File manager - Edit - /usr/share/doc/ipsvd/sslio.8.html
Back
<html> <head> <title>sslio(8) manual page</title> </head> <body bgcolor='white'> <a href='http://smarden.org/pape/'>G. Pape</a><br><a href='index.html'>ipsvd</a><hr> <h2><a name='sect0'>Name</a></h2> sslio - SSL input/output for service programs <h2><a name='sect1'>Synopsis</a></h2> <b>sslio</b> [-cv] [-u <i>user</i>] [-U <i>user</i>] [-/ <i>root</i>] [-C <i>cert</i>] [-K <i>key</i>] [-A <i>ca</i>] <i>prog</i> <h2><a name='sect2'>Description</a></h2> <b>sslio</b> provides SSL encrypted network connections for service programs started by <i><b>tcpsvd</b>(8)</i> or <i><b>tcpserver</b>(1)</i>, and <i><b>tcpclient</b>(1)</i>. <p> Normally <b>sslio</b> is started by <i><b>tcpsvd</b>(8)</i> or <i><b>tcpclient(1)</i>,</b> in turn starts the service program <i>prog</i>, and runs as child process of the service program. After performing the SSL handshake, <b>sslio</b> reads SSL encrypted data from the network, and writes decrypted data to the service program <i>prog</i>; it reads data from the service program <i>prog</i>, and writes SSL encrypted data to the network. <b>sslio</b> should run under a different user ID than the service program, and with a changed root directory. When started by root, the -u option must be given, and the -U and -/ options should be given. <p> The <b>sslio</b> program uses the SSLv3 implementation of the matrixssl library. <h2><a name='sect3'>Options</a></h2> <dl> <dt><i>prog</i> </dt> <dd><i>prog</i> consists of one or more arguments, specifying the service program normally run directly by <i><b>tcpsvd</b>(8)</i>, or <i><b>tcpserver</b>(1)</i>. </dd> <dt><b>-u <i>[:]user[:group]</b> </i></dt> <dd>drop permissions. Set uid and gid to the <i>user</i>’s uid and gid, as found in <i>/etc/passwd</i>, before reading data from, or writing data to the network. If <i>user</i> is followed by a colon and a <i>group</i>, set the gid to <i>group</i>’s gid, as found in <i>/etc/group</i>, instead of <i>user</i>’s gid. If <i>group</i> consists of a colon-separated list of group names, set the group ids of all listed groups. If <i>user</i> is prefixed with a colon, the <i>user</i> and all <i>group</i> arguments are interpreted as uid and gids respectively, and not looked up in the password or group file. All supplementary groups are removed. This option must be set when <b>sslio</b> is started by root, and cannot be set otherwise. </dd> <dt><b>-U <i>[:]user[:group]</b> </i></dt> <dd>drop permissions. Set uid and gid to the <i>user</i>’s uid and gid, as found in <i>/etc/passwd</i>, before running <i>prog</i>. If <i>user</i> is followed by a colon and a <i>group</i>, set the gid to <i>group</i>’s gid, as found in <i>/etc/group</i>, instead of <i>user</i>’s gid. If <i>group</i> consists of a colon-separated list of group names, set the group ids of all listed groups. If <i>user</i> is prefixed with a colon, the <i>user</i> and all <i>group</i> arguments are interpreted as uid and gids respectively, and not looked up in the password or group file. All supplementary groups are removed. This option should be set when <b>sslio</b> is started by root, and cannot be set otherwise. </dd> <dt><b>-/ <i>root</b> </i></dt> <dd>chroot. Change the root directory to <i>root</i> before reading data from, or writing data to the network. This option should be set when <b>sslio</b> is started by root, and cannot be set otherwise. </dd> <dt><b>-C <i>cert</b> </i></dt> <dd>cert file (server mode). Read the certificate from the file <i>cert</i> (default is ‘‘./cert.pem’’). If the -/ option is given, first the root directory is changed, then the cert file is read. </dd> <dt><b>-K <i>key</b> </i></dt> <dd>private key (server mode). Read the private key from the file <i>key</i> (default is <i>cert</i>). If the -/ option is given, first the root directory is changed, then the private key is read. </dd> <dt><b>-A <i>ca</b> </i></dt> <dd>ca file (client mode). Read the trusted root certificate from the file <i>ca</i>. Multiple files can be specified, using a semicolon as delimiter. If the -/ option is given, first the root directory is changed, then the ca file is read. </dd> <dt><b>-c</b> </dt> <dd>client mode. This option must be given when running <b>sslio</b> under <i><b>tcpclient</b>(1)</i>. In client mode, filedescriptors 6 and 7 are used instead of standard input and standard ouput to read from and write to the network and the service program. If the -A option is given, <b>sslio</b> refuses to connect to a servers which’s certificates cannot be verified by the root certificates, it accepts any server certificate otherwise. </dd> <dt><b>-v</b> </dt> <dd>verbose. Print verbose messages to standard error. </dd> <dt><b>-vv</b> </dt> <dd>more verbose. Print more verbose messages to standard error. </dd> <dt><b>-vvv</b> </dt> <dd>even more verbose. Print even more verbose messages to standard error. </dd> </dl> <h2><a name='sect4'>Environment</a></h2> <dl> <dt>SSLIO_BUFIN </dt> <dd>The environment variable <i>SSLIO_BUFIN</i> overrides the default input buffer size for <b>sslio</b> (8192). </dd> <dt>SSLIO_BUFOU </dt> <dd>The environment variable <i>SSLIO_BUFOU</i> overrides the default output buffer size for <b>sslio</b> (12288). If the output buffer is too small to hold encrypted or decrypted data, <b>sslio</b> automatically blows up the buffer to <i>SSLIO_BUFOU</i> more bytes. </dd> <dt>SSLIO_BAD_CERTIFICATE </dt> <dd>(client mode) If the environment variable <i>SSLIO_BAD_CERTIFICATE</i> is set, <b>sslio -c</b> accepts server ceritificates it would normally reject with fatal: ssl decode error: bad certificate<br> </dd> <dt>SSLIO_HANDSHAKE_TIMOUT </dt> <dd>The environment variable <i>SSLIO_HANDSHAKE_TIMEOUT</i> overrides the default number of seconds <b>sslio</b> will try to complete the ssl handshake (300). If the handshake isn’t completed after this number of seconds, <b>sslio</b> exits. </dd> </dl> <h2><a name='sect5'>See Also</a></h2> <i>sslsvd(8)</i>, <i>tcpsvd(8)</i>, <i>udpsvd(8)</i>, <i>ipsvd(7)</i>, <i>ipsvd-instruct(5)</i>, <i>ipsvd-cdb(8)</i> <p> <i>http://smarden.org/ipsvd/</i> <h2><a name='sect6'>Author</a></h2> Gerrit Pape <pape@smarden.org> <p> <hr><p> <a name='toc'><b>Table of Contents</b></a><p> <ul> <li><a name='toc0' href='#sect0'>Name</a></li> <li><a name='toc1' href='#sect1'>Synopsis</a></li> <li><a name='toc2' href='#sect2'>Description</a></li> <li><a name='toc3' href='#sect3'>Options</a></li> <li><a name='toc4' href='#sect4'>Environment</a></li> <li><a name='toc5' href='#sect5'>See Also</a></li> <li><a name='toc6' href='#sect6'>Author</a></li> </ul> </body> </html>
| ver. 1.4 |
Github
|
.
| PHP 7.4.33 | Generation time: 0.26 |
proxy
|
phpinfo
|
Settings