ipsvd 1.0.0-2 / usr / share / doc / ipsvd / sslio.8.html

This file is indexed.

/usr/share/doc/ipsvd/sslio.8.html is in ipsvd 1.0.0-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<html>
<head>
<title>sslio(8) manual page</title>
</head>
<body bgcolor='white'>
<a href='http://smarden.org/pape/'>G. Pape</a><br><a href='index.html'>ipsvd</a><hr>

<h2><a name='sect0'>Name</a></h2>
sslio - SSL input/output for service programs 
<h2><a name='sect1'>Synopsis</a></h2>
<b>sslio</b> [-cv] [-u
<i>user</i>] [-U <i>user</i>] [-/ <i>root</i>] [-C <i>cert</i>] [-K <i>key</i>] [-A <i>ca</i>] <i>prog</i> 
<h2><a name='sect2'>Description</a></h2>
<b>sslio</b> provides
SSL encrypted network connections for service programs started by <i><b>tcpsvd</b>(8)</i>
or <i><b>tcpserver</b>(1)</i>, and <i><b>tcpclient</b>(1)</i>. <p>
Normally <b>sslio</b> is started by <i><b>tcpsvd</b>(8)</i>
or <i><b>tcpclient(1)</i>,</b> in turn starts the service program <i>prog</i>, and runs as child
process of the service program. After performing the SSL handshake, <b>sslio</b>
reads SSL encrypted data from the network, and writes decrypted data to
the service program <i>prog</i>; it reads data from the service program <i>prog</i>,
and writes SSL encrypted data to the network. <b>sslio</b> should run under a different
user ID than the service program, and with a changed root directory. When
started by root, the -u option must be given, and the -U and -/ options should
be given. <p>
The <b>sslio</b> program uses the SSLv3 implementation of the matrixssl
library. 
<h2><a name='sect3'>Options</a></h2>

<dl>

<dt><i>prog</i> </dt>
<dd><i>prog</i> consists of one or more arguments, specifying
the service program normally run directly by <i><b>tcpsvd</b>(8)</i>, or <i><b>tcpserver</b>(1)</i>.
</dd>

<dt><b>-u <i>[:]user[:group]</b> </i></dt>
<dd>drop permissions. Set uid and gid to the <i>user</i>&rsquo;s uid and
gid, as found in <i>/etc/passwd</i>, before reading data from, or writing data
to the network. If <i>user</i> is followed by a colon and a <i>group</i>, set the gid
to <i>group</i>&rsquo;s gid, as found in <i>/etc/group</i>, instead of <i>user</i>&rsquo;s gid. If <i>group</i> consists
of a colon-separated list of group names, set the group ids of all listed
groups. If <i>user</i> is prefixed with a colon, the <i>user</i> and all <i>group</i> arguments
are interpreted as uid and gids respectively, and not looked up in the
password or group file. All supplementary groups are removed. This option
must be set when <b>sslio</b> is started by root, and cannot be set otherwise.
</dd>

<dt><b>-U <i>[:]user[:group]</b> </i></dt>
<dd>drop permissions. Set uid and gid to the <i>user</i>&rsquo;s uid and
gid, as found in <i>/etc/passwd</i>, before running <i>prog</i>. If <i>user</i> is followed by
a colon and a <i>group</i>, set the gid to <i>group</i>&rsquo;s gid, as found in <i>/etc/group</i>,
instead of <i>user</i>&rsquo;s gid. If <i>group</i> consists of a colon-separated list of group
names, set the group ids of all listed groups. If <i>user</i> is prefixed with
a colon, the <i>user</i> and all <i>group</i> arguments are interpreted as uid and gids
respectively, and not looked up in the password or group file. All supplementary
groups are removed. This option should be set when <b>sslio</b> is started by root,
and cannot be set otherwise. </dd>

<dt><b>-/ <i>root</b> </i></dt>
<dd>chroot. Change the root directory to
<i>root</i> before reading data from, or writing data to the network. This option
should be set when <b>sslio</b> is started by root, and cannot be set otherwise.
</dd>

<dt><b>-C <i>cert</b> </i></dt>
<dd>cert file (server mode). Read the certificate from the file <i>cert</i>
(default is &lsquo;&lsquo;./cert.pem&rsquo;&rsquo;). If the -/ option is given, first the root directory
is changed, then the cert file is read. </dd>

<dt><b>-K <i>key</b> </i></dt>
<dd>private key (server mode).
Read the private key from the file <i>key</i> (default is <i>cert</i>). If the -/ option
is given, first the root directory is changed, then the private key is
read. </dd>

<dt><b>-A <i>ca</b> </i></dt>
<dd>ca file (client mode). Read the trusted root certificate from
the file <i>ca</i>. Multiple files can be specified, using a semicolon as delimiter.
If the -/ option is given, first the root directory is changed, then the
ca file is read. </dd>

<dt><b>-c</b> </dt>
<dd>client mode. This option must be given when running <b>sslio</b>
under <i><b>tcpclient</b>(1)</i>. In client mode, filedescriptors 6 and 7 are used instead
of standard input and standard ouput to read from and write to the network
and the service program. If the -A option is given, <b>sslio</b> refuses to connect
to a servers which&rsquo;s certificates cannot be verified by the root certificates,
it accepts any server certificate otherwise. </dd>

<dt><b>-v</b> </dt>
<dd>verbose. Print verbose messages
to standard error. </dd>

<dt><b>-vv</b> </dt>
<dd>more verbose. Print more verbose messages to standard
error. </dd>

<dt><b>-vvv</b> </dt>
<dd>even more verbose. Print even more verbose messages to standard
error. </dd>
</dl>

<h2><a name='sect4'>Environment</a></h2>

<dl>

<dt>SSLIO_BUFIN </dt>
<dd>The environment variable <i>SSLIO_BUFIN</i> overrides
the default input buffer size for <b>sslio</b> (8192). </dd>

<dt>SSLIO_BUFOU </dt>
<dd>The environment
variable <i>SSLIO_BUFOU</i> overrides the default output buffer size for <b>sslio</b>
(12288). If the output buffer is too small to hold encrypted or decrypted
data, <b>sslio</b> automatically blows up the buffer to <i>SSLIO_BUFOU</i> more bytes.
</dd>

<dt>SSLIO_BAD_CERTIFICATE </dt>
<dd>(client mode)  If the environment variable <i>SSLIO_BAD_CERTIFICATE</i>
is set, <b>sslio -c</b> accepts server ceritificates it would normally reject with
  fatal: ssl decode error: bad certificate<br>
 </dd>

<dt>SSLIO_HANDSHAKE_TIMOUT </dt>
<dd>The environment variable <i>SSLIO_HANDSHAKE_TIMEOUT</i>
overrides the default number of seconds <b>sslio</b> will try to complete the
ssl handshake (300). If the handshake isn&rsquo;t completed after this number of
seconds, <b>sslio</b> exits. </dd>
</dl>

<h2><a name='sect5'>See Also</a></h2>
<i>sslsvd(8)</i>, <i>tcpsvd(8)</i>, <i>udpsvd(8)</i>, <i>ipsvd(7)</i>,
<i>ipsvd-instruct(5)</i>, <i>ipsvd-cdb(8)</i> <p>
<i>http://smarden.org/ipsvd/</i> 
<h2><a name='sect6'>Author</a></h2>
Gerrit Pape
&lt;pape@smarden.org&gt; <p>

<hr><p>
<a name='toc'><b>Table of Contents</b></a><p>
<ul>
<li><a name='toc0' href='#sect0'>Name</a></li>
<li><a name='toc1' href='#sect1'>Synopsis</a></li>
<li><a name='toc2' href='#sect2'>Description</a></li>
<li><a name='toc3' href='#sect3'>Options</a></li>
<li><a name='toc4' href='#sect4'>Environment</a></li>
<li><a name='toc5' href='#sect5'>See Also</a></li>
<li><a name='toc6' href='#sect6'>Author</a></li>
</ul>
</body>
</html>

APT Browse - Built by Thomas Orozco.