===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.68
retrieving revision 1.69
diff -c -r1.68 -r1.69
*** src/usr.bin/openssl/openssl.1	2016/09/03 13:26:55	1.68
--- src/usr.bin/openssl/openssl.1	2016/09/04 19:38:51	1.69
***************
*** 1,4 ****
! .\" $OpenBSD: openssl.1,v 1.68 2016/09/03 13:26:55 jmc Exp $
  .\" ====================================================================
  .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  .\"
--- 1,4 ----
! .\" $OpenBSD: openssl.1,v 1.69 2016/09/04 19:38:51 jmc Exp $
  .\" ====================================================================
  .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  .\"
***************
*** 112,118 ****
  .\"
  .\" OPENSSL
  .\"
! .Dd $Mdocdate: September 3 2016 $
  .Dt OPENSSL 1
  .Os
  .Sh NAME
--- 112,118 ----
  .\"
  .\" OPENSSL
  .\"
! .Dd $Mdocdate: September 4 2016 $
  .Dt OPENSSL 1
  .Os
  .Sh NAME
***************
*** 4175,4206 ****
  will only perform the handshake to establish SSL connections
  but not transfer any payload data.
  .El
- .\"
- .\" SESS_ID
- .\"
  .Sh SESS_ID
  .nr nS 1
  .Nm "openssl sess_id"
- .Bk -words
  .Op Fl cert
  .Op Fl context Ar ID
  .Op Fl in Ar file
! .Op Fl inform Ar DER | PEM
  .Op Fl noout
  .Op Fl out Ar file
! .Op Fl outform Ar DER | PEM
  .Op Fl text
- .Ek
  .nr nS 0
  .Pp
  The
  .Nm sess_id
  program processes the encoded version of the SSL session structure and
  optionally prints out SSL session details
! .Pq for example the SSL session master key
  in human readable format.
- Since this is a diagnostic tool that needs some knowledge of the SSL
- protocol to use properly, most users will not need to use it.
  .Pp
  The options are as follows:
  .Bl -tag -width Ds
--- 4175,4199 ----
  will only perform the handshake to establish SSL connections
  but not transfer any payload data.
  .El
  .Sh SESS_ID
  .nr nS 1
  .Nm "openssl sess_id"
  .Op Fl cert
  .Op Fl context Ar ID
  .Op Fl in Ar file
! .Op Fl inform Cm der | pem
  .Op Fl noout
  .Op Fl out Ar file
! .Op Fl outform Cm der | pem
  .Op Fl text
  .nr nS 0
  .Pp
  The
  .Nm sess_id
  program processes the encoded version of the SSL session structure and
  optionally prints out SSL session details
! (for example the SSL session master key)
  in human readable format.
  .Pp
  The options are as follows:
  .Bl -tag -width Ds
***************
*** 4211,4299 ****
  .Fl text
  option is also present, then it will be printed out in text form.
  .It Fl context Ar ID
! This option can set the session ID so the output session information uses the
! supplied
  .Ar ID .
! The
! .Ar ID
! can be any string of characters.
! This option won't normally be used.
  .It Fl in Ar file
! This specifies the input
! .Ar file
! to read session information from, or standard input by default.
! .It Fl inform Ar DER | PEM
! This specifies the input format.
! The
! .Ar DER
! argument uses an ASN1 DER-encoded
! format containing session details.
  The precise format can vary from one version to the next.
! The
! .Ar PEM
! form is the default format: it consists of the DER
  format base64-encoded with additional header and footer lines.
  .It Fl noout
! This option prevents output of the encoded version of the session.
  .It Fl out Ar file
! This specifies the output
! .Ar file
! to write session information to, or standard
! output if this option is not specified.
! .It Fl outform Ar DER | PEM
! This specifies the output format; the options have the same meaning as the
! .Fl inform
! option.
  .It Fl text
! Prints out the various public or private key components in
! plain text in addition to the encoded version.
  .El
- .Sh SESS_ID OUTPUT
- Typical output:
- .Bd -literal
- SSL-Session:
-     Protocol  : TLSv1
-     Cipher    : 0016
-     Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
-     Session-ID-ctx: 01000000
-     Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
-     Key-Arg   : None
-     Start Time: 948459261
-     Timeout   : 300 (sec)
-     Verify return code 0 (ok)
- .Ed
  .Pp
! These are described below in more detail.
  .Pp
! .Bl -tag -width "Verify return code " -compact
! .It Ar Protocol
! This is the protocol in use.
! .It Ar Cipher
! The cipher used is the actual raw SSL or TLS cipher code;
! see the SSL or TLS specifications for more information.
! .It Ar Session-ID
! The SSL session ID in hex format.
! .It Ar Session-ID-ctx
! The session ID context in hex format.
! .It Ar Master-Key
! This is the SSL session master key.
! .It Ar Key-Arg
  The key argument; this is only used in SSL v2.
! .It Ar Start Time
! This is the session start time, represented as an integer in standard
  .Ux
  format.
! .It Ar Timeout
! The timeout in seconds.
! .It Ar Verify return code
! This is the return code when an SSL client certificate is verified.
  .El
- .Sh SESS_ID NOTES
- The PEM-encoded session format uses the header and footer lines:
- .Bd -unfilled -offset indent
- -----BEGIN SSL SESSION PARAMETERS-----
- -----END SSL SESSION PARAMETERS-----
- .Ed
  .Pp
  Since the SSL session output contains the master key, it is possible to read
  the contents of an encrypted session using this information.
--- 4204,4261 ----
  .Fl text
  option is also present, then it will be printed out in text form.
  .It Fl context Ar ID
! Set the session
  .Ar ID .
! The ID can be any string of characters.
  .It Fl in Ar file
! The input file to read from,
! or standard input if not specified.
! .It Fl inform Cm der | pem
! The input format.
! .Cm der
! uses an ASN1 DER-encoded format containing session details.
  The precise format can vary from one version to the next.
! .Cm pem
! is the default format: it consists of the DER
  format base64-encoded with additional header and footer lines.
  .It Fl noout
! Do not output the encoded version of the session.
  .It Fl out Ar file
! The output file to write to,
! or standard output if not specified.
! .It Fl outform Cm der | pem
! The output format.
  .It Fl text
! Print the various public or private key components in plain text,
! in addition to the encoded version.
  .El
  .Pp
! The output of
! .Nm sess_id
! is composed as follows:
  .Pp
! .Bl -tag -width "Verify return code " -offset 3n -compact
! .It Protocol
! The protocol in use.
! .It Cipher
! The actual raw SSL or TLS cipher code.
! .It Session-ID
! The SSL session ID, in hex format.
! .It Session-ID-ctx
! The session ID context, in hex format.
! .It Master-Key
! The SSL session master key.
! .It Key-Arg
  The key argument; this is only used in SSL v2.
! .It Start Time
! The session start time.
  .Ux
  format.
! .It Timeout
! The timeout, in seconds.
! .It Verify return code
! The return code when a certificate is verified.
  .El
  .Pp
  Since the SSL session output contains the master key, it is possible to read
  the contents of an encrypted session using this information.
***************
*** 4303,4310 ****
  application.
  This is, however, strongly discouraged and should only be used for
  debugging purposes.
- .Sh SESS_ID BUGS
- The cipher and start time should be printed out in human readable form.
  .\"
  .\" SMIME
  .\"
--- 4265,4270 ----