Add -J and -j to the TLS tools to check for peer close_notify.

 Also, and more importantly, significantly rewrite stls_run()
for better full-duplex support. This implementation isn't fully
tested yet.

Signed-off-by: Laurent Bercot <ska@appnovation.com>

1 files changed, 1 insertions, 0 deletions

diff --git a/doc/s6-tlsclient.html b/doc/s6-tlsclient.html
index 287c02c..09276d4 100644
--- a/doc/s6-tlsclient.html
+++ b/doc/s6-tlsclient.html
@@ -144,6 +144,7 @@ generally work: the defaults are sensible.
  <li> <tt>-Z</tt>, <tt>-z</tt>&nbsp;: keep or remove the <a href="s6-tlsc-io.html">s6-tlsc-io</a>-specific
 variables from the application's environment </li>
  <li> <tt>-S</tt>, <tt>-s</tt>&nbsp;: use close_notify or EOF to signal the end of a TLS connection </li>
+ <li> <tt>-J</tt>, <tt>-j</tt>&nbsp;: exit nonzero with an error message when the peer fails to close_notify, or ignore it </li>
  <li> <tt>-Y</tt>, <tt>-y</tt>&nbsp;: don't send, or send, a client certificate </li>
  <li> <tt>-k <em>servername</em></tt>&nbsp;: use SNI and provide a server name </li>
  <li> <tt>-K <em>kimeout</em></tt>&nbsp;: set a timeout for the TLS handshake </li>