diff options
| author | June McEnroe <june@causal.agency> | 2020-01-12 18:07:54 -0500 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2020-01-12 18:07:54 -0500 |
| commit | 5e6094e437a5437ceb6b083d16995ea629a4d720 (patch) | |
| tree | 34ad1b244212caab1b832a6243988e388282434a /pounce.1 | |
| parent | Add a vendor capability for passive clients (diff) | |
| download | pounce-5e6094e437a5437ceb6b083d16995ea629a4d720.tar.gz pounce-5e6094e437a5437ceb6b083d16995ea629a4d720.zip | |
Add option to set local client CA
This is a little bit messy. Allows setting either -A or -W or both. Implements SASL EXTERNAL for clients that expect that when connecting with a client certificate. Need to test that reloading still works inside capsicum, since I suspect that rewind call may be blocked.
Diffstat (limited to 'pounce.1')
| -rw-r--r-- | pounce.1 | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/pounce.1 b/pounce.1 index 3b7f8e1..3aed409 100644 --- a/pounce.1 +++ b/pounce.1 @@ -1,4 +1,4 @@ -.Dd January 10, 2020 +.Dd January 12, 2020 .Dt POUNCE 1 .Os . @@ -9,6 +9,7 @@ .Sh SYNOPSIS .Nm .Op Fl Nev +.Op Fl A Ar cert .Op Fl C Ar cert .Op Fl H Ar host .Op Fl K Ar priv @@ -68,6 +69,20 @@ following their corresponding flags. The arguments are as follows: . .Bl -tag -width Ds +.It Fl A Ar path , Cm client-ca = Ar path +Load the TLS client certificate authority (CA) from +.Ar path . +If +.Fl W +is unset, +clients must present a certificate signed by the CA +to connect. +If +.Fl W +is also set, +clients may either connect using the password +or a client certificate. +. .It Fl C Ar path , Cm cert = Ar path Load TLS certificate from .Ar path . @@ -132,6 +147,11 @@ The .Ar pass string must be hashed using .Fl x . +If +.Fl A +is also set, +clients may instead connect +using a client certificate. . .It Fl a Ar user : Ns Ar pass , Cm sasl-plain = Ar user : Ns Ar pass Authenticate as |