2000-01-22 06:38:52 +08:00
|
|
|
=pod
|
2020-02-27 05:45:31 +08:00
|
|
|
{- OpenSSL::safe::output_do_not_edit_headers(); -}
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
2020-02-19 00:52:12 +08:00
|
|
|
openssl-sess_id - SSL/TLS session handling command
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
B<openssl> B<sess_id>
|
2016-02-06 00:58:45 +08:00
|
|
|
[B<-help>]
|
2019-09-26 03:20:11 +08:00
|
|
|
[B<-inform> B<DER>|B<PEM>]
|
2019-10-02 00:16:29 +08:00
|
|
|
[B<-outform> B<DER>|B<PEM>|B<NSS>]
|
2019-09-26 03:20:11 +08:00
|
|
|
[B<-in> I<filename>]
|
|
|
|
[B<-out> I<filename>]
|
2000-01-22 06:38:52 +08:00
|
|
|
[B<-text>]
|
Document most missing options
Add cmd-nits make target.
Listing options should stop when it hits the "parameters" separator.
Add missing .pod.in files to doc/man1/build.info
Tweak find-doc-nits to try openssl-XXX before XXX for POD files and
change an error messavge to be more useful.
Fix the following pages: ca, cms, crl, dgst, enc,
engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand,
rehash, req, rsautil, s_server, speed, s_time,
sess_id, smime, srp, ts, x509.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10873)
2020-01-17 02:40:52 +08:00
|
|
|
[B<-cert>]
|
2000-01-22 06:38:52 +08:00
|
|
|
[B<-noout>]
|
2019-09-26 03:20:11 +08:00
|
|
|
[B<-context> I<ID>]
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-02 01:43:36 +08:00
|
|
|
This command processes the encoded version of the SSL session
|
|
|
|
structure and optionally prints out SSL session details (for example
|
|
|
|
the SSL session master key) in human readable format. Since this is a
|
|
|
|
diagnostic tool that needs some knowledge of the SSL protocol to use
|
|
|
|
properly, most users will not need to use it.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2019-10-10 09:48:33 +08:00
|
|
|
The precise format of the data can vary across OpenSSL versions and
|
|
|
|
is not documented.
|
|
|
|
|
2016-12-13 00:14:40 +08:00
|
|
|
=head1 OPTIONS
|
2016-05-26 02:29:57 +08:00
|
|
|
|
2000-01-22 06:38:52 +08:00
|
|
|
=over 4
|
|
|
|
|
2016-02-06 00:58:45 +08:00
|
|
|
=item B<-help>
|
|
|
|
|
|
|
|
Print out a usage message.
|
|
|
|
|
2019-10-10 09:48:33 +08:00
|
|
|
=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>|B<NSS>
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2019-10-10 09:48:33 +08:00
|
|
|
The input and output formats; the default is PEM.
|
|
|
|
See L<openssl(1)/Format Options> for details.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2019-10-10 09:48:33 +08:00
|
|
|
For B<NSS> output, the session ID and master key are reported in NSS "keylog"
|
|
|
|
format.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2019-09-26 03:20:11 +08:00
|
|
|
=item B<-in> I<filename>
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
This specifies the input filename to read session information from or standard
|
|
|
|
input by default.
|
|
|
|
|
2019-09-26 03:20:11 +08:00
|
|
|
=item B<-out> I<filename>
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2000-02-04 07:23:24 +08:00
|
|
|
This specifies the output filename to write session information to or standard
|
2000-01-22 06:38:52 +08:00
|
|
|
output if this option is not specified.
|
|
|
|
|
|
|
|
=item B<-text>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
Prints out the various public or private key components in
|
2016-05-20 20:11:46 +08:00
|
|
|
plain text in addition to the encoded version.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=item B<-cert>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
If a certificate is present in the session it will be output using this option,
|
2000-01-22 06:38:52 +08:00
|
|
|
if the B<-text> option is also present then it will be printed out in text form.
|
|
|
|
|
|
|
|
=item B<-noout>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
This option prevents output of the encoded version of the session.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2019-09-26 03:20:11 +08:00
|
|
|
=item B<-context> I<ID>
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
This option can set the session id so the output session information uses the
|
2016-08-06 01:56:58 +08:00
|
|
|
supplied ID. The ID can be any string of characters. This option won't normally
|
2000-01-22 06:38:52 +08:00
|
|
|
be used.
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 OUTPUT
|
|
|
|
|
|
|
|
Typical output:
|
|
|
|
|
|
|
|
SSL-Session:
|
|
|
|
Protocol : TLSv1
|
|
|
|
Cipher : 0016
|
|
|
|
Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
|
|
|
|
Session-ID-ctx: 01000000
|
|
|
|
Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
|
|
|
|
Key-Arg : None
|
|
|
|
Start Time: 948459261
|
|
|
|
Timeout : 300 (sec)
|
|
|
|
Verify return code 0 (ok)
|
|
|
|
|
2020-02-03 05:54:01 +08:00
|
|
|
These are described below in more detail.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item B<Protocol>
|
|
|
|
|
2018-09-01 08:40:51 +08:00
|
|
|
This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=item B<Cipher>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
The cipher used this is the actual raw SSL or TLS cipher code, see the SSL
|
2000-01-22 06:38:52 +08:00
|
|
|
or TLS specifications for more information.
|
|
|
|
|
|
|
|
=item B<Session-ID>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
The SSL session ID in hex format.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=item B<Session-ID-ctx>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
The session ID context in hex format.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=item B<Master-Key>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
This is the SSL session master key.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=item B<Start Time>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
This is the session start time represented as an integer in standard
|
|
|
|
Unix format.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=item B<Timeout>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
The timeout in seconds.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=item B<Verify return code>
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
This is the return code when an SSL client certificate is verified.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 NOTES
|
|
|
|
|
2017-03-30 05:38:30 +08:00
|
|
|
Since the SSL session output contains the master key it is
|
|
|
|
possible to read the contents of an encrypted session using this
|
2020-06-30 03:13:07 +08:00
|
|
|
information. Therefore, appropriate security precautions should be taken if
|
2017-03-30 05:38:30 +08:00
|
|
|
the information is being output by a "real" application. This is however
|
|
|
|
strongly discouraged and should only be used for debugging purposes.
|
2000-01-22 06:38:52 +08:00
|
|
|
|
|
|
|
=head1 BUGS
|
|
|
|
|
|
|
|
The cipher and start time should be printed out in human readable form.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2019-08-22 07:04:41 +08:00
|
|
|
L<openssl(1)>,
|
|
|
|
L<openssl-ciphers(1)>,
|
|
|
|
L<openssl-s_server(1)>
|
2000-01-22 06:38:52 +08:00
|
|
|
|
2016-05-18 23:44:05 +08:00
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
2020-04-23 20:55:52 +08:00
|
|
|
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
2016-05-18 23:44:05 +08:00
|
|
|
|
2018-12-06 21:04:11 +08:00
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 23:44:05 +08:00
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|