diff options
Diffstat (limited to 'usr.bin/nc/nc.1')
| -rw-r--r-- | usr.bin/nc/nc.1 | 52 |
1 files changed, 31 insertions, 21 deletions
diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1 index 8cb96e8734f..461e9e41be9 100644 --- a/usr.bin/nc/nc.1 +++ b/usr.bin/nc/nc.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nc.1,v 1.69 2015/09/11 21:07:01 beck Exp $ +.\" $OpenBSD: nc.1,v 1.70 2015/09/12 07:56:56 jmc Exp $ .\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 11 2015 $ +.Dd $Mdocdate: September 12 2015 $ .Dt NC 1 .Os .Sh NAME @@ -34,12 +34,17 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46DdFhklNnrStUuvz +.Op Fl 46cDdFhklNnrStUuvz +.Op Fl C Ar certfile +.Op Fl e Ar name +.Op Fl H Ar hash .Op Fl I Ar length .Op Fl i Ar interval +.Op Fl K Ar keyfile .Op Fl O Ar length .Op Fl P Ar proxy_username .Op Fl p Ar source_port +.Op Fl R Ar CAfile .Op Fl s Ar source .Op Fl T Ar keyword .Op Fl V Ar rtable @@ -98,17 +103,19 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. -.It Fl C Ar certificate_filename +.It Fl C Ar certfile Specifies the filename from which the public key part of the TLS -certificate is loaded, in PEM format. May only be used with TLS. +certificate is loaded, in PEM format. +May only be used with TLS. .It Fl c -If using a TCP socket to connect or listen, use TLS. Illegal if not using TCP sockets. +If using a TCP socket to connect or listen, use TLS. +Illegal if not using TCP sockets. .It Fl D Enable debugging on the socket. .It Fl d Do not attempt to read from stdin. .It Fl e Ar name -specify the name that must be present in the peer certificate when using TLS. +Specify the name that must be present in the peer certificate when using TLS. Illegal if not using TLS. .It Fl F Pass the first connected socket using @@ -125,7 +132,7 @@ using the .Xr ssh_config 5 .Cm ProxyUseFdpass option). -.It Fl H Ar hash_string +.It Fl H Ar hash Specifies the required hash string of the peer certificate when using TLS. The string format required is that used by .Xr tls_peer_cert_hash 3 . @@ -139,9 +146,10 @@ Specifies the size of the TCP receive buffer. .It Fl i Ar interval Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports. -.It Fl K Ar key_filename +.It Fl K Ar keyfile Specifies the filename from which the private key -is loaded in PEM format. May only be used with TLS. +is loaded in PEM format. +May only be used with TLS. .It Fl k Forces .Nm @@ -188,10 +196,11 @@ should use, subject to privilege restrictions and availability. It is an error to use this option in conjunction with the .Fl l option. -.It Fl R Ar CA_filename -Specifies the filename from which the root CA bundle for Certificate -verification is loaded in pem format. Illegal if not using TLS. -Default value is +.It Fl R Ar CAfile +Specifies the filename from which the root CA bundle for certificate +verification is loaded, in PEM format. +Illegal if not using TLS. +The default is .Pa /etc/ssl/cert.pem . .It Fl r Specifies that source and/or destination ports should be chosen randomly @@ -214,14 +223,15 @@ For TLS options .Ar keyword may be one of .Ar tlslegacy , -which allows legacy TLS protocols, +which allows legacy TLS protocols; .Ar noverify , -which disables certificate verification +which disables certificate verification; .Ar noname , -which disables certificate name checking, or -.Ar clientcert, -which requires a client certificate on incoming connections . +which disables certificate name checking; or +.Ar clientcert , +which requires a client certificate on incoming connections. It is illegal to specify TLS options if not using TLS. +.Pp For IPv4 TOS value .Ar keyword may be one of @@ -463,8 +473,8 @@ the source port, with a timeout of 5 seconds: .Pp .Dl $ nc -p 31337 -w 5 host.example.com 42 .Pp -Open a TCP connection to port 443 of www.google.ca, and negotiate -TLS. Check for a different name in the certificate for validation. +Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. +Check for a different name in the certificate for validation. .Pp .Dl $ nc -v -c -e adsf.au.doubleclick.net www.google.ca 443 .Pp |