Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sslsplit(1) man page: format issue of -A option description #287

Open
oldsong opened this issue Feb 4, 2021 · 1 comment
Open

sslsplit(1) man page: format issue of -A option description #287

oldsong opened this issue Feb 4, 2021 · 1 comment

Comments

@oldsong
Copy link

oldsong commented Feb 4, 2021

Description of '-a pemfile' and '-A pemfile' are incorrectly mixed together:

   -a pemfile
          Use client certificate from pemfile when destination server  re‐
          quests  a  client certificate.  -A pemfile Use private key, cer‐
          tificate and certificate chain from PEM  file  pemfile  as  leaf
          certificate instead of generating a leaf certificate on the fly.
          The PEM file must contain a single private key,  a  single  cer‐
          tificate and optionally intermediate and root CA certificates to
          use as certificate chain.  When using -t,  SSLsplit  will  first
          attempt  to  use a matching certificate loaded from certdir.  If
          -t is also used and a connection matches any certificate in  the
          directory  specified  with the -t option, that matching certifi‐
          cate is used instead, taking  precedence  over  the  certificate
          specified with -A.

They should be like:

   -a pemfile
          Use client certificate from pemfile when destination server  re‐
          quests a client certificate.

   -A pemfile
          Use private key, certificate and certificate chain from PEM file
          pemfile as leaf certificate instead of generating  a  leaf  cer‐
          tificate on the fly.  The PEM file must contain a single private
          key, a single certificate and optionally intermediate  and  root
          CA  certificates  to  use  as certificate chain.  When using -t,
          SSLsplit will first attempt to use a matching certificate loaded
          from  certdir.   If -t is also used and a connection matches any
          certificate in the directory specified with the -t option,  that
          matching certificate is used instead, taking precedence over the
          certificate specified with -A.

Fix:

--- sslsplit.1.in       2021-02-04 10:05:05.211796318 +0800
+++ sslsplit.1.in.org   2021-02-04 10:04:30.280082997 +0800
@@ -116,7 +116,6 @@
 .B \-a \fIpemfile\fP
 Use client certificate from \fIpemfile\fP when destination server requests a
 client certificate.
-.TP
 .B \-A \fIpemfile\fP
 Use private key, certificate and certificate chain from PEM file \fIpemfile\fP
 as leaf certificate instead of generating a leaf certificate on the fly.
sonertari added a commit to sonertari/SSLproxy that referenced this issue Feb 10, 2021
@sonertari
Fix formatting for -A option
6b2072d 
Reported on sslsplit as droe/sslsplit#287
sonertari added a commit that referenced this issue Feb 14, 2021
@sonertari
Fix formatting for -A option, issue #287 reported by @oldsong
6a21e57
@sonertari
Copy link
Collaborator

Fixed on the develop branch, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonertari @oldsong