| fetch.3 (246e7a2b6494cd991b08ac669ed761ecea0cc98c) | fetch.3 (767207650c31a5615abd5b9a2dcca20432ba2f30) |
|---|---|
| 1.\"- 2.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav 3.\" Copyright (c) 2013 Michael Gmelin <freebsd@grem.de> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 12 unchanged lines hidden (view full) --- 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" | 1.\"- 2.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav 3.\" Copyright (c) 2013 Michael Gmelin <freebsd@grem.de> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: --- 12 unchanged lines hidden (view full) --- 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" |
| 29.Dd July 30, 2013 | 29.Dd October 15, 2014 |
| 30.Dt FETCH 3 31.Os 32.Sh NAME 33.Nm fetchMakeURL , 34.Nm fetchParseURL , 35.Nm fetchFreeURL , 36.Nm fetchXGetURL , 37.Nm fetchGetURL , --- 395 unchanged lines hidden (view full) --- 433.Ev SSL_CLIENT_KEY_FILE 434can be set to point to the key in PEM format. 435In case the key uses a password, the user will be prompted on standard 436input (see 437.Xr PEM 3 ) . 438.Pp 439By default 440.Nm libfetch | 30.Dt FETCH 3 31.Os 32.Sh NAME 33.Nm fetchMakeURL , 34.Nm fetchParseURL , 35.Nm fetchFreeURL , 36.Nm fetchXGetURL , 37.Nm fetchGetURL , --- 395 unchanged lines hidden (view full) --- 433.Ev SSL_CLIENT_KEY_FILE 434can be set to point to the key in PEM format. 435In case the key uses a password, the user will be prompted on standard 436input (see 437.Xr PEM 3 ) . 438.Pp 439By default 440.Nm libfetch |
| 441allows SSLv3 and TLSv1 when negotiating the connecting with the remote | 441allows TLSv1 and newer when negotiating the connecting with the remote |
| 442peer. | 442peer. |
| 443You can change this behavior by setting the environment variable | 443You can change this behavior by setting the |
| 444.Ev SSL_ALLOW_SSL2 | 444.Ev SSL_ALLOW_SSL2 |
| 445to allow SSLv2 (not recommended) and 446.Ev SSL_NO_SSL3 447or 448.Ev SSL_NO_TLS1 449to disable the respective methods. | 445and 446.Ev SSL_ALLOW_SSL3 447environment variables to allow SSLv2 and SSLv3, respectively, and 448.Ev SSL_NO_TLS1 , 449.Ev SSL_NO_TLS1_1 and 450.Ev SSL_NO_TLS1_2 451to disable TLS 1.0, 1.1 and 1.2 respectively. |
| 450.Sh AUTHENTICATION 451Apart from setting the appropriate environment variables and 452specifying the user name and password in the URL or the 453.Vt struct url , 454the calling program has the option of defining an authentication 455function with the following prototype: 456.Pp 457.Ft int --- 183 unchanged lines hidden (view full) --- 641altogether, or a comma- or whitespace-separated list of hosts for 642which proxies should not be used. 643.It Ev no_proxy 644Same as 645.Ev NO_PROXY , 646for compatibility. 647.It Ev SSL_ALLOW_SSL2 648Allow SSL version 2 when negotiating the connection (not recommended). | 452.Sh AUTHENTICATION 453Apart from setting the appropriate environment variables and 454specifying the user name and password in the URL or the 455.Vt struct url , 456the calling program has the option of defining an authentication 457function with the following prototype: 458.Pp 459.Ft int --- 183 unchanged lines hidden (view full) --- 643altogether, or a comma- or whitespace-separated list of hosts for 644which proxies should not be used. 645.It Ev no_proxy 646Same as 647.Ev NO_PROXY , 648for compatibility. 649.It Ev SSL_ALLOW_SSL2 650Allow SSL version 2 when negotiating the connection (not recommended). |
| 651.It Ev SSL_ALLOW_SSL3 652Allow SSL version 3 when negotiating the connection (not recommended). |
|
| 649.It Ev SSL_CA_CERT_FILE 650CA certificate bundle containing trusted CA certificates. 651Default value: 652.Pa /etc/ssl/cert.pem . 653.It Ev SSL_CA_CERT_PATH 654Path containing trusted CA hashes. 655.It Ev SSL_CLIENT_CERT_FILE 656PEM encoded client certificate/key which will be used in 657client certificate authentication. 658.It Ev SSL_CLIENT_KEY_FILE 659PEM encoded client key in case key and client certificate 660are stored separately. 661.It Ev SSL_CRL_FILE 662File containing certificate revocation list. | 653.It Ev SSL_CA_CERT_FILE 654CA certificate bundle containing trusted CA certificates. 655Default value: 656.Pa /etc/ssl/cert.pem . 657.It Ev SSL_CA_CERT_PATH 658Path containing trusted CA hashes. 659.It Ev SSL_CLIENT_CERT_FILE 660PEM encoded client certificate/key which will be used in 661client certificate authentication. 662.It Ev SSL_CLIENT_KEY_FILE 663PEM encoded client key in case key and client certificate 664are stored separately. 665.It Ev SSL_CRL_FILE 666File containing certificate revocation list. |
| 663.It Ev SSL_NO_SSL3 664Don't allow SSL version 3 when negotiating the connection. | |
| 665.It Ev SSL_NO_TLS1 | 667.It Ev SSL_NO_TLS1 |
| 666Don't allow TLV version 1 when negotiating the connection. | 668Do not allow TLS version 1.0 when negotiating the connection. 669.It Ev SSL_NO_TLS1_1 670Do not allow TLS version 1.1 when negotiating the connection. 671.It Ev SSL_NO_TLS1_2 672Do not allow TLS version 1.2 when negotiating the connection. |
| 667.It Ev SSL_NO_VERIFY_HOSTNAME 668If set, do not verify that the hostname matches the subject of the 669certificate presented by the server. 670.It Ev SSL_NO_VERIFY_PEER 671If set, do not verify the peer certificate against trusted CAs. 672.El 673.Sh EXAMPLES 674To access a proxy server on --- 161 unchanged lines hidden --- | 673.It Ev SSL_NO_VERIFY_HOSTNAME 674If set, do not verify that the hostname matches the subject of the 675certificate presented by the server. 676.It Ev SSL_NO_VERIFY_PEER 677If set, do not verify the peer certificate against trusted CAs. 678.El 679.Sh EXAMPLES 680To access a proxy server on --- 161 unchanged lines hidden --- |