NAME

calico — dispatches cat

SYNOPSIS

DESCRIPTION

The calico program dispatches incoming TLS connections to instances of pounce(1) by Server Name Indication (SNI). Instances of pounce(1) should be configured with -U to bind to UNIX-domain sockets in the directory passed to calico.

Note that calico is not a proxy. Incoming connections are passed directly to instances of pounce(1), which handle TLS negotiation. Instances of pounce(1) and calico can be restarted independently of each other.

The arguments are as follows:

-H host

Bind to host. The default host is localhost.

-P port

Bind to port. The default port is 6697.

-t timeout

Set the timeout in milliseconds after which a connection will be closed if it has not sent the ClientHello message. The default timeout is 1000 milliseconds.

directory

The path to the directory containing pounce(1) UNIX-domain sockets.

EXAMPLES

Start and dispatch to two instances of pounce(1):

$ pounce -U /var/run/calico -H oftc.example.org oftc.conf
$ pounce -U /var/run/calico -H libera.example.org libera.conf
$ calico -H example.org /var/run/calico

The two instances can be connected to via oftc.example.org:6697 and libera.example.org:6697, respectively.

SEE ALSO

pounce(1)

STANDARDS

• D. Eastlake 3rd, Transport Layer Security (TLS) Extensions: Extension Definitions, IETF, RFC 6066, https://tools.ietf.org/html/rfc6066, January 2011.
• E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, IETF, RFC 8446, https://tools.ietf.org/html/rfc8446, August 2018.

AUTHORS

June McEnroe <june@causal.agency>

BUGS

Send mail to <list+pounce@causal.agency> or join #ascii.town on irc.tilde.chat.