pt-tls-client: Added man page
This commit is contained in:
parent
693705c74e
commit
34cade8b84
|
@ -1 +1,2 @@
|
|||
pt-tls-client
|
||||
pt-tls-client.1
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
ipsec_PROGRAMS = pt-tls-client
|
||||
bin_PROGRAMS = pt-tls-client
|
||||
|
||||
pt_tls_client_SOURCES = pt-tls-client.c
|
||||
|
||||
|
@ -19,3 +19,7 @@ pt_tls_client_LDADD = \
|
|||
$(top_builddir)/src/libpttls/libpttls.la \
|
||||
$(top_builddir)/src/libtnccs/libtnccs.la
|
||||
|
||||
man1_MANS = pt-tls-client.1
|
||||
|
||||
CLEANFILES = $(man1_MANS)
|
||||
|
||||
|
|
|
@ -0,0 +1,130 @@
|
|||
.TH PT-TLS-CLIENT 1 "2017-07-15" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.
|
||||
.SH "NAME"
|
||||
.
|
||||
pt-tls-client \- Simple client using PT-TLS to collect integrity information
|
||||
.
|
||||
.SH "SYNOPSIS"
|
||||
.
|
||||
.SY "pt-tls-client"
|
||||
.BI \-\-connect
|
||||
.IR hostname |\fIaddress
|
||||
.OP \-\-port hex
|
||||
.RB [ \-\-cert
|
||||
.IR file ]+
|
||||
.RB [ \-\-keyid
|
||||
.IR hex |\fB\-\-key
|
||||
.IR file ]
|
||||
.RB [ \-\-key-type
|
||||
.BR rsa |\fBecdsa\fR]
|
||||
.OP \-\-client client-id
|
||||
.OP \-\-secret password
|
||||
.OP \-\-mutual
|
||||
.OP \-\-optionsfrom filename
|
||||
.OP \-\-quiet
|
||||
.OP \-\-debug level
|
||||
.YS
|
||||
.
|
||||
.SY "pt-tls-client"
|
||||
.B \-h
|
||||
|
|
||||
.B \-\-help
|
||||
.YS
|
||||
.
|
||||
.SH "DESCRIPTION"
|
||||
.
|
||||
.B pt-tls-client
|
||||
is a simple client using the PT-TLS (RFC 6876) transport protocol to collect
|
||||
integrity measurements on the client platform. PT-TLS does an initial TLS
|
||||
handshake with certificate-based server authentication and optional
|
||||
certificate-based client authentication. Alternatively simple password-based
|
||||
SASL client authentication protected by TLS can be used.
|
||||
.P
|
||||
Attribute requests and integrity measurements are exchanged via the PA-TNC (RFC
|
||||
5792) message protocol between any number of Integrity Measurement Verifiers
|
||||
(IMVs) residing on the remote PT-TLS server and multiple Integrity Measurement
|
||||
Collectors (IMCs) loaded dynamically by the PT-TLS client according to a list
|
||||
defined by \fI/etc/tnc_config\fR. PA-TNC messages that contain one or several
|
||||
PA-TNC attributes are multiplexed into PB-TNC (RFC 5793) client or server data
|
||||
batches which in turn are transported via PT-TLS.
|
||||
.
|
||||
.SH "OPTIONS"
|
||||
.
|
||||
.TP
|
||||
.B "\-h, \-\-help"
|
||||
Prints usage information and a short summary of the available commands.
|
||||
.TP
|
||||
.BI "\-c, \-\-connect " hostname\fR|\fIaddress
|
||||
Set the hostname or IP address of the PT-TLS server.
|
||||
.TP
|
||||
.BI "\-p, \-\-port " port
|
||||
Set the port of the PT-TLS server, default: 271.
|
||||
.TP
|
||||
.BI "\-x, \-\-cert " file
|
||||
Set the path to an X.509 certificate file. This option can be repeated to load
|
||||
multiple client and CA certificates.
|
||||
.TP
|
||||
.BI "\-k, \-\-key " file
|
||||
Set the path to the client's PKCS#1 or PKCS#8 private key file
|
||||
.TP
|
||||
.BI "\-t, \-\-key\-type " type
|
||||
Define the type of the private key if stored in PKCS#1 format. Can be omitted
|
||||
with PKCS#8 keys.
|
||||
.TP
|
||||
.BI "\-x, \-\-keyid " hex
|
||||
Set the keyid of the private key stored in a smartcard or a TPM 2.0 Trusted
|
||||
Platform Module.
|
||||
.TP
|
||||
.BI "\-i, \-\-client " client-id
|
||||
Set the username or client ID of the client required for password-based SASL
|
||||
authentication.
|
||||
.TP
|
||||
.BI "\-s, \-\-secret " password
|
||||
Set the preshared secret or client password required for password-based SASL
|
||||
authentication.
|
||||
.TP
|
||||
.B "\-q, \-\-mutual
|
||||
Enable mutual attestation between PT-TLS client and PT-TLS server.
|
||||
.TP
|
||||
.BI "\-v, \-\-debug " level
|
||||
Set debug level, default: 1.
|
||||
.TP
|
||||
.B "\-q, \-\-quiet
|
||||
Disable debug output to stderr.
|
||||
.TP
|
||||
.BI "\-+, \-\-optionsfrom " file
|
||||
Read command line options from \fIfile\fR.
|
||||
.
|
||||
.SH "EXAMPLES"
|
||||
.
|
||||
Connect to a PT-TLS server using certificate-based authentication,
|
||||
storing the private ECDSA key in a file:
|
||||
.PP
|
||||
.EX
|
||||
pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
|
||||
\-\-cert client.crt \-\-key client.key \-\-key\-type ecdsa
|
||||
.EE
|
||||
.PP
|
||||
Connect to a PT-TLS server using certificate-based authentication,
|
||||
storing the private key in a smartcard or a TPM 2.0 Trusted Platform Module:
|
||||
.PP
|
||||
.EX
|
||||
pt-tls-client \-\-connect pdp.example.com \-\-cert ca.crt \\
|
||||
\-\-cert client.crt \-\-keyid 0x81010002
|
||||
.EE
|
||||
.PP
|
||||
Connect to a PT-TLS server listening on port 443, using SASL password-based
|
||||
authentication:
|
||||
.PP
|
||||
.EX
|
||||
pt-tls-client \-\-connect pdp.example.com --port 443 \-\-cert ca.crt \\
|
||||
\-\-client jane \-\-password p2Nl9trKlb
|
||||
.EE
|
||||
.SH FILES
|
||||
.TP
|
||||
/etc/tnc_config
|
||||
.
|
||||
.SH "SEE ALSO"
|
||||
.
|
||||
.BR strongswan.conf (5)
|
||||
|
|
@ -44,8 +44,8 @@ static void usage(FILE *out)
|
|||
"Usage: pt-tls --connect <hostname|address> [--port <port>]\n"
|
||||
" [--cert <file>]+ [--keyid <hex>|--key <file>]\n"
|
||||
" [--key-type rsa|ecdsa] [--client <client-id>]\n"
|
||||
" [--secret <password>] [--optionsfrom <filename>]\n"
|
||||
" [--quiet] [--debug <level>]\n");
|
||||
" [--secret <password>] [--mutual] [--quiet]\n"
|
||||
" [--debug <level>] [--optionsfrom <filename>]\n");
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -292,7 +292,8 @@ int main(int argc, char *argv[])
|
|||
{"optionsfrom", required_argument, NULL, '+' },
|
||||
{0,0,0,0 }
|
||||
};
|
||||
switch (getopt_long(argc, argv, "", long_opts, NULL))
|
||||
switch (getopt_long(argc, argv, "hc:i:s:p:x:K:k:t:mqd:+:", long_opts,
|
||||
NULL))
|
||||
{
|
||||
case EOF:
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue