1.\"- 2.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav 3.\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.Dd October 7, 2023 28.Dt FETCH 3 29.Os 30.Sh NAME 31.Nm fetchMakeURL , 32.Nm fetchParseURL , 33.Nm fetchFreeURL , 34.Nm fetchXGetURL , 35.Nm fetchGetURL , 36.Nm fetchPutURL , 37.Nm fetchStatURL , 38.Nm fetchListURL , 39.Nm fetchXGet , 40.Nm fetchGet , 41.Nm fetchPut , 42.Nm fetchStat , 43.Nm fetchList , 44.Nm fetchXGetFile , 45.Nm fetchGetFile , 46.Nm fetchPutFile , 47.Nm fetchStatFile , 48.Nm fetchListFile , 49.Nm fetchXGetHTTP , 50.Nm fetchGetHTTP , 51.Nm fetchPutHTTP , 52.Nm fetchStatHTTP , 53.Nm fetchListHTTP , 54.Nm fetchReqHTTP , 55.Nm fetchXGetFTP , 56.Nm fetchGetFTP , 57.Nm fetchPutFTP , 58.Nm fetchStatFTP , 59.Nm fetchListFTP 60.Nd file transfer functions 61.Sh LIBRARY 62.Lb libfetch 63.Sh SYNOPSIS 64.In sys/param.h 65.In stdio.h 66.In fetch.h 67.Ft struct url * 68.Fn fetchMakeURL "const char *scheme" "const char *host" "int port" "const char *doc" "const char *user" "const char *pwd" 69.Ft struct url * 70.Fn fetchParseURL "const char *URL" 71.Ft void 72.Fn fetchFreeURL "struct url *u" 73.Ft FILE * 74.Fn fetchXGetURL "const char *URL" "struct url_stat *us" "const char *flags" 75.Ft FILE * 76.Fn fetchGetURL "const char *URL" "const char *flags" 77.Ft FILE * 78.Fn fetchPutURL "const char *URL" "const char *flags" 79.Ft int 80.Fn fetchStatURL "const char *URL" "struct url_stat *us" "const char *flags" 81.Ft struct url_ent * 82.Fn fetchListURL "const char *URL" "const char *flags" 83.Ft FILE * 84.Fn fetchXGet "struct url *u" "struct url_stat *us" "const char *flags" 85.Ft FILE * 86.Fn fetchGet "struct url *u" "const char *flags" 87.Ft FILE * 88.Fn fetchPut "struct url *u" "const char *flags" 89.Ft int 90.Fn fetchStat "struct url *u" "struct url_stat *us" "const char *flags" 91.Ft struct url_ent * 92.Fn fetchList "struct url *u" "const char *flags" 93.Ft FILE * 94.Fn fetchXGetFile "struct url *u" "struct url_stat *us" "const char *flags" 95.Ft FILE * 96.Fn fetchGetFile "struct url *u" "const char *flags" 97.Ft FILE * 98.Fn fetchPutFile "struct url *u" "const char *flags" 99.Ft int 100.Fn fetchStatFile "struct url *u" "struct url_stat *us" "const char *flags" 101.Ft struct url_ent * 102.Fn fetchListFile "struct url *u" "const char *flags" 103.Ft FILE * 104.Fn fetchXGetHTTP "struct url *u" "struct url_stat *us" "const char *flags" 105.Ft FILE * 106.Fn fetchGetHTTP "struct url *u" "const char *flags" 107.Ft FILE * 108.Fn fetchPutHTTP "struct url *u" "const char *flags" 109.Ft int 110.Fn fetchStatHTTP "struct url *u" "struct url_stat *us" "const char *flags" 111.Ft struct url_ent * 112.Fn fetchListHTTP "struct url *u" "const char *flags" 113.Ft FILE * 114.Fn fetchReqHTTP "struct url *u" "const char *method" "const char *flags" "const char *content_type" "const char *body" 115.Ft FILE * 116.Fn fetchXGetFTP "struct url *u" "struct url_stat *us" "const char *flags" 117.Ft FILE * 118.Fn fetchGetFTP "struct url *u" "const char *flags" 119.Ft FILE * 120.Fn fetchPutFTP "struct url *u" "const char *flags" 121.Ft int 122.Fn fetchStatFTP "struct url *u" "struct url_stat *us" "const char *flags" 123.Ft struct url_ent * 124.Fn fetchListFTP "struct url *u" "const char *flags" 125.Sh DESCRIPTION 126These functions implement a high-level library for retrieving and 127uploading files using Uniform Resource Locators (URLs). 128.Pp 129.Fn fetchParseURL 130takes a URL in the form of a null-terminated string and splits it into 131its components function according to the Common Internet Scheme Syntax 132detailed in RFC1738. 133A regular expression which produces this syntax is: 134.Bd -literal 135 <scheme>:(//(<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 136.Ed 137.Pp 138If the URL does not seem to begin with a scheme name, the following 139syntax is assumed: 140.Bd -literal 141 ((<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 142.Ed 143.Pp 144Note that some components of the URL are not necessarily relevant to 145all URL schemes. 146For instance, the file scheme only needs the <scheme> and <document> 147components. 148.Pp 149.Fn fetchMakeURL 150and 151.Fn fetchParseURL 152return a pointer to a 153.Vt url 154structure, which is defined as follows in 155.In fetch.h : 156.Bd -literal 157#define URL_SCHEMELEN 16 158#define URL_USERLEN 256 159#define URL_PWDLEN 256 160 161struct url { 162 char scheme[URL_SCHEMELEN+1]; 163 char user[URL_USERLEN+1]; 164 char pwd[URL_PWDLEN+1]; 165 char host[MAXHOSTNAMELEN+1]; 166 int port; 167 char *doc; 168 off_t offset; 169 size_t length; 170 time_t ims_time; 171}; 172.Ed 173.Pp 174The 175.Va ims_time 176field stores the time value for 177.Li If-Modified-Since 178HTTP requests. 179.Pp 180The pointer returned by 181.Fn fetchMakeURL 182or 183.Fn fetchParseURL 184should be freed using 185.Fn fetchFreeURL . 186.Pp 187.Fn fetchXGetURL , 188.Fn fetchGetURL , 189and 190.Fn fetchPutURL 191constitute the recommended interface to the 192.Nm fetch 193library. 194They examine the URL passed to them to determine the transfer 195method, and call the appropriate lower-level functions to perform the 196actual transfer. 197.Fn fetchXGetURL 198also returns the remote document's metadata in the 199.Vt url_stat 200structure pointed to by the 201.Fa us 202argument. 203.Pp 204The 205.Fa flags 206argument is a string of characters which specify transfer options. 207The 208meaning of the individual flags is scheme-dependent, and is detailed 209in the appropriate section below. 210.Pp 211.Fn fetchStatURL 212attempts to obtain the requested document's metadata and fill in the 213structure pointed to by its second argument. 214The 215.Vt url_stat 216structure is defined as follows in 217.In fetch.h : 218.Bd -literal 219struct url_stat { 220 off_t size; 221 time_t atime; 222 time_t mtime; 223}; 224.Ed 225.Pp 226If the size could not be obtained from the server, the 227.Fa size 228field is set to -1. 229If the modification time could not be obtained from the server, the 230.Fa mtime 231field is set to the epoch. 232If the access time could not be obtained from the server, the 233.Fa atime 234field is set to the modification time. 235.Pp 236.Fn fetchListURL 237attempts to list the contents of the directory pointed to by the URL 238provided. 239If successful, it returns a malloced array of 240.Vt url_ent 241structures. 242The 243.Vt url_ent 244structure is defined as follows in 245.In fetch.h : 246.Bd -literal 247struct url_ent { 248 char name[PATH_MAX]; 249 struct url_stat stat; 250}; 251.Ed 252.Pp 253The list is terminated by an entry with an empty name. 254.Pp 255The pointer returned by 256.Fn fetchListURL 257should be freed using 258.Fn free . 259.Pp 260.Fn fetchXGet , 261.Fn fetchGet , 262.Fn fetchPut 263and 264.Fn fetchStat 265are similar to 266.Fn fetchXGetURL , 267.Fn fetchGetURL , 268.Fn fetchPutURL 269and 270.Fn fetchStatURL , 271except that they expect a pre-parsed URL in the form of a pointer to 272a 273.Vt struct url 274rather than a string. 275.Pp 276All of the 277.Fn fetchXGetXXX , 278.Fn fetchGetXXX 279and 280.Fn fetchPutXXX 281functions return a pointer to a stream which can be used to read or 282write data from or to the requested document, respectively. 283Note that 284although the implementation details of the individual access methods 285vary, it can generally be assumed that a stream returned by one of the 286.Fn fetchXGetXXX 287or 288.Fn fetchGetXXX 289functions is read-only, and that a stream returned by one of the 290.Fn fetchPutXXX 291functions is write-only. 292.Sh FILE SCHEME 293.Fn fetchXGetFile , 294.Fn fetchGetFile 295and 296.Fn fetchPutFile 297provide access to documents which are files in a locally mounted file 298system. 299Only the <document> component of the URL is used. 300.Pp 301.Fn fetchXGetFile 302and 303.Fn fetchGetFile 304do not accept any flags. 305.Pp 306.Fn fetchPutFile 307accepts the 308.Ql a 309(append to file) flag. 310If that flag is specified, the data written to 311the stream returned by 312.Fn fetchPutFile 313will be appended to the previous contents of the file, instead of 314replacing them. 315.Sh FTP SCHEME 316.Fn fetchXGetFTP , 317.Fn fetchGetFTP 318and 319.Fn fetchPutFTP 320implement the FTP protocol as described in RFC959. 321.Pp 322If the 323.Ql P 324(not passive) flag is specified, an active (rather than passive) 325connection will be attempted. 326.Pp 327The 328.Ql p 329flag is supported for compatibility with earlier versions where active 330connections were the default. 331It has precedence over the 332.Ql P 333flag, so if both are specified, 334.Nm 335will use a passive connection. 336.Pp 337If the 338.Ql l 339(low) flag is specified, data sockets will be allocated in the low (or 340default) port range instead of the high port range (see 341.Xr ip 4 ) . 342.Pp 343If the 344.Ql d 345(direct) flag is specified, 346.Fn fetchXGetFTP , 347.Fn fetchGetFTP 348and 349.Fn fetchPutFTP 350will use a direct connection even if a proxy server is defined. 351.Pp 352If no user name or password is given, the 353.Nm fetch 354library will attempt an anonymous login, with user name "anonymous" 355and password "anonymous@<hostname>". 356.Sh HTTP SCHEME 357The 358.Fn fetchXGetHTTP , 359.Fn fetchGetHTTP , 360.Fn fetchPutHTTP 361and 362.Fn fetchReqHTTP 363functions implement the HTTP/1.1 protocol. 364With a little luck, there is 365even a chance that they comply with RFC2616 and RFC2617. 366.Pp 367If the 368.Ql d 369(direct) flag is specified, 370.Fn fetchXGetHTTP , 371.Fn fetchGetHTTP 372and 373.Fn fetchPutHTTP 374will use a direct connection even if a proxy server is defined. 375.Pp 376If the 377.Ql i 378(if-modified-since) flag is specified, and 379the 380.Va ims_time 381field is set in 382.Vt "struct url" , 383then 384.Fn fetchXGetHTTP 385and 386.Fn fetchGetHTTP 387will send a conditional 388.Li If-Modified-Since 389HTTP header to only fetch the content if it is newer than 390.Va ims_time . 391.Pp 392The function 393.Fn fetchReqHTTP 394can be used to make requests with an arbitrary HTTP verb, 395including POST, DELETE, CONNECT, OPTIONS, TRACE or PATCH. 396This can be done by setting the argument 397.Fa method 398to the intended verb, such as 399.Ql POST , 400and 401.Fa body 402to the content. 403.Pp 404Since there seems to be no good way of implementing the HTTP PUT 405method in a manner consistent with the rest of the 406.Nm fetch 407library, 408.Fn fetchPutHTTP 409is currently unimplemented. 410.Sh HTTPS SCHEME 411Based on HTTP SCHEME. 412The CA bundle used for peer verification can be changed by setting the 413environment variables 414.Ev SSL_CA_CERT_FILE 415to point to a concatenated bundle of trusted certificates and 416.Ev SSL_CA_CERT_PATH 417to point to a directory containing hashes of trusted CAs (see 418.Xr verify 1 ) . 419.Pp 420A certificate revocation list (CRL) can be used by setting the 421environment variable 422.Ev SSL_CRL_FILE 423(see 424.Xr crl 1 ) . 425.Pp 426Peer verification can be disabled by setting the environment variable 427.Ev SSL_NO_VERIFY_PEER . 428Note that this also disables CRL checking. 429.Pp 430By default the service identity is verified according to the rules 431detailed in RFC6125 (also known as hostname verification). 432This feature can be disabled by setting the environment variable 433.Ev SSL_NO_VERIFY_HOSTNAME . 434.Pp 435Client certificate based authentication is supported. 436The environment variable 437.Ev SSL_CLIENT_CERT_FILE 438should be set to point to a file containing key and client certificate 439to be used in PEM format. 440When a PEM-format key is in a separate file from the client certificate, 441the environment variable 442.Ev SSL_CLIENT_KEY_FILE 443can be set to point to the key file. 444In case the key uses a password, the user will be prompted on standard 445input. 446.Pp 447By default 448.Nm libfetch 449allows TLSv1 and newer when negotiating the connecting with the remote 450peer. 451You can change this behavior by setting the 452.Ev SSL_NO_TLS1 , 453.Ev SSL_NO_TLS1_1 and 454.Ev SSL_NO_TLS1_2 455environment variables to disable TLS 1.0, 1.1 and 1.2 respectively. 456.Sh AUTHENTICATION 457Apart from setting the appropriate environment variables and 458specifying the user name and password in the URL or the 459.Vt struct url , 460the calling program has the option of defining an authentication 461function with the following prototype: 462.Pp 463.Ft int 464.Fn myAuthMethod "struct url *u" 465.Pp 466The callback function should fill in the 467.Fa user 468and 469.Fa pwd 470fields in the provided 471.Vt struct url 472and return 0 on success, or any other value to indicate failure. 473.Pp 474To register the authentication callback, simply set 475.Va fetchAuthMethod 476to point at it. 477The callback will be used whenever a site requires authentication and 478the appropriate environment variables are not set. 479.Pp 480This interface is experimental and may be subject to change. 481.Sh RETURN VALUES 482.Fn fetchParseURL 483returns a pointer to a 484.Vt struct url 485containing the individual components of the URL. 486If it is 487unable to allocate memory, or the URL is syntactically incorrect, 488.Fn fetchParseURL 489returns a NULL pointer. 490.Pp 491The 492.Fn fetchStat 493functions return 0 on success and -1 on failure. 494.Pp 495All other functions return a stream pointer which may be used to 496access the requested document, or NULL if an error occurred. 497.Pp 498The following error codes are defined in 499.In fetch.h : 500.Bl -tag -width 18n 501.It Bq Er FETCH_ABORT 502Operation aborted 503.It Bq Er FETCH_AUTH 504Authentication failed 505.It Bq Er FETCH_DOWN 506Service unavailable 507.It Bq Er FETCH_EXISTS 508File exists 509.It Bq Er FETCH_FULL 510File system full 511.It Bq Er FETCH_INFO 512Informational response 513.It Bq Er FETCH_MEMORY 514Insufficient memory 515.It Bq Er FETCH_MOVED 516File has moved 517.It Bq Er FETCH_NETWORK 518Network error 519.It Bq Er FETCH_OK 520No error 521.It Bq Er FETCH_PROTO 522Protocol error 523.It Bq Er FETCH_RESOLV 524Resolver error 525.It Bq Er FETCH_SERVER 526Server error 527.It Bq Er FETCH_TEMP 528Temporary error 529.It Bq Er FETCH_TIMEOUT 530Operation timed out 531.It Bq Er FETCH_UNAVAIL 532File is not available 533.It Bq Er FETCH_UNKNOWN 534Unknown error 535.It Bq Er FETCH_URL 536Invalid URL 537.El 538.Pp 539The accompanying error message includes a protocol-specific error code 540and message, like "File is not available (404 Not Found)" 541.Sh ENVIRONMENT 542.Bl -tag -width ".Ev FETCH_BIND_ADDRESS" 543.It Ev FETCH_BIND_ADDRESS 544Specifies a hostname or IP address to which sockets used for outgoing 545connections will be bound. 546.It Ev FTP_LOGIN 547Default FTP login if none was provided in the URL. 548.It Ev FTP_PASSIVE_MODE 549If set to 550.Ql no , 551forces the FTP code to use active mode. 552If set to any other value, forces passive mode even if the application 553requested active mode. 554.It Ev FTP_PASSWORD 555Default FTP password if the remote server requests one and none was 556provided in the URL. 557.It Ev FTP_PROXY 558URL of the proxy to use for FTP requests. 559The document part is ignored. 560FTP and HTTP proxies are supported; if no scheme is specified, FTP is 561assumed. 562If the proxy is an FTP proxy, 563.Nm libfetch 564will send 565.Ql user@host 566as user name to the proxy, where 567.Ql user 568is the real user name, and 569.Ql host 570is the name of the FTP server. 571.Pp 572If this variable is set to an empty string, no proxy will be used for 573FTP requests, even if the 574.Ev HTTP_PROXY 575variable is set. 576.It Ev ftp_proxy 577Same as 578.Ev FTP_PROXY , 579for compatibility. 580.It Ev HTTP_ACCEPT 581Specifies the value of the 582.Va Accept 583header for HTTP requests. 584If empty, no 585.Va Accept 586header is sent. 587The default is 588.Dq */* . 589.It Ev HTTP_AUTH 590Specifies HTTP authorization parameters as a colon-separated list of 591items. 592The first and second item are the authorization scheme and realm 593respectively; further items are scheme-dependent. 594Currently, the 595.Dq basic 596and 597.Dq digest 598authorization methods are supported. 599.Pp 600Both methods require two parameters: the user name and 601password, in that order. 602.Pp 603This variable is only used if the server requires authorization and 604no user name or password was specified in the URL. 605.It Ev HTTP_PROXY 606URL of the proxy to use for HTTP requests. 607The document part is ignored. 608Only HTTP proxies are supported for HTTP requests. 609If no port number is specified, the default is 3128. 610.Pp 611Note that this proxy will also be used for FTP documents, unless the 612.Ev FTP_PROXY 613variable is set. 614.It Ev http_proxy 615Same as 616.Ev HTTP_PROXY , 617for compatibility. 618.It Ev HTTP_PROXY_AUTH 619Specifies authorization parameters for the HTTP proxy in the same 620format as the 621.Ev HTTP_AUTH 622variable. 623.Pp 624This variable is used if and only if connected to an HTTP proxy, and 625is ignored if a user and/or a password were specified in the proxy 626URL. 627.It Ev HTTP_REFERER 628Specifies the referrer URL to use for HTTP requests. 629If set to 630.Dq auto , 631the document URL will be used as referrer URL. 632.It Ev HTTP_USER_AGENT 633Specifies the User-Agent string to use for HTTP requests. 634This can be useful when working with HTTP origin or proxy servers that 635differentiate between user agents. 636If defined but empty, no User-Agent header is sent. 637.It Ev NETRC 638Specifies a file to use instead of 639.Pa ~/.netrc 640to look up login names and passwords for FTP and HTTP sites as well as 641HTTP proxies. 642See 643.Xr ftp 1 644for a description of the file format. 645.It Ev NO_PROXY 646Either a single asterisk, which disables the use of proxies 647altogether, or a comma- or whitespace-separated list of hosts for 648which proxies should not be used. 649.It Ev no_proxy 650Same as 651.Ev NO_PROXY , 652for compatibility. 653.It Ev SOCKS5_PROXY 654Uses SOCKS version 5 to make connection. 655The format must be the IP or hostname followed by a colon for the port. 656IPv6 addresses must enclose the address in brackets. 657If no port is specified, the default is 1080. 658This setting will supercede a connection to an 659.Ev HTTP_PROXY . 660.It Ev SSL_CA_CERT_FILE 661CA certificate bundle containing trusted CA certificates. 662Default value: See HTTPS SCHEME above. 663.It Ev SSL_CA_CERT_PATH 664Path containing trusted CA hashes. 665.It Ev SSL_CLIENT_CERT_FILE 666PEM encoded client certificate/key which will be used in 667client certificate authentication. 668.It Ev SSL_CLIENT_KEY_FILE 669PEM encoded client key in case key and client certificate 670are stored separately. 671.It Ev SSL_CRL_FILE 672File containing certificate revocation list. 673.It Ev SSL_NO_TLS1 674Do not allow TLS version 1.0 when negotiating the connection. 675.It Ev SSL_NO_TLS1_1 676Do not allow TLS version 1.1 when negotiating the connection. 677.It Ev SSL_NO_TLS1_2 678Do not allow TLS version 1.2 when negotiating the connection. 679.It Ev SSL_NO_VERIFY_HOSTNAME 680If set, do not verify that the hostname matches the subject of the 681certificate presented by the server. 682.It Ev SSL_NO_VERIFY_PEER 683If set, do not verify the peer certificate against trusted CAs. 684.El 685.Sh EXAMPLES 686To access a proxy server on 687.Pa proxy.example.com 688port 8080, set the 689.Ev HTTP_PROXY 690environment variable in a manner similar to this: 691.Pp 692.Dl HTTP_PROXY=http://proxy.example.com:8080 693.Pp 694If the proxy server requires authentication, there are 695two options available for passing the authentication data. 696The first method is by using the proxy URL: 697.Pp 698.Dl HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:8080 699.Pp 700The second method is by using the 701.Ev HTTP_PROXY_AUTH 702environment variable: 703.Bd -literal -offset indent 704HTTP_PROXY=http://proxy.example.com:8080 705HTTP_PROXY_AUTH=basic:*:<user>:<pwd> 706.Ed 707.Pp 708To disable the use of a proxy for an HTTP server running on the local 709host, define 710.Ev NO_PROXY 711as follows: 712.Bd -literal -offset indent 713NO_PROXY=localhost,127.0.0.1 714.Ed 715.Pp 716To use a SOCKS5 proxy, set the 717.Ev SOCKS5_PROXY 718environment variable to a 719valid host or IP followed by an optional colon and the port. 720IPv6 addresses must be enclosed in brackets. 721The following are examples of valid settings: 722.Bd -literal -offset indent 723SOCKS5_PROXY=proxy.example.com 724SOCKS5_PROXY=proxy.example.com:1080 725SOCKS5_PROXY=192.0.2.0 726SOCKS5_PROXY=198.51.100.0:1080 727SOCKS5_PROXY=[2001:db8::1] 728SOCKS5_PROXY=[2001:db8::2]:1080 729.Ed 730.Pp 731Access HTTPS website without any certificate verification whatsoever: 732.Bd -literal -offset indent 733SSL_NO_VERIFY_PEER=1 734SSL_NO_VERIFY_HOSTNAME=1 735.Ed 736.Pp 737Access HTTPS website using client certificate based authentication 738and a private CA: 739.Bd -literal -offset indent 740SSL_CLIENT_CERT_FILE=/path/to/client.pem 741SSL_CA_CERT_FILE=/path/to/myca.pem 742.Ed 743.Sh SEE ALSO 744.Xr fetch 1 , 745.Xr ip 4 746.Rs 747.%A J. Postel 748.%A J. K. Reynolds 749.%D October 1985 750.%B File Transfer Protocol 751.%O RFC959 752.Re 753.Rs 754.%A P. Deutsch 755.%A A. Emtage 756.%A A. Marine. 757.%D May 1994 758.%T How to Use Anonymous FTP 759.%O RFC1635 760.Re 761.Rs 762.%A T. Berners-Lee 763.%A L. Masinter 764.%A M. McCahill 765.%D December 1994 766.%T Uniform Resource Locators (URL) 767.%O RFC1738 768.Re 769.Rs 770.%A R. Fielding 771.%A J. Gettys 772.%A J. Mogul 773.%A H. Frystyk 774.%A L. Masinter 775.%A P. Leach 776.%A T. Berners-Lee 777.%D January 1999 778.%B Hypertext Transfer Protocol -- HTTP/1.1 779.%O RFC2616 780.Re 781.Rs 782.%A J. Franks 783.%A P. Hallam-Baker 784.%A J. Hostetler 785.%A S. Lawrence 786.%A P. Leach 787.%A A. Luotonen 788.%A L. Stewart 789.%D June 1999 790.%B HTTP Authentication: Basic and Digest Access Authentication 791.%O RFC2617 792.Re 793.Sh HISTORY 794The 795.Nm fetch 796library first appeared in 797.Fx 3.0 . 798.Sh AUTHORS 799.An -nosplit 800The 801.Nm fetch 802library was mostly written by 803.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 804with numerous suggestions and contributions from 805.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org , 806.An Eugene Skepner Aq Mt eu@qub.com , 807.An Hajimu Umemoto Aq Mt ume@FreeBSD.org , 808.An Henry Whincup Aq Mt henry@techiebod.com , 809.An Jukka A. Ukkonen Aq Mt jau@iki.fi , 810.An Jean-Fran\(,cois Dockes Aq Mt jf@dockes.org , 811.An Michael Gmelin Aq Mt freebsd@grem.de 812and others. 813It replaces the older 814.Nm ftpio 815library written by 816.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org 817and 818.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org . 819.Pp 820This manual page was written by 821.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 822and 823.An Michael Gmelin Aq Mt freebsd@grem.de . 824.Sh BUGS 825Some parts of the library are not yet implemented. 826The most notable 827examples of this are 828.Fn fetchPutHTTP , 829.Fn fetchListHTTP , 830.Fn fetchListFTP 831and FTP proxy support. 832.Pp 833There is no way to select a proxy at run-time other than setting the 834.Ev HTTP_PROXY 835or 836.Ev FTP_PROXY 837environment variables as appropriate. 838.Pp 839.Nm libfetch 840does not understand or obey 305 (Use Proxy) replies. 841.Pp 842Error numbers are unique only within a certain context; the error 843codes used for FTP and HTTP overlap, as do those used for resolver and 844system errors. 845For instance, error code 202 means "Command not 846implemented, superfluous at this site" in an FTP context and 847"Accepted" in an HTTP context. 848.Pp 849.Fn fetchStatFTP 850does not check that the result of an MDTM command is a valid date. 851.Pp 852In case password protected keys are used for client certificate based 853authentication the user is prompted for the password on each and every 854fetch operation. 855.Pp 856The man page is incomplete, poorly written and produces badly 857formatted text. 858.Pp 859The error reporting mechanism is unsatisfactory. 860.Pp 861Some parts of the code are not fully reentrant. 862