xref: /freebsd/lib/libfetch/fetch.3 (revision 783d3ff6d7fae619db8a7990b8a6387de0c677b5)
1.\"-
2.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav
3.\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.Dd October 7, 2023
28.Dt FETCH 3
29.Os
30.Sh NAME
31.Nm fetchMakeURL ,
32.Nm fetchParseURL ,
33.Nm fetchFreeURL ,
34.Nm fetchXGetURL ,
35.Nm fetchGetURL ,
36.Nm fetchPutURL ,
37.Nm fetchStatURL ,
38.Nm fetchListURL ,
39.Nm fetchXGet ,
40.Nm fetchGet ,
41.Nm fetchPut ,
42.Nm fetchStat ,
43.Nm fetchList ,
44.Nm fetchXGetFile ,
45.Nm fetchGetFile ,
46.Nm fetchPutFile ,
47.Nm fetchStatFile ,
48.Nm fetchListFile ,
49.Nm fetchXGetHTTP ,
50.Nm fetchGetHTTP ,
51.Nm fetchPutHTTP ,
52.Nm fetchStatHTTP ,
53.Nm fetchListHTTP ,
54.Nm fetchReqHTTP ,
55.Nm fetchXGetFTP ,
56.Nm fetchGetFTP ,
57.Nm fetchPutFTP ,
58.Nm fetchStatFTP ,
59.Nm fetchListFTP
60.Nd file transfer functions
61.Sh LIBRARY
62.Lb libfetch
63.Sh SYNOPSIS
64.In sys/param.h
65.In stdio.h
66.In fetch.h
67.Ft struct url *
68.Fn fetchMakeURL "const char *scheme" "const char *host" "int port" "const char *doc" "const char *user" "const char *pwd"
69.Ft struct url *
70.Fn fetchParseURL "const char *URL"
71.Ft void
72.Fn fetchFreeURL "struct url *u"
73.Ft FILE *
74.Fn fetchXGetURL "const char *URL" "struct url_stat *us" "const char *flags"
75.Ft FILE *
76.Fn fetchGetURL "const char *URL" "const char *flags"
77.Ft FILE *
78.Fn fetchPutURL "const char *URL" "const char *flags"
79.Ft int
80.Fn fetchStatURL "const char *URL" "struct url_stat *us" "const char *flags"
81.Ft struct url_ent *
82.Fn fetchListURL "const char *URL" "const char *flags"
83.Ft FILE *
84.Fn fetchXGet "struct url *u" "struct url_stat *us" "const char *flags"
85.Ft FILE *
86.Fn fetchGet "struct url *u" "const char *flags"
87.Ft FILE *
88.Fn fetchPut "struct url *u" "const char *flags"
89.Ft int
90.Fn fetchStat "struct url *u" "struct url_stat *us" "const char *flags"
91.Ft struct url_ent *
92.Fn fetchList "struct url *u" "const char *flags"
93.Ft FILE *
94.Fn fetchXGetFile "struct url *u" "struct url_stat *us" "const char *flags"
95.Ft FILE *
96.Fn fetchGetFile "struct url *u" "const char *flags"
97.Ft FILE *
98.Fn fetchPutFile "struct url *u" "const char *flags"
99.Ft int
100.Fn fetchStatFile "struct url *u" "struct url_stat *us" "const char *flags"
101.Ft struct url_ent *
102.Fn fetchListFile "struct url *u" "const char *flags"
103.Ft FILE *
104.Fn fetchXGetHTTP "struct url *u" "struct url_stat *us" "const char *flags"
105.Ft FILE *
106.Fn fetchGetHTTP "struct url *u" "const char *flags"
107.Ft FILE *
108.Fn fetchPutHTTP "struct url *u" "const char *flags"
109.Ft int
110.Fn fetchStatHTTP "struct url *u" "struct url_stat *us" "const char *flags"
111.Ft struct url_ent *
112.Fn fetchListHTTP "struct url *u" "const char *flags"
113.Ft FILE *
114.Fn fetchReqHTTP "struct url *u" "const char *method" "const char *flags" "const char *content_type" "const char *body"
115.Ft FILE *
116.Fn fetchXGetFTP "struct url *u" "struct url_stat *us" "const char *flags"
117.Ft FILE *
118.Fn fetchGetFTP "struct url *u" "const char *flags"
119.Ft FILE *
120.Fn fetchPutFTP "struct url *u" "const char *flags"
121.Ft int
122.Fn fetchStatFTP "struct url *u" "struct url_stat *us" "const char *flags"
123.Ft struct url_ent *
124.Fn fetchListFTP "struct url *u" "const char *flags"
125.Sh DESCRIPTION
126These functions implement a high-level library for retrieving and
127uploading files using Uniform Resource Locators (URLs).
128.Pp
129.Fn fetchParseURL
130takes a URL in the form of a null-terminated string and splits it into
131its components function according to the Common Internet Scheme Syntax
132detailed in RFC1738.
133A regular expression which produces this syntax is:
134.Bd -literal
135    <scheme>:(//(<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)?
136.Ed
137.Pp
138If the URL does not seem to begin with a scheme name, the following
139syntax is assumed:
140.Bd -literal
141    ((<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)?
142.Ed
143.Pp
144Note that some components of the URL are not necessarily relevant to
145all URL schemes.
146For instance, the file scheme only needs the <scheme> and <document>
147components.
148.Pp
149.Fn fetchMakeURL
150and
151.Fn fetchParseURL
152return a pointer to a
153.Vt url
154structure, which is defined as follows in
155.In fetch.h :
156.Bd -literal
157#define URL_SCHEMELEN 16
158#define URL_USERLEN 256
159#define URL_PWDLEN 256
160
161struct url {
162    char	 scheme[URL_SCHEMELEN+1];
163    char	 user[URL_USERLEN+1];
164    char	 pwd[URL_PWDLEN+1];
165    char	 host[MAXHOSTNAMELEN+1];
166    int		 port;
167    char	*doc;
168    off_t	 offset;
169    size_t	 length;
170    time_t	 ims_time;
171};
172.Ed
173.Pp
174The
175.Va ims_time
176field stores the time value for
177.Li If-Modified-Since
178HTTP requests.
179.Pp
180The pointer returned by
181.Fn fetchMakeURL
182or
183.Fn fetchParseURL
184should be freed using
185.Fn fetchFreeURL .
186.Pp
187.Fn fetchXGetURL ,
188.Fn fetchGetURL ,
189and
190.Fn fetchPutURL
191constitute the recommended interface to the
192.Nm fetch
193library.
194They examine the URL passed to them to determine the transfer
195method, and call the appropriate lower-level functions to perform the
196actual transfer.
197.Fn fetchXGetURL
198also returns the remote document's metadata in the
199.Vt url_stat
200structure pointed to by the
201.Fa us
202argument.
203.Pp
204The
205.Fa flags
206argument is a string of characters which specify transfer options.
207The
208meaning of the individual flags is scheme-dependent, and is detailed
209in the appropriate section below.
210.Pp
211.Fn fetchStatURL
212attempts to obtain the requested document's metadata and fill in the
213structure pointed to by its second argument.
214The
215.Vt url_stat
216structure is defined as follows in
217.In fetch.h :
218.Bd -literal
219struct url_stat {
220    off_t	 size;
221    time_t	 atime;
222    time_t	 mtime;
223};
224.Ed
225.Pp
226If the size could not be obtained from the server, the
227.Fa size
228field is set to -1.
229If the modification time could not be obtained from the server, the
230.Fa mtime
231field is set to the epoch.
232If the access time could not be obtained from the server, the
233.Fa atime
234field is set to the modification time.
235.Pp
236.Fn fetchListURL
237attempts to list the contents of the directory pointed to by the URL
238provided.
239If successful, it returns a malloced array of
240.Vt url_ent
241structures.
242The
243.Vt url_ent
244structure is defined as follows in
245.In fetch.h :
246.Bd -literal
247struct url_ent {
248    char         name[PATH_MAX];
249    struct url_stat stat;
250};
251.Ed
252.Pp
253The list is terminated by an entry with an empty name.
254.Pp
255The pointer returned by
256.Fn fetchListURL
257should be freed using
258.Fn free .
259.Pp
260.Fn fetchXGet ,
261.Fn fetchGet ,
262.Fn fetchPut
263and
264.Fn fetchStat
265are similar to
266.Fn fetchXGetURL ,
267.Fn fetchGetURL ,
268.Fn fetchPutURL
269and
270.Fn fetchStatURL ,
271except that they expect a pre-parsed URL in the form of a pointer to
272a
273.Vt struct url
274rather than a string.
275.Pp
276All of the
277.Fn fetchXGetXXX ,
278.Fn fetchGetXXX
279and
280.Fn fetchPutXXX
281functions return a pointer to a stream which can be used to read or
282write data from or to the requested document, respectively.
283Note that
284although the implementation details of the individual access methods
285vary, it can generally be assumed that a stream returned by one of the
286.Fn fetchXGetXXX
287or
288.Fn fetchGetXXX
289functions is read-only, and that a stream returned by one of the
290.Fn fetchPutXXX
291functions is write-only.
292.Sh FILE SCHEME
293.Fn fetchXGetFile ,
294.Fn fetchGetFile
295and
296.Fn fetchPutFile
297provide access to documents which are files in a locally mounted file
298system.
299Only the <document> component of the URL is used.
300.Pp
301.Fn fetchXGetFile
302and
303.Fn fetchGetFile
304do not accept any flags.
305.Pp
306.Fn fetchPutFile
307accepts the
308.Ql a
309(append to file) flag.
310If that flag is specified, the data written to
311the stream returned by
312.Fn fetchPutFile
313will be appended to the previous contents of the file, instead of
314replacing them.
315.Sh FTP SCHEME
316.Fn fetchXGetFTP ,
317.Fn fetchGetFTP
318and
319.Fn fetchPutFTP
320implement the FTP protocol as described in RFC959.
321.Pp
322If the
323.Ql P
324(not passive) flag is specified, an active (rather than passive)
325connection will be attempted.
326.Pp
327The
328.Ql p
329flag is supported for compatibility with earlier versions where active
330connections were the default.
331It has precedence over the
332.Ql P
333flag, so if both are specified,
334.Nm
335will use a passive connection.
336.Pp
337If the
338.Ql l
339(low) flag is specified, data sockets will be allocated in the low (or
340default) port range instead of the high port range (see
341.Xr ip 4 ) .
342.Pp
343If the
344.Ql d
345(direct) flag is specified,
346.Fn fetchXGetFTP ,
347.Fn fetchGetFTP
348and
349.Fn fetchPutFTP
350will use a direct connection even if a proxy server is defined.
351.Pp
352If no user name or password is given, the
353.Nm fetch
354library will attempt an anonymous login, with user name "anonymous"
355and password "anonymous@<hostname>".
356.Sh HTTP SCHEME
357The
358.Fn fetchXGetHTTP ,
359.Fn fetchGetHTTP ,
360.Fn fetchPutHTTP
361and
362.Fn fetchReqHTTP
363functions implement the HTTP/1.1 protocol.
364With a little luck, there is
365even a chance that they comply with RFC2616 and RFC2617.
366.Pp
367If the
368.Ql d
369(direct) flag is specified,
370.Fn fetchXGetHTTP ,
371.Fn fetchGetHTTP
372and
373.Fn fetchPutHTTP
374will use a direct connection even if a proxy server is defined.
375.Pp
376If the
377.Ql i
378(if-modified-since) flag is specified, and
379the
380.Va ims_time
381field is set in
382.Vt "struct url" ,
383then
384.Fn fetchXGetHTTP
385and
386.Fn fetchGetHTTP
387will send a conditional
388.Li If-Modified-Since
389HTTP header to only fetch the content if it is newer than
390.Va ims_time .
391.Pp
392The function
393.Fn fetchReqHTTP
394can be used to make requests with an arbitrary HTTP verb,
395including POST, DELETE, CONNECT, OPTIONS, TRACE or PATCH.
396This can be done by setting the argument
397.Fa method
398to the intended verb, such as
399.Ql POST ,
400and
401.Fa body
402to the content.
403.Pp
404Since there seems to be no good way of implementing the HTTP PUT
405method in a manner consistent with the rest of the
406.Nm fetch
407library,
408.Fn fetchPutHTTP
409is currently unimplemented.
410.Sh HTTPS SCHEME
411Based on HTTP SCHEME.
412The CA bundle used for peer verification can be changed by setting the
413environment variables
414.Ev SSL_CA_CERT_FILE
415to point to a concatenated bundle of trusted certificates and
416.Ev SSL_CA_CERT_PATH
417to point to a directory containing hashes of trusted CAs (see
418.Xr verify 1 ) .
419.Pp
420A certificate revocation list (CRL) can be used by setting the
421environment variable
422.Ev SSL_CRL_FILE
423(see
424.Xr crl 1 ) .
425.Pp
426Peer verification can be disabled by setting the environment variable
427.Ev SSL_NO_VERIFY_PEER .
428Note that this also disables CRL checking.
429.Pp
430By default the service identity is verified according to the rules
431detailed in RFC6125 (also known as hostname verification).
432This feature can be disabled by setting the environment variable
433.Ev SSL_NO_VERIFY_HOSTNAME .
434.Pp
435Client certificate based authentication is supported.
436The environment variable
437.Ev SSL_CLIENT_CERT_FILE
438should be set to point to a file containing key and client certificate
439to be used in PEM format.
440When a PEM-format key is in a separate file from the client certificate,
441the environment variable
442.Ev SSL_CLIENT_KEY_FILE
443can be set to point to the key file.
444In case the key uses a password, the user will be prompted on standard
445input.
446.Pp
447By default
448.Nm libfetch
449allows TLSv1 and newer when negotiating the connecting with the remote
450peer.
451You can change this behavior by setting the
452.Ev SSL_NO_TLS1 ,
453.Ev SSL_NO_TLS1_1 and
454.Ev SSL_NO_TLS1_2
455environment variables to disable TLS 1.0, 1.1 and 1.2 respectively.
456.Sh AUTHENTICATION
457Apart from setting the appropriate environment variables and
458specifying the user name and password in the URL or the
459.Vt struct url ,
460the calling program has the option of defining an authentication
461function with the following prototype:
462.Pp
463.Ft int
464.Fn myAuthMethod "struct url *u"
465.Pp
466The callback function should fill in the
467.Fa user
468and
469.Fa pwd
470fields in the provided
471.Vt struct url
472and return 0 on success, or any other value to indicate failure.
473.Pp
474To register the authentication callback, simply set
475.Va fetchAuthMethod
476to point at it.
477The callback will be used whenever a site requires authentication and
478the appropriate environment variables are not set.
479.Pp
480This interface is experimental and may be subject to change.
481.Sh RETURN VALUES
482.Fn fetchParseURL
483returns a pointer to a
484.Vt struct url
485containing the individual components of the URL.
486If it is
487unable to allocate memory, or the URL is syntactically incorrect,
488.Fn fetchParseURL
489returns a NULL pointer.
490.Pp
491The
492.Fn fetchStat
493functions return 0 on success and -1 on failure.
494.Pp
495All other functions return a stream pointer which may be used to
496access the requested document, or NULL if an error occurred.
497.Pp
498The following error codes are defined in
499.In fetch.h :
500.Bl -tag -width 18n
501.It Bq Er FETCH_ABORT
502Operation aborted
503.It Bq Er FETCH_AUTH
504Authentication failed
505.It Bq Er FETCH_DOWN
506Service unavailable
507.It Bq Er FETCH_EXISTS
508File exists
509.It Bq Er FETCH_FULL
510File system full
511.It Bq Er FETCH_INFO
512Informational response
513.It Bq Er FETCH_MEMORY
514Insufficient memory
515.It Bq Er FETCH_MOVED
516File has moved
517.It Bq Er FETCH_NETWORK
518Network error
519.It Bq Er FETCH_OK
520No error
521.It Bq Er FETCH_PROTO
522Protocol error
523.It Bq Er FETCH_RESOLV
524Resolver error
525.It Bq Er FETCH_SERVER
526Server error
527.It Bq Er FETCH_TEMP
528Temporary error
529.It Bq Er FETCH_TIMEOUT
530Operation timed out
531.It Bq Er FETCH_UNAVAIL
532File is not available
533.It Bq Er FETCH_UNKNOWN
534Unknown error
535.It Bq Er FETCH_URL
536Invalid URL
537.El
538.Pp
539The accompanying error message includes a protocol-specific error code
540and message, like "File is not available (404 Not Found)"
541.Sh ENVIRONMENT
542.Bl -tag -width ".Ev FETCH_BIND_ADDRESS"
543.It Ev FETCH_BIND_ADDRESS
544Specifies a hostname or IP address to which sockets used for outgoing
545connections will be bound.
546.It Ev FTP_LOGIN
547Default FTP login if none was provided in the URL.
548.It Ev FTP_PASSIVE_MODE
549If set to
550.Ql no ,
551forces the FTP code to use active mode.
552If set to any other value, forces passive mode even if the application
553requested active mode.
554.It Ev FTP_PASSWORD
555Default FTP password if the remote server requests one and none was
556provided in the URL.
557.It Ev FTP_PROXY
558URL of the proxy to use for FTP requests.
559The document part is ignored.
560FTP and HTTP proxies are supported; if no scheme is specified, FTP is
561assumed.
562If the proxy is an FTP proxy,
563.Nm libfetch
564will send
565.Ql user@host
566as user name to the proxy, where
567.Ql user
568is the real user name, and
569.Ql host
570is the name of the FTP server.
571.Pp
572If this variable is set to an empty string, no proxy will be used for
573FTP requests, even if the
574.Ev HTTP_PROXY
575variable is set.
576.It Ev ftp_proxy
577Same as
578.Ev FTP_PROXY ,
579for compatibility.
580.It Ev HTTP_ACCEPT
581Specifies the value of the
582.Va Accept
583header for HTTP requests.
584If empty, no
585.Va Accept
586header is sent.
587The default is
588.Dq */* .
589.It Ev HTTP_AUTH
590Specifies HTTP authorization parameters as a colon-separated list of
591items.
592The first and second item are the authorization scheme and realm
593respectively; further items are scheme-dependent.
594Currently, the
595.Dq basic
596and
597.Dq digest
598authorization methods are supported.
599.Pp
600Both methods require two parameters: the user name and
601password, in that order.
602.Pp
603This variable is only used if the server requires authorization and
604no user name or password was specified in the URL.
605.It Ev HTTP_PROXY
606URL of the proxy to use for HTTP requests.
607The document part is ignored.
608Only HTTP proxies are supported for HTTP requests.
609If no port number is specified, the default is 3128.
610.Pp
611Note that this proxy will also be used for FTP documents, unless the
612.Ev FTP_PROXY
613variable is set.
614.It Ev http_proxy
615Same as
616.Ev HTTP_PROXY ,
617for compatibility.
618.It Ev HTTP_PROXY_AUTH
619Specifies authorization parameters for the HTTP proxy in the same
620format as the
621.Ev HTTP_AUTH
622variable.
623.Pp
624This variable is used if and only if connected to an HTTP proxy, and
625is ignored if a user and/or a password were specified in the proxy
626URL.
627.It Ev HTTP_REFERER
628Specifies the referrer URL to use for HTTP requests.
629If set to
630.Dq auto ,
631the document URL will be used as referrer URL.
632.It Ev HTTP_USER_AGENT
633Specifies the User-Agent string to use for HTTP requests.
634This can be useful when working with HTTP origin or proxy servers that
635differentiate between user agents.
636If defined but empty, no User-Agent header is sent.
637.It Ev NETRC
638Specifies a file to use instead of
639.Pa ~/.netrc
640to look up login names and passwords for FTP and HTTP sites as well as
641HTTP proxies.
642See
643.Xr ftp 1
644for a description of the file format.
645.It Ev NO_PROXY
646Either a single asterisk, which disables the use of proxies
647altogether, or a comma- or whitespace-separated list of hosts for
648which proxies should not be used.
649.It Ev no_proxy
650Same as
651.Ev NO_PROXY ,
652for compatibility.
653.It Ev SOCKS5_PROXY
654Uses SOCKS version 5 to make connection.
655The format must be the IP or hostname followed by a colon for the port.
656IPv6 addresses must enclose the address in brackets.
657If no port is specified, the default is 1080.
658This setting will supercede a connection to an
659.Ev HTTP_PROXY .
660.It Ev SSL_CA_CERT_FILE
661CA certificate bundle containing trusted CA certificates.
662Default value: See HTTPS SCHEME above.
663.It Ev SSL_CA_CERT_PATH
664Path containing trusted CA hashes.
665.It Ev SSL_CLIENT_CERT_FILE
666PEM encoded client certificate/key which will be used in
667client certificate authentication.
668.It Ev SSL_CLIENT_KEY_FILE
669PEM encoded client key in case key and client certificate
670are stored separately.
671.It Ev SSL_CRL_FILE
672File containing certificate revocation list.
673.It Ev SSL_NO_TLS1
674Do not allow TLS version 1.0 when negotiating the connection.
675.It Ev SSL_NO_TLS1_1
676Do not allow TLS version 1.1 when negotiating the connection.
677.It Ev SSL_NO_TLS1_2
678Do not allow TLS version 1.2 when negotiating the connection.
679.It Ev SSL_NO_VERIFY_HOSTNAME
680If set, do not verify that the hostname matches the subject of the
681certificate presented by the server.
682.It Ev SSL_NO_VERIFY_PEER
683If set, do not verify the peer certificate against trusted CAs.
684.El
685.Sh EXAMPLES
686To access a proxy server on
687.Pa proxy.example.com
688port 8080, set the
689.Ev HTTP_PROXY
690environment variable in a manner similar to this:
691.Pp
692.Dl HTTP_PROXY=http://proxy.example.com:8080
693.Pp
694If the proxy server requires authentication, there are
695two options available for passing the authentication data.
696The first method is by using the proxy URL:
697.Pp
698.Dl HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:8080
699.Pp
700The second method is by using the
701.Ev HTTP_PROXY_AUTH
702environment variable:
703.Bd -literal -offset indent
704HTTP_PROXY=http://proxy.example.com:8080
705HTTP_PROXY_AUTH=basic:*:<user>:<pwd>
706.Ed
707.Pp
708To disable the use of a proxy for an HTTP server running on the local
709host, define
710.Ev NO_PROXY
711as follows:
712.Bd -literal -offset indent
713NO_PROXY=localhost,127.0.0.1
714.Ed
715.Pp
716To use a SOCKS5 proxy, set the
717.Ev SOCKS5_PROXY
718environment variable to a
719valid host or IP followed by an optional colon and the port.
720IPv6 addresses must be enclosed in brackets.
721The following are examples of valid settings:
722.Bd -literal -offset indent
723SOCKS5_PROXY=proxy.example.com
724SOCKS5_PROXY=proxy.example.com:1080
725SOCKS5_PROXY=192.0.2.0
726SOCKS5_PROXY=198.51.100.0:1080
727SOCKS5_PROXY=[2001:db8::1]
728SOCKS5_PROXY=[2001:db8::2]:1080
729.Ed
730.Pp
731Access HTTPS website without any certificate verification whatsoever:
732.Bd -literal -offset indent
733SSL_NO_VERIFY_PEER=1
734SSL_NO_VERIFY_HOSTNAME=1
735.Ed
736.Pp
737Access HTTPS website using client certificate based authentication
738and a private CA:
739.Bd -literal -offset indent
740SSL_CLIENT_CERT_FILE=/path/to/client.pem
741SSL_CA_CERT_FILE=/path/to/myca.pem
742.Ed
743.Sh SEE ALSO
744.Xr fetch 1 ,
745.Xr ip 4
746.Rs
747.%A J. Postel
748.%A J. K. Reynolds
749.%D October 1985
750.%B File Transfer Protocol
751.%O RFC959
752.Re
753.Rs
754.%A P. Deutsch
755.%A A. Emtage
756.%A A. Marine.
757.%D May 1994
758.%T How to Use Anonymous FTP
759.%O RFC1635
760.Re
761.Rs
762.%A T. Berners-Lee
763.%A L. Masinter
764.%A M. McCahill
765.%D December 1994
766.%T Uniform Resource Locators (URL)
767.%O RFC1738
768.Re
769.Rs
770.%A R. Fielding
771.%A J. Gettys
772.%A J. Mogul
773.%A H. Frystyk
774.%A L. Masinter
775.%A P. Leach
776.%A T. Berners-Lee
777.%D January 1999
778.%B Hypertext Transfer Protocol -- HTTP/1.1
779.%O RFC2616
780.Re
781.Rs
782.%A J. Franks
783.%A P. Hallam-Baker
784.%A J. Hostetler
785.%A S. Lawrence
786.%A P. Leach
787.%A A. Luotonen
788.%A L. Stewart
789.%D June 1999
790.%B HTTP Authentication: Basic and Digest Access Authentication
791.%O RFC2617
792.Re
793.Sh HISTORY
794The
795.Nm fetch
796library first appeared in
797.Fx 3.0 .
798.Sh AUTHORS
799.An -nosplit
800The
801.Nm fetch
802library was mostly written by
803.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org
804with numerous suggestions and contributions from
805.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org ,
806.An Eugene Skepner Aq Mt eu@qub.com ,
807.An Hajimu Umemoto Aq Mt ume@FreeBSD.org ,
808.An Henry Whincup Aq Mt henry@techiebod.com ,
809.An Jukka A. Ukkonen Aq Mt jau@iki.fi ,
810.An Jean-Fran\(,cois Dockes Aq Mt jf@dockes.org ,
811.An Michael Gmelin Aq Mt freebsd@grem.de
812and others.
813It replaces the older
814.Nm ftpio
815library written by
816.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org
817and
818.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org .
819.Pp
820This manual page was written by
821.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org
822and
823.An Michael Gmelin Aq Mt freebsd@grem.de .
824.Sh BUGS
825Some parts of the library are not yet implemented.
826The most notable
827examples of this are
828.Fn fetchPutHTTP ,
829.Fn fetchListHTTP ,
830.Fn fetchListFTP
831and FTP proxy support.
832.Pp
833There is no way to select a proxy at run-time other than setting the
834.Ev HTTP_PROXY
835or
836.Ev FTP_PROXY
837environment variables as appropriate.
838.Pp
839.Nm libfetch
840does not understand or obey 305 (Use Proxy) replies.
841.Pp
842Error numbers are unique only within a certain context; the error
843codes used for FTP and HTTP overlap, as do those used for resolver and
844system errors.
845For instance, error code 202 means "Command not
846implemented, superfluous at this site" in an FTP context and
847"Accepted" in an HTTP context.
848.Pp
849.Fn fetchStatFTP
850does not check that the result of an MDTM command is a valid date.
851.Pp
852In case password protected keys are used for client certificate based
853authentication the user is prompted for the password on each and every
854fetch operation.
855.Pp
856The man page is incomplete, poorly written and produces badly
857formatted text.
858.Pp
859The error reporting mechanism is unsatisfactory.
860.Pp
861Some parts of the code are not fully reentrant.
862