Sophie

Sophie

distrib > Mandriva > 2007.0 > i586 > media > contrib-release > by-pkgid > 523e7737d513df7961f3974d8bcbf214 > files > 15

ipsvd-0.12.0-1mdv2007.0.i586.rpm




<html>
<head>
<title>sslio(8) manual page</title>
</head>
<body bgcolor='white'>
<a href='http://smarden.org/pape/'>G. Pape</a><br><a href='index.html'>ipsvd</a><hr>

<h2><a name='sect0'>Name</a></h2>
sslio - SSL input/output for service programs 
<h2><a name='sect1'>Synopsis</a></h2>
<b>sslio</b> [-cv] [-u
<i>user</i>] [-U <i>user</i>] [-/ <i>root</i>] [-C <i>cert</i>] [-K <i>key</i>] [-A <i>ca</i>] <i>prog</i> 
<h2><a name='sect2'>Description</a></h2>
<b>sslio</b> provides
SSL encrypted network connections for service programs started by <i><b>tcpsvd</b>(8)</i>
or <i><b>tcpserver</b>(1)</i>, and <i><b>tcpclient</b>(1)</i>. <p>
Normally <b>sslio</b> is started by <i><b>tcpsvd</b>(8)</i>
or <i><b>tcpclient(1)</i>,</b> in turn starts the service program <i>prog</i>, and runs as child
process of the service program. After performing the SSL handshake, <b>sslio</b>
reads SSL encrypted data from the network, and writes decrypted data to
the service program <i>prog</i>; it reads data from the service program <i>prog</i>,
and writes SSL encrypted data to the network. <b>sslio</b> should run under a different
user ID than the service program, and with a changed root directory. When
started by root, the -u option must be given, and the -U and -/ options should
be given. <p>
The <b>sslio</b> program uses the SSLv3 implementation of the matrixssl
library. 
<h2><a name='sect3'>Options</a></h2>

<dl>

<dt><i>prog</i> </dt>
<dd><i>prog</i> consists of one or more arguments, specifying
the service program normally run directly by <i><b>tcpsvd</b>(8)</i>, or <i><b>tcpserver</b>(1)</i>.
</dd>

<dt><b>-u <i>user</i>[:<i>group</i>]</b> </dt>
<dd>drop permissions. Switch user ID to <i>user</i>&rsquo;s UID, and group
ID to <i>user</i>&rsquo;s primary GID before reading data from, or writing data to the
network. If <i>user</i> is followed by a colon and a group name, the group ID is
switched to the GID of <i>group</i> instead. All supplementary groups are removed.
This option must be set when <b>sslio</b> is started by root, and cannot be set
otherwise. </dd>

<dt><b>-U <i>user</i>[:<i>group</i>]</b> </dt>
<dd>drop permissions. Switch user ID to <i>user</i>&rsquo;s UID,
and group ID to <i>user</i>&rsquo;s primary GID before starting the service program <i>prog</i>.
If <i>user</i> is followed by a colon and a group name, the group ID is switched
to the GID of <i>group</i> instead. All supplementary groups are removed. This option
should be set when <b>sslio</b> is started by root, and cannot be set otherwise.
</dd>

<dt><b>-/ <i>root</b> </i></dt>
<dd>chroot. Change the root directory to <i>root</i> before reading data from,
or writing data to the network. This option should be set when <b>sslio</b> is
started by root, and cannot be set otherwise. </dd>

<dt><b>-C <i>cert</b> </i></dt>
<dd>cert file (server mode).
Read the certificate from the file <i>cert</i> (default is &lsquo;&lsquo;./cert.pem&rsquo;&rsquo;). If the -/
option is given, first the root directory is changed, then the cert file
is read. </dd>

<dt><b>-K <i>key</b> </i></dt>
<dd>private key (server mode). Read the private key from the file
<i>key</i> (default is <i>cert</i>). If the -/ option is given, first the root directory
is changed, then the private key is read. </dd>

<dt><b>-A <i>ca</b> </i></dt>
<dd>ca file (client mode). Read
the trusted root certificate from the file <i>ca</i>. Multiple files can be specified,
using a semicolon as delimiter. If the -/ option is given, first the root
directory is changed, then the ca file is read. </dd>

<dt><b>-c</b> </dt>
<dd>client mode. This option
must be given when running <b>sslio</b> under <i><b>tcpclient</b>(1)</i>. In client mode, filedescriptors
6 and 7 are used instead of standard input and standard ouput to read from
and write to the network and the service program. If the -A option is given,
<b>sslio</b> refuses to connect to a servers which&rsquo;s certificates cannot be verified
by the root certificates, it accepts any server certificate otherwise. </dd>

<dt><b>-v</b>
</dt>
<dd>verbose. Print verbose messages to standard error. </dd>

<dt><b>-vv</b> </dt>
<dd>more verbose. Print
more verbose messages to standard error. </dd>

<dt><b>-vvv</b> </dt>
<dd>even more verbose. Print even
more verbose messages to standard error. </dd>
</dl>

<h2><a name='sect4'>Environment</a></h2>

<dl>

<dt>SSLIO_BUFIN </dt>
<dd>The environment
variable <i>SSLIO_BUFIN</i> overrides the default input buffer size for <b>sslio</b>
(8192). </dd>

<dt>SSLIO_BUFOU </dt>
<dd>The environment variable <i>SSLIO_BUFOU</i> overrides the default
output buffer size for <b>sslio</b> (12288). If the output buffer is too small
to hold encrypted or decrypted data, <b>sslio</b> automatically blows up the buffer
to <i>SSLIO_BUFOU</i> more bytes. </dd>
</dl>

<h2><a name='sect5'>See Also</a></h2>
<i>sslsvd(8)</i>, <i>tcpsvd(8)</i>, <i>udpsvd(8)</i>, <i>ipsvd(7)</i>,
<i>ipsvd-instruct(5)</i>, <i>ipsvd-cdb(8)</i> <p>
<i>http://smarden.org/ipsvd/</i> 
<h2><a name='sect6'>Author</a></h2>
Gerrit Pape
&lt;pape@smarden.org&gt; <p>

<hr><p>
<a name='toc'><b>Table of Contents</b></a><p>
<ul>
<li><a name='toc0' href='#sect0'>Name</a></li>
<li><a name='toc1' href='#sect1'>Synopsis</a></li>
<li><a name='toc2' href='#sect2'>Description</a></li>
<li><a name='toc3' href='#sect3'>Options</a></li>
<li><a name='toc4' href='#sect4'>Environment</a></li>
<li><a name='toc5' href='#sect5'>See Also</a></li>
<li><a name='toc6' href='#sect6'>Author</a></li>
</ul>
</body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional