.2 and below ciphersuites that have been
-configured. When the client sends a list of supported ciphers the first client
-cipher also included in the server list is used. Because the client specifies
-the preference order, the order of the server cipherlist is irrelevant. See
-L<openssl-ciphers(1)> command for more information. The format for this list is
-a simple colon (":") separated list of TLSv1.3 ciphersuite names.
-
=item B<-dhparam> I<infile>
The DH parameter file to use. The ephemeral DH cipher suites generate keys
The key format; unspecified by default.
See L<openssl-format-options(1)> for details.
-=item B<-stream>, B<-indef>, B<-noindef>
+=item B<-stream>, B<-indef>
The B<-stream> and B<-indef> options are equivalent and enable streaming I/O
for encoding operations. This permits single pass processing of data without
=head1 SYNOPSIS
+=for openssl duplicate options
+
B<openssl> B<ts>
B<-help>
=head1 SYNOPSIS
+=for openssl duplicate options
+
B<openssl>
I<command>
[ I<options> ... ]
# Print error message, set $status.
sub err {
- print join(" ", @_), "\n";
+ my $t = join(" ", @_);
+ $t =~ s/\n//g;
+ print $t, "\n";
$status = 1
}
my $id = shift;
my $filename = shift;
my $contents = shift;
+ my $nodups = 1;
my $synopsis = ($contents =~ /=head1\s+SYNOPSIS(.*?)=head1/s, $1);
+ $nodups = 0 if $synopsis =~ /=for\s+openssl\s+duplicate\s+options/s;
# Some pages have more than one OPTIONS section, let's make sure
# to get them all
}
my @synopsis;
+ my %listed;
while ( $synopsis =~ /$markup_re/msg ) {
my $found = $&;
push @synopsis, $found if $found =~ /^B<-/;
print STDERR "$id:DEBUG[option_check] SYNOPSIS: found $found\n"
if $debug;
my $option_uw = normalise_option($id, $filename, $found);
- err($id, "Malformed option [2] in SYNOPSIS: $found")
- if defined $option_uw && $option_uw eq '';
+ if ( defined $option_uw ) {
+ err($id, "Malformed option [2] in SYNOPSIS: $found")
+ if $option_uw eq '';
+ err($id, "Duplicate option in SYNOPSIS $option_uw\n")
+ if $nodups && defined $listed{$option_uw};
+ $listed{$option_uw} = 1;
+ }
}
# In OPTIONS, we look for =item paragraphs.
# (?=^\s*$) detects an empty line.
my @options;
+ my %described;
while ( $options =~ /=item\s+(.*?)(?=^\s*$)/msg ) {
my $item = $&;
if ($1 // '') ne '' && $found =~ /^B<\s*-/;
my $option_uw = normalise_option($id, $filename, $found);
- err($id, "Malformed option in OPTIONS: $found")
- if defined $option_uw && $option_uw eq '';
+ if ( defined $option_uw ) {
+ err($id, "Malformed option in OPTIONS: $found")
+ if $option_uw eq '';
+ err($id, "Duplicate option in OPTIONS $option_uw\n")
+ if $nodups && defined $described{$option_uw};
+ $described{$option_uw} = 1;
+ }
if ($found =~ /^B<-/) {
push @options, $found;
err($id, "OPTIONS entry $found missing from SYNOPSIS")
projects / thirdparty / openssl.git / commitdiff
