M man8/s6-tlsd-io.8 => man8/s6-tlsd-io.8 +8 -4
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd January 15, 2023
.Dt S6-TLSD-IO 8
.Os
.Sh NAME
@@ 135,14 135,18 @@ Transmit EOF by half-closing the TCP connection without using
.Ql close_notify .
This is the default.
.It Fl Y
-Require an optional client certificate.
+Request a client certificate.
+The certificate is optional: if the client gives none, the connection
+proceeds.
.It Fl y
-Require a mandatory client certificate.
+Request a client certificate.
+The certificate is mandatory: if the client gives none, the handshake
+fails.
The default, with neither the
.Fl Y
nor the
.Fl y
-option, is not to require a client certificate at all.
+option, is not to request a client certificate at all.
.It Fl K Ar kimeout
If the peer fails to send data for
.Ar kimeout
M man8/s6-tlsd.8 => man8/s6-tlsd.8 +9 -7
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd January 15, 2023
.Dt S6-TLSD 8
.Os
.Sh NAME
@@ 99,14 99,14 @@ Transmit EOF by half-closing the TCP connection without using
.Ql close_notify .
This is the default.
.It Fl Y
-Require an optional client certificate.
+Request an optional client certificate.
.It Fl y
-Require a mandatory client certificate.
+Request a mandatory client certificate.
The default, with neither the
.Fl Y
nor the
.Fl y
-option, is not to require a client certificate at all.
+option, is not to request a client certificate at all.
.It Fl K Ar kimeout
If the peer fails to send data for
.Ar kimeout
@@ 202,10 202,12 @@ and
They're passed to the
.Xr s6-tlsd-io 8
child but not to
-.Ar prog... .
-The
+.Ar prog... ;
+the
.Fl Z
-option prevents that behaviour and keeps them accessible in the child.
+option keeps them accessible in
+.Ar prog...
+as well.
.Pp
However,
.Ar prog...
M man8/s6-tlsserver.8 => man8/s6-tlsserver.8 +5 -4
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd January 15, 2023
.Dt S6-TLSSERVER 8
.Os
.Sh NAME
@@ 278,9 278,10 @@ s environment.
.Sh EXAMPLES
As root:
.Bd -literal -offset indent
-KEYFILE=/etc/ssl/private/mykey.der CERTFILE=/etc/ssl/public/mycert.pem \\
-TLS_UID=65534 TLS_UID=65536 \\
-s6-envuidgid www s6-tlsserver -U -- 1.2.3.4 443 httpd
+env KEYFILE=/etc/ssl/private/mykey.der CERTFILE=/etc/ssl/public/mycert.pem \
+TLS_UID=65534 TLS_UID=65534 \
+s6-envuidgid www \
+s6-tlsserver -U -- 1.2.3.4 443 httpd
.Ed
.Pp
This will start a server listening to 1.2.3.4 on TCP port 443, and for
M man8/s6-ucspitlsd.8 => man8/s6-ucspitlsd.8 +4 -4
@@ 1,4 1,4 @@
-.Dd September 29, 2021
+.Dd January 15, 2023
.Dt S6-UCSPITLSD 8
.Os
.Sh NAME
@@ 92,14 92,14 @@ Transmit EOF by half-closing the TCP connection without using
.Ql close_notify .
This is the default.
.It Fl Y
-Require an optional client certificate.
+Request an optional client certificate.
.It Fl y
-Require a mandatory client certificate.
+Request a mandatory client certificate.
The default, with neither the
.Fl Y
nor the
.Fl y
-option, is not to require a client certificate at all.
+option, is not to request a client certificate at all.
.It Fl K Ar kimeout
Close the connection if the handshake takes more than
.Ar kimeout