diff options
author | Peter Pentchev <roam@ringlet.net> | 2015-11-19 16:11:33 +0200 |
---|---|---|
committer | Peter Pentchev <roam@ringlet.net> | 2015-11-19 16:11:33 +0200 |
commit | 2a5fb016906d04643baabbed5105a093bf81a343 (patch) | |
tree | fdc7bcdada1d1fe1424ed147c06b312711452db0 /doc/stunnel.pod.in | |
parent | 911012e41398b34047ca3a6fcf4af8c64205cbfe (diff) |
Imported Upstream version 5.25
Diffstat (limited to 'doc/stunnel.pod.in')
-rw-r--r-- | doc/stunnel.pod.in | 48 |
1 files changed, 40 insertions, 8 deletions
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in index ad9d9a3..519b1d8 100644 --- a/doc/stunnel.pod.in +++ b/doc/stunnel.pod.in @@ -254,12 +254,14 @@ with FIPS 140-2 support. default: no (since version 5.00) -=item B<foreground> = yes | no (Unix only) +=item B<foreground> = yes | quiet | no (Unix only) foreground mode -Stay in foreground (don't fork) and log to stderr -instead of via syslog (unless I<output> is specified). +Stay in foreground (don't fork). + +With the I<yes> parameter it also logs to stderr in addition to +the destinations specified with I<syslog> and I<output>. default: background in daemon mode @@ -436,6 +438,8 @@ Certificates are accepted if no I<checkEmail> option was specified, or the email address of the peer certificate matches any of the email addresses specified with I<checkEmail>. +This option requires OpenSSL 1.0.2 or later. + =item B<checkHost> = HOST host of the peer certificate subject @@ -445,6 +449,8 @@ Certificates are accepted if no I<checkHost> option was specified, or the host name of the peer certificate matches any of the hosts specified with I<checkHost>. +This option requires OpenSSL 1.0.2 or later. + =item B<checkIP> = IP IP address of the peer certificate subject @@ -454,6 +460,8 @@ Certificates are accepted if no I<checkIP> option was specified, or the IP address of the peer certificate matches any of the IP addresses specified with I<checkIP>. +This option requires OpenSSL 1.0.2 or later. + =item B<ciphers> = CIPHER_LIST Select permitted SSL ciphers @@ -467,6 +475,19 @@ client mode (remote service uses SSL) default: no (server mode) +=item B<config> = COMMAND[:PARAMETER] + +B<OpenSSL> configuration command + +The B<OpenSSL> configuration command is executed with the specified parameter. +This allows any configuration commands to be invoked from the stunnel +configuration file. Supported commands are described on the +I<SSL_CONF_cmd(3ssl)> manual page. + +Several I<config> lines can be used to specify multiple configuration commands. + +This option requires OpenSSL 1.0.2 or later. + =item B<connect> = [HOST:]PORT connect to a remote address @@ -700,7 +721,7 @@ I<stunnel -options> lists the options found to be allowed in the current combination of I<stunnel> and the I<OpenSSL> library used to build it. -Several I<options> can be used to specify multiple options. +Several I<option> lines can be used to specify multiple options. An option name can be prepended with a dash ("-") to disable the option. For example, for compatibility with the erroneous Eudora SSL @@ -782,19 +803,24 @@ encryption. =back -=item B<protocolAuthentication> = basic | ntlm +=item B<protocolAuthentication> = AUTHENTICATION authentication type for the protocol negotiations -Currently the authentication type only applies to the 'connect' protocol. +Currently, this option is only supported in the client-side 'connect' and +'smtp' protocols. -default: basic +Supported authentication types for the 'connect' protocol are 'basic' or +'ntlm'. The default 'connect' authentication type is 'basic'. + +Supported authentication types for the 'smtp' protocol are 'plain' or 'login'. +The default 'smtp' authentication type is 'plain'. =item B<protocolDomain> = DOMAIN domain for the protocol negotiations -Currently the protocol domain only applies to the 'connect' protocol. +Currently, this option is only supported in the client-side 'connect' protocol. =item B<protocolHost> = HOST:PORT @@ -811,10 +837,16 @@ protocol. password for the protocol negotiations +Currently, this option is only supported in the client-side 'connect' and +'smtp' protocols. + =item B<protocolUsername> = USERNAME username for the protocol negotiations +Currently, this option is only supported in the client-side 'connect' and +'smtp' protocols. + =item B<PSKidentity> = IDENTITY PSK identity for the PSK client |