Imported Upstream version 5.25

1 files changed, 40 insertions, 8 deletions

diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
index ad9d9a3..519b1d8 100644
--- a/doc/stunnel.pod.in
+++ b/doc/stunnel.pod.in
@@ -254,12 +254,14 @@ with FIPS 140-2 support.
 
 default: no (since version 5.00)
 
-=item B<foreground> = yes | no (Unix only)
+=item B<foreground> = yes | quiet | no (Unix only)
 
 foreground mode
 
-Stay in foreground (don't fork) and log to stderr
-instead of via syslog (unless I<output> is specified).
+Stay in foreground (don't fork).
+
+With the I<yes> parameter it also logs to stderr in addition to
+the destinations specified with I<syslog> and I<output>.
 
 default: background in daemon mode
 
@@ -436,6 +438,8 @@ Certificates are accepted if no I<checkEmail> option was specified, or the
 email address of the peer certificate matches any of the email addresses
 specified with I<checkEmail>.
 
+This option requires OpenSSL 1.0.2 or later.
+
 =item B<checkHost> = HOST
 
 host of the peer certificate subject
@@ -445,6 +449,8 @@ Certificates are accepted if no I<checkHost> option was specified, or the host
 name of the peer certificate matches any of the hosts specified with
 I<checkHost>.
 
+This option requires OpenSSL 1.0.2 or later.
+
 =item B<checkIP> = IP
 
 IP address of the peer certificate subject
@@ -454,6 +460,8 @@ Certificates are accepted if no I<checkIP> option was specified, or the IP
 address of the peer certificate matches any of the IP addresses specified with
 I<checkIP>.
 
+This option requires OpenSSL 1.0.2 or later.
+
 =item B<ciphers> = CIPHER_LIST
 
 Select permitted SSL ciphers
@@ -467,6 +475,19 @@ client mode (remote service uses SSL)
 
 default: no (server mode)
 
+=item B<config> = COMMAND[:PARAMETER]
+
+B<OpenSSL> configuration command
+
+The B<OpenSSL> configuration command is executed with the specified parameter.
+This allows any configuration commands to be invoked from the stunnel
+configuration file.  Supported commands are described on the
+I<SSL_CONF_cmd(3ssl)> manual page.
+
+Several I<config> lines can be used to specify multiple configuration commands.
+
+This option requires OpenSSL 1.0.2 or later.
+
 =item B<connect> = [HOST:]PORT
 
 connect to a remote address
@@ -700,7 +721,7 @@ I<stunnel -options> lists the options found to be allowed in the
 current combination of I<stunnel> and the I<OpenSSL> library used
 to build it.
 
-Several I<options> can be used to specify multiple options.
+Several I<option> lines can be used to specify multiple options.
 An option name can be prepended with a dash ("-") to disable the option.
 
 For example, for compatibility with the erroneous Eudora SSL
@@ -782,19 +803,24 @@ encryption.
 
 =back
 
-=item B<protocolAuthentication> = basic | ntlm
+=item B<protocolAuthentication> = AUTHENTICATION
 
 authentication type for the protocol negotiations
 
-Currently the authentication type only applies to the 'connect' protocol.
+Currently, this option is only supported in the client-side 'connect' and
+'smtp' protocols.
 
-default: basic
+Supported authentication types for the 'connect' protocol are 'basic' or
+'ntlm'.  The default 'connect' authentication type is 'basic'.
+
+Supported authentication types for the 'smtp' protocol are 'plain' or 'login'.
+The default 'smtp' authentication type is 'plain'.
 
 =item B<protocolDomain> = DOMAIN
 
 domain for the protocol negotiations
 
-Currently the protocol domain only applies to the 'connect' protocol.
+Currently, this option is only supported in the client-side 'connect' protocol.
 
 =item B<protocolHost> = HOST:PORT
 
@@ -811,10 +837,16 @@ protocol.
 
 password for the protocol negotiations
 
+Currently, this option is only supported in the client-side 'connect' and
+'smtp' protocols.
+
 =item B<protocolUsername> = USERNAME
 
 username for the protocol negotiations
 
+Currently, this option is only supported in the client-side 'connect' and
+'smtp' protocols.
+
 =item B<PSKidentity> = IDENTITY
 
 PSK identity for the PSK client