SYNOPSIS
sslclient [ opts ] host port prog
DESCRIPTION
opts is a series of getopt-style options, host is a host name for the
client to connect to, and prog is one or more arguments specifying a
program to run for each successful connection.
sslclient attempts to connect to a TCP server at host port. The
server's address is given by host and port. host may be 0, which is
identical to 127.0.0.1, or ::1 referring to the IPv6 loopback address,
a compactified IPv6 address, a dotted-decimal IPv4 address, or a host
name. If a host name is given, sslclient faciliates a DNS lookup and
tries each address in turn.
If the connection succeeds, sslclient runs prog, with file descriptors
6 and 7 reading from and writing to a child process ssl. The ssl
process attempts an SSL connect via the network. If it succeeds, it
translates data between prog and the network, performing any necessary
SSL encoding and decoding.
Before running prog, sslclient sets certain environment variables.
OPTIONS
General Options:
-q Quiet. Do not print error messages.
-Q (Default.) Print error messages.
-v Verbose. Print error messages and status messages.
Connection options:
-4 Use IPv4 sockets for connections and DNS queries.
-6 Force IPv6 mode for connections and set up in UCSPI environment
variables.
-T x+y Give up on the connection attempt or SSL connection attempt
after x+y seconds. The default value is: 2+58. When a host has
several IP addresses, sslclient tries to connect to the first IP
address, waits x seconds, tries to connect to the second IP
address, waits - Ix seconds, etc.; then it retries each address
that timed out, waiting y seconds per address. You may omit +y
to skip the second try.
-i localip
Use localip as the IP address for the local side of the
connection; quit if localip is not available. Normally sslclient
lets the operating system choose an address.
for IPv6 sockets and needed if you use link-local IPv6
addresses.
-M (Default.) No Server Name Indications are present.
-m Employ Server Name Indication (SNI) for the given hostname in
the Client Helo.
Note: You can use DNSCACHEIP to set the DNS resolver IP
dynamically.
X509 certificate handling:
-3 Read a null-terminated key password from file descriptor 3.
-a cafile
Override the compiled-in CA file name. The CA file contains the
list of CAs used to verify the server certificate.
-A cadir
Override the compiled-in CA directory name. The CA directory
contains certificates files used to verify the client
certificate. This list augments the list from -a cafile.
-c certfile
Use the client certificate in certfile.
-k keyfile
Use the client certificate key in keyfile.
-V verifydepth
Verify the server certificate chain to depth verifydepth. The
default value is 1.
-z ciphers
Use the cipher list specified in ciphers.
-x (Default.) Verify the server certificate.
-X Do not verify the server certificate.
-n (Default.) Verify that the server host name matches the FQDN
provided in the certificate.
-N Do not verify that the server host name matches the FQDN
provided in the certificate.
Data-gathering options:
-h (Default.) Look up the remote host name in DNS to set the
environment variable $SSLREMOTEHOST.
-t n Give up on the $SSLREMOTEINFO connection attempt after n
seconds. The default value is: 26.
-w n Give up on a connection or program after waiting n seconds for
read or write. The default value is: 3600.
-s Store client and server certificate information in the
environment, a la mod_ssl.
-S (Default.) Do not store client and server certificate
information in the environment.
-e Set protocol environment a la tcpserver. Set $PROTO,
$TCPLOCALIP, $TCPLOCALPORT, $TCPLOCALHOST, $TCPREMOTEIP,
$TCPREMOTEPORT, $TCPREMOTEHOST, and $TCPREMOTEINFO from the
corresponding $SSL variables.
-E (Default.) Do not set any tcpserver environment variables.
SEE ALSO
sslserver(1), sslhandle(1), sslconnect(1), sslcat(1), https@(1), ucspi-
tls(2), tcpclient(1), tcpserver(1), tcp-environ(5).
REFERENCE
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
sslclient(1)
Man(1) output converted with
man2html