Bug 1420290

Summary: ssl2 is still in man pages and help
Product: [Fedora] Fedora Reporter: Patrik Kis <pkis>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-27 13:12:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Patrik Kis 2017-02-08 11:25:05 UTC
Description of problem:
openssl stopped support ssl2 but the man pages and help still shows this options. It would be nice to remove it from there to not confuse people.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

: | openssl s_client -connect my-domain.com:636 -CAfile /etc/openldap/cacerts/ca.crt  -ssl2
unknown option -ssl2
^^^^^^^^^^^^^^^^^^^^ it says unknown option, what is expected
usage: s_client args

 -host host     - use -connect instead
 -port port     - use -connect instead
 -connect host:port - who to connect to (default is localhost:4433)
 -verify_hostname host - check peer certificate matches "host"
 -verify_email email - check peer certificate matches "email"
 -verify_ip ipaddr - check peer certificate matches "ipaddr"
 -verify arg   - turn on peer certificate verification
 -verify_return_error - return verification errors
 -cert arg     - certificate file to use, PEM format assumed
 -certform arg - certificate format (PEM or DER) PEM default
 -key arg      - Private key file to use, in cert file if
                 not specified but cert file is.
 -keyform arg  - key format (PEM or DER) PEM default
 -pass arg     - private key file pass phrase source
 -CApath arg   - PEM format directory of CA's
 -CAfile arg   - PEM format file of CA's
 -trusted_first - Use trusted CA's first when building the trust chain
 -no_alt_chains - only ever use the first certificate chain found
 -reconnect    - Drop and re-make the connection with the same Session-ID
 -pause        - sleep(1) after each read(2) and write(2) system call
 -prexit       - print session information even on connection failure
 -showcerts    - show all certificates in the chain
 -debug        - extra output
 -msg          - Show protocol messages
 -nbio_test    - more ssl protocol testing
 -state        - print the 'ssl' states
 -nbio         - Run with non-blocking IO
 -crlf         - convert LF from terminal into CRLF
 -quiet        - no s_client output
 -ign_eof      - ignore input eof (default when -quiet)
 -no_ign_eof   - don't ignore input eof
 -psk_identity arg - PSK identity
 -psk arg      - PSK in hex (without 0x)
 -ssl2         - just use SSLv2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ but then it is still here again

It's probably the same for s_server and other commands as well.

And for the man pages:

# rpm -qd openssl | xargs zgrep -l 'ssl2'

Comment 1 Tomas Mraz 2017-03-27 13:12:13 UTC
This is mostly fixed in OpenSSL-1.1.0.