[Pkg-openssl-devel] Bug#803135: openssl: unknown option "-verify_host"

[Damien Mure]

Package: openssl
Version: 1.0.2d-1
Severity: normal

Dear Maintainer,

I use openssl to check that certificate installed on different hosts match some
DNS names.
According "openssl s_client help" command, I use:

 openssl s_client -connect "debian.com:443" -verify_host debian.com

But I get:
***
damien at me:$ openssl s_client -connect "debian.com:443" -verify_host debian.com
unknown option -verify_host
usage: s_client args

 -host host     - use -connect instead
 -port port     - use -connect instead
 -connect host:port - who to connect to (default is localhost:4433)
 -verify_host host - check peer certificate matches "host"
....
****

We can see that "verify_host" is unknown but present in the "usage".

I found an openssl mail here : https://mta.openssl.org/pipermail/openssl-
dev/2015-April.txt
We can see that the option checked in the code is "-verify_hostname" and not
"-verify_host"

And yes, if I try:

 openssl s_client -connect "debian.com:443" -verify_hostname debian.com

->It works.

It would be cool if you could path openssl to have the good display of the
"usage".

Regards



-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssl depends on:
ii  libc6        2.19-22
ii  libssl1.0.0  1.0.2d-1

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20150426

OpenSSL version : 1.0.2d 9 Jul 2015
openssl package version: 1.0.2d-1