1420290 – ssl2 is still in man pages and help

Bug 1420290 - ssl2 is still in man pages and help

Summary: ssl2 is still in man pages and help

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssl
Sub Component:
Version:	25
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-02-08 11:25 UTC by Patrik Kis
Modified:	2017-03-27 13:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-03-27 13:12:13 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Patrik Kis 2017-02-08 11:25:05 UTC

Description of problem:
openssl stopped support ssl2 but the man pages and help still shows this options. It would be nice to remove it from there to not confuse people.

Version-Release number of selected component (if applicable):
openssl-1.0.2k-1.fc25

How reproducible:
always

Steps to Reproduce:

: | openssl s_client -connect my-domain.com:636 -CAfile /etc/openldap/cacerts/ca.crt  -ssl2
unknown option -ssl2
^^^^^^^^^^^^^^^^^^^^ it says unknown option, what is expected
usage: s_client args

 -host host     - use -connect instead
 -port port     - use -connect instead
 -connect host:port - who to connect to (default is localhost:4433)
 -verify_hostname host - check peer certificate matches "host"
 -verify_email email - check peer certificate matches "email"
 -verify_ip ipaddr - check peer certificate matches "ipaddr"
 -verify arg   - turn on peer certificate verification
 -verify_return_error - return verification errors
 -cert arg     - certificate file to use, PEM format assumed
 -certform arg - certificate format (PEM or DER) PEM default
 -key arg      - Private key file to use, in cert file if
                 not specified but cert file is.
 -keyform arg  - key format (PEM or DER) PEM default
 -pass arg     - private key file pass phrase source
 -CApath arg   - PEM format directory of CA's
 -CAfile arg   - PEM format file of CA's
 -trusted_first - Use trusted CA's first when building the trust chain
 -no_alt_chains - only ever use the first certificate chain found
 -reconnect    - Drop and re-make the connection with the same Session-ID
 -pause        - sleep(1) after each read(2) and write(2) system call
 -prexit       - print session information even on connection failure
 -showcerts    - show all certificates in the chain
 -debug        - extra output
 -msg          - Show protocol messages
 -nbio_test    - more ssl protocol testing
 -state        - print the 'ssl' states
 -nbio         - Run with non-blocking IO
 -crlf         - convert LF from terminal into CRLF
 -quiet        - no s_client output
 -ign_eof      - ignore input eof (default when -quiet)
 -no_ign_eof   - don't ignore input eof
 -psk_identity arg - PSK identity
 -psk arg      - PSK in hex (without 0x)
 -ssl2         - just use SSLv2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ but then it is still here again

It's probably the same for s_server and other commands as well.

And for the man pages:

# rpm -qd openssl | xargs zgrep -l 'ssl2'
/usr/share/doc/openssl/NEWS
/usr/share/man/man1/ciphers.1ssl.gz
/usr/share/man/man1/s_client.1ssl.gz
/usr/share/man/man1/s_server.1ssl.gz
/usr/share/man/man1/s_time.1ssl.gz

Comment 1 Tomas Mraz 2017-03-27 13:12:13 UTC

This is mostly fixed in OpenSSL-1.1.0.

Note You need to log in before you can comment on or make changes to this bug.