search

droe / sslsplit

Transparent SSL/TLS interception
https://www.roe.ch/SSLsplit
BSD 2-Clause "Simplified" License
1.73k stars 327 forks source link

sslsplit(1) man page: format issue of -A option description #287

Open oldsong opened 3 years ago

oldsong commented 3 years ago

Description of '-a pemfile' and '-A pemfile' are incorrectly mixed together:

   -a pemfile
          Use client certificate from pemfile when destination server  re‐
          quests  a  client certificate.  -A pemfile Use private key, cer‐
          tificate and certificate chain from PEM  file  pemfile  as  leaf
          certificate instead of generating a leaf certificate on the fly.
          The PEM file must contain a single private key,  a  single  cer‐
          tificate and optionally intermediate and root CA certificates to
          use as certificate chain.  When using -t,  SSLsplit  will  first
          attempt  to  use a matching certificate loaded from certdir.  If
          -t is also used and a connection matches any certificate in  the
          directory  specified  with the -t option, that matching certifi‐
          cate is used instead, taking  precedence  over  the  certificate
          specified with -A.

They should be like:

   -a pemfile
          Use client certificate from pemfile when destination server  re‐
          quests a client certificate.

   -A pemfile
          Use private key, certificate and certificate chain from PEM file
          pemfile as leaf certificate instead of generating  a  leaf  cer‐
          tificate on the fly.  The PEM file must contain a single private
          key, a single certificate and optionally intermediate  and  root
          CA  certificates  to  use  as certificate chain.  When using -t,
          SSLsplit will first attempt to use a matching certificate loaded
          from  certdir.   If -t is also used and a connection matches any
          certificate in the directory specified with the -t option,  that
          matching certificate is used instead, taking precedence over the
          certificate specified with -A.

Fix:

--- sslsplit.1.in       2021-02-04 10:05:05.211796318 +0800
+++ sslsplit.1.in.org   2021-02-04 10:04:30.280082997 +0800
@@ -116,7 +116,6 @@
 .B \-a \fIpemfile\fP
 Use client certificate from \fIpemfile\fP when destination server requests a
 client certificate.
-.TP
 .B \-A \fIpemfile\fP
 Use private key, certificate and certificate chain from PEM file \fIpemfile\fP
 as leaf certificate instead of generating a leaf certificate on the fly.
sonertari commented 3 years ago

Fixed on the develop branch, thanks.