GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SSLIO (8)

NAME

sslio - SSL input/output for service programs

CONTENTS

Synopsis
Description
Options
Environment
See Also
Author

SYNOPSIS

sslio [-cv] [-u user] [-U user] [-/ root] [-C cert] [-K key] [-A ca] prog

DESCRIPTION

sslio provides SSL encrypted network connections for service programs started by tcpsvd(8) or tcpserver(1), and tcpclient(1).

Normally sslio is started by tcpsvd(8) or tcpclient(1), in turn starts the service program prog, and runs as child process of the service program. After performing the SSL handshake, sslio reads SSL encrypted data from the network, and writes decrypted data to the service program prog; it reads data from the service program prog, and writes SSL encrypted data to the network. sslio should run under a different user ID than the service program, and with a changed root directory. When started by root, the -u option must be given, and the -U and -/ options should be given.

The sslio program uses the SSLv3 implementation of the matrixssl library.

OPTIONS

prog prog consists of one or more arguments, specifying the service program normally run directly by tcpsvd(8), or tcpserver(1).
-u [:]user[:group]
  drop permissions. Set uid and gid to the user’s uid and gid, as found in /etc/passwd, before reading data from, or writing data to the network. If user is followed by a colon and a group, set the gid to group’s gid, as found in /etc/group, instead of user’s gid. If group consists of a colon-separated list of group names, set the group ids of all listed groups. If user is prefixed with a colon, the user and all group arguments are interpreted as uid and gids respectively, and not looked up in the password or group file. All supplementary groups are removed. This option must be set when sslio is started by root, and cannot be set otherwise.
-U [:]user[:group]
  drop permissions. Set uid and gid to the user’s uid and gid, as found in /etc/passwd, before running prog. If user is followed by a colon and a group, set the gid to group’s gid, as found in /etc/group, instead of user’s gid. If group consists of a colon-separated list of group names, set the group ids of all listed groups. If user is prefixed with a colon, the user and all group arguments are interpreted as uid and gids respectively, and not looked up in the password or group file. All supplementary groups are removed. This option should be set when sslio is started by root, and cannot be set otherwise.
-/ root chroot. Change the root directory to root before reading data from, or writing data to the network. This option should be set when sslio is started by root, and cannot be set otherwise.
-C cert cert file (server mode). Read the certificate from the file cert (default is ‘‘./cert.pem’’). If the -/ option is given, first the root directory is changed, then the cert file is read.
-K key private key (server mode). Read the private key from the file key (default is cert). If the -/ option is given, first the root directory is changed, then the private key is read.
-A ca ca file (client mode). Read the trusted root certificate from the file ca. Multiple files can be specified, using a semicolon as delimiter. If the -/ option is given, first the root directory is changed, then the ca file is read.
-c client mode. This option must be given when running sslio under tcpclient(1). In client mode, filedescriptors 6 and 7 are used instead of standard input and standard ouput to read from and write to the network and the service program. If the -A option is given, sslio refuses to connect to a servers which’s certificates cannot be verified by the root certificates, it accepts any server certificate otherwise.
-v verbose. Print verbose messages to standard error.
-vv more verbose. Print more verbose messages to standard error.
-vvv even more verbose. Print even more verbose messages to standard error.

ENVIRONMENT

SSLIO_BUFIN
  The environment variable SSLIO_BUFIN overrides the default input buffer size for sslio (8192).
SSLIO_BUFOU
  The environment variable SSLIO_BUFOU overrides the default output buffer size for sslio (12288). If the output buffer is too small to hold encrypted or decrypted data, sslio automatically blows up the buffer to SSLIO_BUFOU more bytes.
SSLIO_BAD_CERTIFICATE
  (client mode) If the environment variable SSLIO_BAD_CERTIFICATE is set, sslio -c accepts server ceritificates it would normally reject with
fatal: ssl decode error: bad certificate
SSLIO_HANDSHAKE_TIMOUT
  The environment variable SSLIO_HANDSHAKE_TIMEOUT overrides the default number of seconds sslio will try to complete the ssl handshake (300). If the handshake isn’t completed after this number of seconds, sslio exits.

SEE ALSO

sslsvd(8), tcpsvd(8), udpsvd(8), ipsvd(7), ipsvd-instruct(5), ipsvd-cdb(8)

http://smarden.org/ipsvd/

AUTHOR

Gerrit Pape <pape@smarden.org>
Search for    or go to Top of page |  Section 8 |  Main Index


SSLIO (8) -->

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.