1.\"- 2.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav 3.\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.Dd November 24, 2020 28.Dt FETCH 3 29.Os 30.Sh NAME 31.Nm fetchMakeURL , 32.Nm fetchParseURL , 33.Nm fetchFreeURL , 34.Nm fetchXGetURL , 35.Nm fetchGetURL , 36.Nm fetchPutURL , 37.Nm fetchStatURL , 38.Nm fetchListURL , 39.Nm fetchXGet , 40.Nm fetchGet , 41.Nm fetchPut , 42.Nm fetchStat , 43.Nm fetchList , 44.Nm fetchXGetFile , 45.Nm fetchGetFile , 46.Nm fetchPutFile , 47.Nm fetchStatFile , 48.Nm fetchListFile , 49.Nm fetchXGetHTTP , 50.Nm fetchGetHTTP , 51.Nm fetchPutHTTP , 52.Nm fetchStatHTTP , 53.Nm fetchListHTTP , 54.Nm fetchReqHTTP , 55.Nm fetchXGetFTP , 56.Nm fetchGetFTP , 57.Nm fetchPutFTP , 58.Nm fetchStatFTP , 59.Nm fetchListFTP 60.Nd file transfer functions 61.Sh LIBRARY 62.Lb libfetch 63.Sh SYNOPSIS 64.In sys/param.h 65.In stdio.h 66.In fetch.h 67.Ft struct url * 68.Fn fetchMakeURL "const char *scheme" "const char *host" "int port" "const char *doc" "const char *user" "const char *pwd" 69.Ft struct url * 70.Fn fetchParseURL "const char *URL" 71.Ft void 72.Fn fetchFreeURL "struct url *u" 73.Ft FILE * 74.Fn fetchXGetURL "const char *URL" "struct url_stat *us" "const char *flags" 75.Ft FILE * 76.Fn fetchGetURL "const char *URL" "const char *flags" 77.Ft FILE * 78.Fn fetchPutURL "const char *URL" "const char *flags" 79.Ft int 80.Fn fetchStatURL "const char *URL" "struct url_stat *us" "const char *flags" 81.Ft struct url_ent * 82.Fn fetchListURL "const char *URL" "const char *flags" 83.Ft FILE * 84.Fn fetchXGet "struct url *u" "struct url_stat *us" "const char *flags" 85.Ft FILE * 86.Fn fetchGet "struct url *u" "const char *flags" 87.Ft FILE * 88.Fn fetchPut "struct url *u" "const char *flags" 89.Ft int 90.Fn fetchStat "struct url *u" "struct url_stat *us" "const char *flags" 91.Ft struct url_ent * 92.Fn fetchList "struct url *u" "const char *flags" 93.Ft FILE * 94.Fn fetchXGetFile "struct url *u" "struct url_stat *us" "const char *flags" 95.Ft FILE * 96.Fn fetchGetFile "struct url *u" "const char *flags" 97.Ft FILE * 98.Fn fetchPutFile "struct url *u" "const char *flags" 99.Ft int 100.Fn fetchStatFile "struct url *u" "struct url_stat *us" "const char *flags" 101.Ft struct url_ent * 102.Fn fetchListFile "struct url *u" "const char *flags" 103.Ft FILE * 104.Fn fetchXGetHTTP "struct url *u" "struct url_stat *us" "const char *flags" 105.Ft FILE * 106.Fn fetchGetHTTP "struct url *u" "const char *flags" 107.Ft FILE * 108.Fn fetchPutHTTP "struct url *u" "const char *flags" 109.Ft int 110.Fn fetchStatHTTP "struct url *u" "struct url_stat *us" "const char *flags" 111.Ft struct url_ent * 112.Fn fetchListHTTP "struct url *u" "const char *flags" 113.Ft FILE * 114.Fn fetchReqHTTP "struct url *u" "const char *method" "const char *flags" "const char *content_type" "const char *body" 115.Ft FILE * 116.Fn fetchXGetFTP "struct url *u" "struct url_stat *us" "const char *flags" 117.Ft FILE * 118.Fn fetchGetFTP "struct url *u" "const char *flags" 119.Ft FILE * 120.Fn fetchPutFTP "struct url *u" "const char *flags" 121.Ft int 122.Fn fetchStatFTP "struct url *u" "struct url_stat *us" "const char *flags" 123.Ft struct url_ent * 124.Fn fetchListFTP "struct url *u" "const char *flags" 125.Sh DESCRIPTION 126These functions implement a high-level library for retrieving and 127uploading files using Uniform Resource Locators (URLs). 128.Pp 129.Fn fetchParseURL 130takes a URL in the form of a null-terminated string and splits it into 131its components function according to the Common Internet Scheme Syntax 132detailed in RFC1738. 133A regular expression which produces this syntax is: 134.Bd -literal 135 <scheme>:(//(<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 136.Ed 137.Pp 138If the URL does not seem to begin with a scheme name, the following 139syntax is assumed: 140.Bd -literal 141 ((<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 142.Ed 143.Pp 144Note that some components of the URL are not necessarily relevant to 145all URL schemes. 146For instance, the file scheme only needs the <scheme> and <document> 147components. 148.Pp 149.Fn fetchMakeURL 150and 151.Fn fetchParseURL 152return a pointer to a 153.Vt url 154structure, which is defined as follows in 155.In fetch.h : 156.Bd -literal 157#define URL_SCHEMELEN 16 158#define URL_USERLEN 256 159#define URL_PWDLEN 256 160 161struct url { 162 char scheme[URL_SCHEMELEN+1]; 163 char user[URL_USERLEN+1]; 164 char pwd[URL_PWDLEN+1]; 165 char host[MAXHOSTNAMELEN+1]; 166 int port; 167 char *doc; 168 off_t offset; 169 size_t length; 170 time_t ims_time; 171}; 172.Ed 173.Pp 174The 175.Va ims_time 176field stores the time value for 177.Li If-Modified-Since 178HTTP requests. 179.Pp 180The pointer returned by 181.Fn fetchMakeURL 182or 183.Fn fetchParseURL 184should be freed using 185.Fn fetchFreeURL . 186.Pp 187.Fn fetchXGetURL , 188.Fn fetchGetURL , 189and 190.Fn fetchPutURL 191constitute the recommended interface to the 192.Nm fetch 193library. 194They examine the URL passed to them to determine the transfer 195method, and call the appropriate lower-level functions to perform the 196actual transfer. 197.Fn fetchXGetURL 198also returns the remote document's metadata in the 199.Vt url_stat 200structure pointed to by the 201.Fa us 202argument. 203.Pp 204The 205.Fa flags 206argument is a string of characters which specify transfer options. 207The 208meaning of the individual flags is scheme-dependent, and is detailed 209in the appropriate section below. 210.Pp 211.Fn fetchStatURL 212attempts to obtain the requested document's metadata and fill in the 213structure pointed to by its second argument. 214The 215.Vt url_stat 216structure is defined as follows in 217.In fetch.h : 218.Bd -literal 219struct url_stat { 220 off_t size; 221 time_t atime; 222 time_t mtime; 223}; 224.Ed 225.Pp 226If the size could not be obtained from the server, the 227.Fa size 228field is set to -1. 229If the modification time could not be obtained from the server, the 230.Fa mtime 231field is set to the epoch. 232If the access time could not be obtained from the server, the 233.Fa atime 234field is set to the modification time. 235.Pp 236.Fn fetchListURL 237attempts to list the contents of the directory pointed to by the URL 238provided. 239If successful, it returns a malloced array of 240.Vt url_ent 241structures. 242The 243.Vt url_ent 244structure is defined as follows in 245.In fetch.h : 246.Bd -literal 247struct url_ent { 248 char name[PATH_MAX]; 249 struct url_stat stat; 250}; 251.Ed 252.Pp 253The list is terminated by an entry with an empty name. 254.Pp 255The pointer returned by 256.Fn fetchListURL 257should be freed using 258.Fn free . 259.Pp 260.Fn fetchXGet , 261.Fn fetchGet , 262.Fn fetchPut 263and 264.Fn fetchStat 265are similar to 266.Fn fetchXGetURL , 267.Fn fetchGetURL , 268.Fn fetchPutURL 269and 270.Fn fetchStatURL , 271except that they expect a pre-parsed URL in the form of a pointer to 272a 273.Vt struct url 274rather than a string. 275.Pp 276All of the 277.Fn fetchXGetXXX , 278.Fn fetchGetXXX 279and 280.Fn fetchPutXXX 281functions return a pointer to a stream which can be used to read or 282write data from or to the requested document, respectively. 283Note that 284although the implementation details of the individual access methods 285vary, it can generally be assumed that a stream returned by one of the 286.Fn fetchXGetXXX 287or 288.Fn fetchGetXXX 289functions is read-only, and that a stream returned by one of the 290.Fn fetchPutXXX 291functions is write-only. 292.Sh FILE SCHEME 293.Fn fetchXGetFile , 294.Fn fetchGetFile 295and 296.Fn fetchPutFile 297provide access to documents which are files in a locally mounted file 298system. 299Only the <document> component of the URL is used. 300.Pp 301.Fn fetchXGetFile 302and 303.Fn fetchGetFile 304do not accept any flags. 305.Pp 306.Fn fetchPutFile 307accepts the 308.Ql a 309(append to file) flag. 310If that flag is specified, the data written to 311the stream returned by 312.Fn fetchPutFile 313will be appended to the previous contents of the file, instead of 314replacing them. 315.Sh FTP SCHEME 316.Fn fetchXGetFTP , 317.Fn fetchGetFTP 318and 319.Fn fetchPutFTP 320implement the FTP protocol as described in RFC959. 321.Pp 322If the 323.Ql P 324(not passive) flag is specified, an active (rather than passive) 325connection will be attempted. 326.Pp 327The 328.Ql p 329flag is supported for compatibility with earlier versions where active 330connections were the default. 331It has precedence over the 332.Ql P 333flag, so if both are specified, 334.Nm 335will use a passive connection. 336.Pp 337If the 338.Ql l 339(low) flag is specified, data sockets will be allocated in the low (or 340default) port range instead of the high port range (see 341.Xr ip 4 ) . 342.Pp 343If the 344.Ql d 345(direct) flag is specified, 346.Fn fetchXGetFTP , 347.Fn fetchGetFTP 348and 349.Fn fetchPutFTP 350will use a direct connection even if a proxy server is defined. 351.Pp 352If no user name or password is given, the 353.Nm fetch 354library will attempt an anonymous login, with user name "anonymous" 355and password "anonymous@<hostname>". 356.Sh HTTP SCHEME 357The 358.Fn fetchXGetHTTP , 359.Fn fetchGetHTTP , 360.Fn fetchPutHTTP 361and 362.Fn fetchReqHTTP 363functions implement the HTTP/1.1 protocol. 364With a little luck, there is 365even a chance that they comply with RFC2616 and RFC2617. 366.Pp 367If the 368.Ql d 369(direct) flag is specified, 370.Fn fetchXGetHTTP , 371.Fn fetchGetHTTP 372and 373.Fn fetchPutHTTP 374will use a direct connection even if a proxy server is defined. 375.Pp 376If the 377.Ql i 378(if-modified-since) flag is specified, and 379the 380.Va ims_time 381field is set in 382.Vt "struct url" , 383then 384.Fn fetchXGetHTTP 385and 386.Fn fetchGetHTTP 387will send a conditional 388.Li If-Modified-Since 389HTTP header to only fetch the content if it is newer than 390.Va ims_time . 391.Pp 392The function 393.Fn fetchReqHTTP 394can be used to make requests with an arbitrary HTTP verb, 395including POST, DELETE, CONNECT, OPTIONS, TRACE or PATCH. 396This can be done by setting the argument 397.Fa method 398to the intended verb, such as 399.Ql POST , 400and 401.Fa body 402to the content. 403.Pp 404Since there seems to be no good way of implementing the HTTP PUT 405method in a manner consistent with the rest of the 406.Nm fetch 407library, 408.Fn fetchPutHTTP 409is currently unimplemented. 410.Sh HTTPS SCHEME 411Based on HTTP SCHEME. 412By default the peer is verified using the CA bundle located in 413.Pa /usr/local/etc/ssl/cert.pem . 414If this file does not exist, 415.Pa /etc/ssl/cert.pem 416is used instead. 417If neither file exists, and 418.Ev SSL_CA_CERT_PATH 419has not been set, 420OpenSSL's default CA cert and path settings apply. 421The certificate bundle can contain multiple CA certificates. 422A common source of a current CA bundle is 423.Pa \%security/ca_root_nss . 424.Pp 425The CA bundle used for peer verification can be changed by setting the 426environment variables 427.Ev SSL_CA_CERT_FILE 428to point to a concatenated bundle of trusted certificates and 429.Ev SSL_CA_CERT_PATH 430to point to a directory containing hashes of trusted CAs (see 431.Xr verify 1 ) . 432.Pp 433A certificate revocation list (CRL) can be used by setting the 434environment variable 435.Ev SSL_CRL_FILE 436(see 437.Xr crl 1 ) . 438.Pp 439Peer verification can be disabled by setting the environment variable 440.Ev SSL_NO_VERIFY_PEER . 441Note that this also disables CRL checking. 442.Pp 443By default the service identity is verified according to the rules 444detailed in RFC6125 (also known as hostname verification). 445This feature can be disabled by setting the environment variable 446.Ev SSL_NO_VERIFY_HOSTNAME . 447.Pp 448Client certificate based authentication is supported. 449The environment variable 450.Ev SSL_CLIENT_CERT_FILE 451should be set to point to a file containing key and client certificate 452to be used in PEM format. 453When a PEM-format key is in a separate file from the client certificate, 454the environment variable 455.Ev SSL_CLIENT_KEY_FILE 456can be set to point to the key file. 457In case the key uses a password, the user will be prompted on standard 458input. 459.Pp 460By default 461.Nm libfetch 462allows TLSv1 and newer when negotiating the connecting with the remote 463peer. 464You can change this behavior by setting the 465.Ev SSL_NO_TLS1 , 466.Ev SSL_NO_TLS1_1 and 467.Ev SSL_NO_TLS1_2 468environment variables to disable TLS 1.0, 1.1 and 1.2 respectively. 469.Sh AUTHENTICATION 470Apart from setting the appropriate environment variables and 471specifying the user name and password in the URL or the 472.Vt struct url , 473the calling program has the option of defining an authentication 474function with the following prototype: 475.Pp 476.Ft int 477.Fn myAuthMethod "struct url *u" 478.Pp 479The callback function should fill in the 480.Fa user 481and 482.Fa pwd 483fields in the provided 484.Vt struct url 485and return 0 on success, or any other value to indicate failure. 486.Pp 487To register the authentication callback, simply set 488.Va fetchAuthMethod 489to point at it. 490The callback will be used whenever a site requires authentication and 491the appropriate environment variables are not set. 492.Pp 493This interface is experimental and may be subject to change. 494.Sh RETURN VALUES 495.Fn fetchParseURL 496returns a pointer to a 497.Vt struct url 498containing the individual components of the URL. 499If it is 500unable to allocate memory, or the URL is syntactically incorrect, 501.Fn fetchParseURL 502returns a NULL pointer. 503.Pp 504The 505.Fn fetchStat 506functions return 0 on success and -1 on failure. 507.Pp 508All other functions return a stream pointer which may be used to 509access the requested document, or NULL if an error occurred. 510.Pp 511The following error codes are defined in 512.In fetch.h : 513.Bl -tag -width 18n 514.It Bq Er FETCH_ABORT 515Operation aborted 516.It Bq Er FETCH_AUTH 517Authentication failed 518.It Bq Er FETCH_DOWN 519Service unavailable 520.It Bq Er FETCH_EXISTS 521File exists 522.It Bq Er FETCH_FULL 523File system full 524.It Bq Er FETCH_INFO 525Informational response 526.It Bq Er FETCH_MEMORY 527Insufficient memory 528.It Bq Er FETCH_MOVED 529File has moved 530.It Bq Er FETCH_NETWORK 531Network error 532.It Bq Er FETCH_OK 533No error 534.It Bq Er FETCH_PROTO 535Protocol error 536.It Bq Er FETCH_RESOLV 537Resolver error 538.It Bq Er FETCH_SERVER 539Server error 540.It Bq Er FETCH_TEMP 541Temporary error 542.It Bq Er FETCH_TIMEOUT 543Operation timed out 544.It Bq Er FETCH_UNAVAIL 545File is not available 546.It Bq Er FETCH_UNKNOWN 547Unknown error 548.It Bq Er FETCH_URL 549Invalid URL 550.El 551.Pp 552The accompanying error message includes a protocol-specific error code 553and message, like "File is not available (404 Not Found)" 554.Sh ENVIRONMENT 555.Bl -tag -width ".Ev FETCH_BIND_ADDRESS" 556.It Ev FETCH_BIND_ADDRESS 557Specifies a hostname or IP address to which sockets used for outgoing 558connections will be bound. 559.It Ev FTP_LOGIN 560Default FTP login if none was provided in the URL. 561.It Ev FTP_PASSIVE_MODE 562If set to 563.Ql no , 564forces the FTP code to use active mode. 565If set to any other value, forces passive mode even if the application 566requested active mode. 567.It Ev FTP_PASSWORD 568Default FTP password if the remote server requests one and none was 569provided in the URL. 570.It Ev FTP_PROXY 571URL of the proxy to use for FTP requests. 572The document part is ignored. 573FTP and HTTP proxies are supported; if no scheme is specified, FTP is 574assumed. 575If the proxy is an FTP proxy, 576.Nm libfetch 577will send 578.Ql user@host 579as user name to the proxy, where 580.Ql user 581is the real user name, and 582.Ql host 583is the name of the FTP server. 584.Pp 585If this variable is set to an empty string, no proxy will be used for 586FTP requests, even if the 587.Ev HTTP_PROXY 588variable is set. 589.It Ev ftp_proxy 590Same as 591.Ev FTP_PROXY , 592for compatibility. 593.It Ev HTTP_ACCEPT 594Specifies the value of the 595.Va Accept 596header for HTTP requests. 597If empty, no 598.Va Accept 599header is sent. 600The default is 601.Dq */* . 602.It Ev HTTP_AUTH 603Specifies HTTP authorization parameters as a colon-separated list of 604items. 605The first and second item are the authorization scheme and realm 606respectively; further items are scheme-dependent. 607Currently, the 608.Dq basic 609and 610.Dq digest 611authorization methods are supported. 612.Pp 613Both methods require two parameters: the user name and 614password, in that order. 615.Pp 616This variable is only used if the server requires authorization and 617no user name or password was specified in the URL. 618.It Ev HTTP_PROXY 619URL of the proxy to use for HTTP requests. 620The document part is ignored. 621Only HTTP proxies are supported for HTTP requests. 622If no port number is specified, the default is 3128. 623.Pp 624Note that this proxy will also be used for FTP documents, unless the 625.Ev FTP_PROXY 626variable is set. 627.It Ev http_proxy 628Same as 629.Ev HTTP_PROXY , 630for compatibility. 631.It Ev HTTP_PROXY_AUTH 632Specifies authorization parameters for the HTTP proxy in the same 633format as the 634.Ev HTTP_AUTH 635variable. 636.Pp 637This variable is used if and only if connected to an HTTP proxy, and 638is ignored if a user and/or a password were specified in the proxy 639URL. 640.It Ev HTTP_REFERER 641Specifies the referrer URL to use for HTTP requests. 642If set to 643.Dq auto , 644the document URL will be used as referrer URL. 645.It Ev HTTP_USER_AGENT 646Specifies the User-Agent string to use for HTTP requests. 647This can be useful when working with HTTP origin or proxy servers that 648differentiate between user agents. 649If defined but empty, no User-Agent header is sent. 650.It Ev NETRC 651Specifies a file to use instead of 652.Pa ~/.netrc 653to look up login names and passwords for FTP and HTTP sites as well as 654HTTP proxies. 655See 656.Xr ftp 1 657for a description of the file format. 658.It Ev NO_PROXY 659Either a single asterisk, which disables the use of proxies 660altogether, or a comma- or whitespace-separated list of hosts for 661which proxies should not be used. 662.It Ev no_proxy 663Same as 664.Ev NO_PROXY , 665for compatibility. 666.It Ev SOCKS5_PROXY 667Uses SOCKS version 5 to make connection. 668The format must be the IP or hostname followed by a colon for the port. 669IPv6 addresses must enclose the address in brackets. 670If no port is specified, the default is 1080. 671This setting will supercede a connection to an 672.Ev HTTP_PROXY . 673.It Ev SSL_CA_CERT_FILE 674CA certificate bundle containing trusted CA certificates. 675Default value: See HTTPS SCHEME above. 676.It Ev SSL_CA_CERT_PATH 677Path containing trusted CA hashes. 678.It Ev SSL_CLIENT_CERT_FILE 679PEM encoded client certificate/key which will be used in 680client certificate authentication. 681.It Ev SSL_CLIENT_KEY_FILE 682PEM encoded client key in case key and client certificate 683are stored separately. 684.It Ev SSL_CRL_FILE 685File containing certificate revocation list. 686.It Ev SSL_NO_TLS1 687Do not allow TLS version 1.0 when negotiating the connection. 688.It Ev SSL_NO_TLS1_1 689Do not allow TLS version 1.1 when negotiating the connection. 690.It Ev SSL_NO_TLS1_2 691Do not allow TLS version 1.2 when negotiating the connection. 692.It Ev SSL_NO_VERIFY_HOSTNAME 693If set, do not verify that the hostname matches the subject of the 694certificate presented by the server. 695.It Ev SSL_NO_VERIFY_PEER 696If set, do not verify the peer certificate against trusted CAs. 697.El 698.Sh EXAMPLES 699To access a proxy server on 700.Pa proxy.example.com 701port 8080, set the 702.Ev HTTP_PROXY 703environment variable in a manner similar to this: 704.Pp 705.Dl HTTP_PROXY=http://proxy.example.com:8080 706.Pp 707If the proxy server requires authentication, there are 708two options available for passing the authentication data. 709The first method is by using the proxy URL: 710.Pp 711.Dl HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:8080 712.Pp 713The second method is by using the 714.Ev HTTP_PROXY_AUTH 715environment variable: 716.Bd -literal -offset indent 717HTTP_PROXY=http://proxy.example.com:8080 718HTTP_PROXY_AUTH=basic:*:<user>:<pwd> 719.Ed 720.Pp 721To disable the use of a proxy for an HTTP server running on the local 722host, define 723.Ev NO_PROXY 724as follows: 725.Bd -literal -offset indent 726NO_PROXY=localhost,127.0.0.1 727.Ed 728.Pp 729To use a SOCKS5 proxy, set the 730.Ev SOCKS5_PROXY 731environment variable to a 732valid host or IP followed by an optional colon and the port. 733IPv6 addresses must be enclosed in brackets. 734The following are examples of valid settings: 735.Bd -literal -offset indent 736SOCKS5_PROXY=proxy.example.com 737SOCKS5_PROXY=proxy.example.com:1080 738SOCKS5_PROXY=192.0.2.0 739SOCKS5_PROXY=198.51.100.0:1080 740SOCKS5_PROXY=[2001:db8::1] 741SOCKS5_PROXY=[2001:db8::2]:1080 742.Ed 743.Pp 744Access HTTPS website without any certificate verification whatsoever: 745.Bd -literal -offset indent 746SSL_NO_VERIFY_PEER=1 747SSL_NO_VERIFY_HOSTNAME=1 748.Ed 749.Pp 750Access HTTPS website using client certificate based authentication 751and a private CA: 752.Bd -literal -offset indent 753SSL_CLIENT_CERT_FILE=/path/to/client.pem 754SSL_CA_CERT_FILE=/path/to/myca.pem 755.Ed 756.Sh SEE ALSO 757.Xr fetch 1 , 758.Xr ip 4 759.Rs 760.%A J. Postel 761.%A J. K. Reynolds 762.%D October 1985 763.%B File Transfer Protocol 764.%O RFC959 765.Re 766.Rs 767.%A P. Deutsch 768.%A A. Emtage 769.%A A. Marine. 770.%D May 1994 771.%T How to Use Anonymous FTP 772.%O RFC1635 773.Re 774.Rs 775.%A T. Berners-Lee 776.%A L. Masinter 777.%A M. McCahill 778.%D December 1994 779.%T Uniform Resource Locators (URL) 780.%O RFC1738 781.Re 782.Rs 783.%A R. Fielding 784.%A J. Gettys 785.%A J. Mogul 786.%A H. Frystyk 787.%A L. Masinter 788.%A P. Leach 789.%A T. Berners-Lee 790.%D January 1999 791.%B Hypertext Transfer Protocol -- HTTP/1.1 792.%O RFC2616 793.Re 794.Rs 795.%A J. Franks 796.%A P. Hallam-Baker 797.%A J. Hostetler 798.%A S. Lawrence 799.%A P. Leach 800.%A A. Luotonen 801.%A L. Stewart 802.%D June 1999 803.%B HTTP Authentication: Basic and Digest Access Authentication 804.%O RFC2617 805.Re 806.Sh HISTORY 807The 808.Nm fetch 809library first appeared in 810.Fx 3.0 . 811.Sh AUTHORS 812.An -nosplit 813The 814.Nm fetch 815library was mostly written by 816.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 817with numerous suggestions and contributions from 818.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org , 819.An Eugene Skepner Aq Mt eu@qub.com , 820.An Hajimu Umemoto Aq Mt ume@FreeBSD.org , 821.An Henry Whincup Aq Mt henry@techiebod.com , 822.An Jukka A. Ukkonen Aq Mt jau@iki.fi , 823.An Jean-Fran\(,cois Dockes Aq Mt jf@dockes.org , 824.An Michael Gmelin Aq Mt freebsd@grem.de 825and others. 826It replaces the older 827.Nm ftpio 828library written by 829.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org 830and 831.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org . 832.Pp 833This manual page was written by 834.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 835and 836.An Michael Gmelin Aq Mt freebsd@grem.de . 837.Sh BUGS 838Some parts of the library are not yet implemented. 839The most notable 840examples of this are 841.Fn fetchPutHTTP , 842.Fn fetchListHTTP , 843.Fn fetchListFTP 844and FTP proxy support. 845.Pp 846There is no way to select a proxy at run-time other than setting the 847.Ev HTTP_PROXY 848or 849.Ev FTP_PROXY 850environment variables as appropriate. 851.Pp 852.Nm libfetch 853does not understand or obey 305 (Use Proxy) replies. 854.Pp 855Error numbers are unique only within a certain context; the error 856codes used for FTP and HTTP overlap, as do those used for resolver and 857system errors. 858For instance, error code 202 means "Command not 859implemented, superfluous at this site" in an FTP context and 860"Accepted" in an HTTP context. 861.Pp 862.Fn fetchStatFTP 863does not check that the result of an MDTM command is a valid date. 864.Pp 865In case password protected keys are used for client certificate based 866authentication the user is prompted for the password on each and every 867fetch operation. 868.Pp 869The man page is incomplete, poorly written and produces badly 870formatted text. 871.Pp 872The error reporting mechanism is unsatisfactory. 873.Pp 874Some parts of the code are not fully reentrant. 875