bf579e30a4
This change adds SOCKS5 support to the library fetch(3) and updates the man page. Details: Within the fetch_connect() function, fetch(3) checks if the SOCKS5_PROXY environment variable is set. If so, it connects to this host rather than the end-host. It then initializes the SOCKS5 connection in accordance with RFC 1928 and returns the resulting conn_t (file descriptor) for usage by the regular FTP/HTTP handlers. Design Decision: This change defaults all DNS resolutions through the proxy by sending all IPs as hostnames. Going forward, another feature might be to create another environmental variable to toggle resolutions through the proxy or not.. One may set the SOCKS5_PROXY environment variable in any of the formats: SOCKS5_PROXY=proxy.example.com SOCKS5_PROXY=proxy.example.com:1080 SOCKS5_PROXY=192.0.2.0 SOCKS5_PROXY=198.51.100.0:1080 SOCKS5_PROXY=[2001:db8::1] SOCKS5_PROXY=[2001:db8::2]:1080 Then perform a request with fetch(1). (note by kevans) I've since been informed that Void Linux/xbps has a fork of libfetch that also implements SOCKS5. I may compare/contrast the two in the mid-to-near future. Submitted by: Farhan Khan <farhan farhan codes> Differential Revision: https://reviews.freebsd.org/D18908
882 lines
23 KiB
Groff
882 lines
23 KiB
Groff
.\"-
|
|
.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav
|
|
.\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd August 28, 2019
|
|
.Dt FETCH 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm fetchMakeURL ,
|
|
.Nm fetchParseURL ,
|
|
.Nm fetchFreeURL ,
|
|
.Nm fetchXGetURL ,
|
|
.Nm fetchGetURL ,
|
|
.Nm fetchPutURL ,
|
|
.Nm fetchStatURL ,
|
|
.Nm fetchListURL ,
|
|
.Nm fetchXGet ,
|
|
.Nm fetchGet ,
|
|
.Nm fetchPut ,
|
|
.Nm fetchStat ,
|
|
.Nm fetchList ,
|
|
.Nm fetchXGetFile ,
|
|
.Nm fetchGetFile ,
|
|
.Nm fetchPutFile ,
|
|
.Nm fetchStatFile ,
|
|
.Nm fetchListFile ,
|
|
.Nm fetchXGetHTTP ,
|
|
.Nm fetchGetHTTP ,
|
|
.Nm fetchPutHTTP ,
|
|
.Nm fetchStatHTTP ,
|
|
.Nm fetchListHTTP ,
|
|
.Nm fetchReqHTTP ,
|
|
.Nm fetchXGetFTP ,
|
|
.Nm fetchGetFTP ,
|
|
.Nm fetchPutFTP ,
|
|
.Nm fetchStatFTP ,
|
|
.Nm fetchListFTP
|
|
.Nd file transfer functions
|
|
.Sh LIBRARY
|
|
.Lb libfetch
|
|
.Sh SYNOPSIS
|
|
.In sys/param.h
|
|
.In stdio.h
|
|
.In fetch.h
|
|
.Ft struct url *
|
|
.Fn fetchMakeURL "const char *scheme" "const char *host" "int port" "const char *doc" "const char *user" "const char *pwd"
|
|
.Ft struct url *
|
|
.Fn fetchParseURL "const char *URL"
|
|
.Ft void
|
|
.Fn fetchFreeURL "struct url *u"
|
|
.Ft FILE *
|
|
.Fn fetchXGetURL "const char *URL" "struct url_stat *us" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchGetURL "const char *URL" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchPutURL "const char *URL" "const char *flags"
|
|
.Ft int
|
|
.Fn fetchStatURL "const char *URL" "struct url_stat *us" "const char *flags"
|
|
.Ft struct url_ent *
|
|
.Fn fetchListURL "const char *URL" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchXGet "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchGet "struct url *u" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchPut "struct url *u" "const char *flags"
|
|
.Ft int
|
|
.Fn fetchStat "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft struct url_ent *
|
|
.Fn fetchList "struct url *u" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchXGetFile "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchGetFile "struct url *u" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchPutFile "struct url *u" "const char *flags"
|
|
.Ft int
|
|
.Fn fetchStatFile "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft struct url_ent *
|
|
.Fn fetchListFile "struct url *u" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchXGetHTTP "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchGetHTTP "struct url *u" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchPutHTTP "struct url *u" "const char *flags"
|
|
.Ft int
|
|
.Fn fetchStatHTTP "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft struct url_ent *
|
|
.Fn fetchListHTTP "struct url *u" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchReqHTTP "struct url *u" "const char *method" "const char *flags" "const char *content_type" "const char *body"
|
|
.Ft FILE *
|
|
.Fn fetchXGetFTP "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchGetFTP "struct url *u" "const char *flags"
|
|
.Ft FILE *
|
|
.Fn fetchPutFTP "struct url *u" "const char *flags"
|
|
.Ft int
|
|
.Fn fetchStatFTP "struct url *u" "struct url_stat *us" "const char *flags"
|
|
.Ft struct url_ent *
|
|
.Fn fetchListFTP "struct url *u" "const char *flags"
|
|
.Sh DESCRIPTION
|
|
These functions implement a high-level library for retrieving and
|
|
uploading files using Uniform Resource Locators (URLs).
|
|
.Pp
|
|
.Fn fetchParseURL
|
|
takes a URL in the form of a null-terminated string and splits it into
|
|
its components function according to the Common Internet Scheme Syntax
|
|
detailed in RFC1738.
|
|
A regular expression which produces this syntax is:
|
|
.Bd -literal
|
|
<scheme>:(//(<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)?
|
|
.Ed
|
|
.Pp
|
|
If the URL does not seem to begin with a scheme name, the following
|
|
syntax is assumed:
|
|
.Bd -literal
|
|
((<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)?
|
|
.Ed
|
|
.Pp
|
|
Note that some components of the URL are not necessarily relevant to
|
|
all URL schemes.
|
|
For instance, the file scheme only needs the <scheme> and <document>
|
|
components.
|
|
.Pp
|
|
.Fn fetchMakeURL
|
|
and
|
|
.Fn fetchParseURL
|
|
return a pointer to a
|
|
.Vt url
|
|
structure, which is defined as follows in
|
|
.In fetch.h :
|
|
.Bd -literal
|
|
#define URL_SCHEMELEN 16
|
|
#define URL_USERLEN 256
|
|
#define URL_PWDLEN 256
|
|
|
|
struct url {
|
|
char scheme[URL_SCHEMELEN+1];
|
|
char user[URL_USERLEN+1];
|
|
char pwd[URL_PWDLEN+1];
|
|
char host[MAXHOSTNAMELEN+1];
|
|
int port;
|
|
char *doc;
|
|
off_t offset;
|
|
size_t length;
|
|
time_t ims_time;
|
|
};
|
|
.Ed
|
|
.Pp
|
|
The
|
|
.Va ims_time
|
|
field stores the time value for
|
|
.Li If-Modified-Since
|
|
HTTP requests.
|
|
.Pp
|
|
The pointer returned by
|
|
.Fn fetchMakeURL
|
|
or
|
|
.Fn fetchParseURL
|
|
should be freed using
|
|
.Fn fetchFreeURL .
|
|
.Pp
|
|
.Fn fetchXGetURL ,
|
|
.Fn fetchGetURL ,
|
|
and
|
|
.Fn fetchPutURL
|
|
constitute the recommended interface to the
|
|
.Nm fetch
|
|
library.
|
|
They examine the URL passed to them to determine the transfer
|
|
method, and call the appropriate lower-level functions to perform the
|
|
actual transfer.
|
|
.Fn fetchXGetURL
|
|
also returns the remote document's metadata in the
|
|
.Vt url_stat
|
|
structure pointed to by the
|
|
.Fa us
|
|
argument.
|
|
.Pp
|
|
The
|
|
.Fa flags
|
|
argument is a string of characters which specify transfer options.
|
|
The
|
|
meaning of the individual flags is scheme-dependent, and is detailed
|
|
in the appropriate section below.
|
|
.Pp
|
|
.Fn fetchStatURL
|
|
attempts to obtain the requested document's metadata and fill in the
|
|
structure pointed to by its second argument.
|
|
The
|
|
.Vt url_stat
|
|
structure is defined as follows in
|
|
.In fetch.h :
|
|
.Bd -literal
|
|
struct url_stat {
|
|
off_t size;
|
|
time_t atime;
|
|
time_t mtime;
|
|
};
|
|
.Ed
|
|
.Pp
|
|
If the size could not be obtained from the server, the
|
|
.Fa size
|
|
field is set to -1.
|
|
If the modification time could not be obtained from the server, the
|
|
.Fa mtime
|
|
field is set to the epoch.
|
|
If the access time could not be obtained from the server, the
|
|
.Fa atime
|
|
field is set to the modification time.
|
|
.Pp
|
|
.Fn fetchListURL
|
|
attempts to list the contents of the directory pointed to by the URL
|
|
provided.
|
|
If successful, it returns a malloced array of
|
|
.Vt url_ent
|
|
structures.
|
|
The
|
|
.Vt url_ent
|
|
structure is defined as follows in
|
|
.In fetch.h :
|
|
.Bd -literal
|
|
struct url_ent {
|
|
char name[PATH_MAX];
|
|
struct url_stat stat;
|
|
};
|
|
.Ed
|
|
.Pp
|
|
The list is terminated by an entry with an empty name.
|
|
.Pp
|
|
The pointer returned by
|
|
.Fn fetchListURL
|
|
should be freed using
|
|
.Fn free .
|
|
.Pp
|
|
.Fn fetchXGet ,
|
|
.Fn fetchGet ,
|
|
.Fn fetchPut
|
|
and
|
|
.Fn fetchStat
|
|
are similar to
|
|
.Fn fetchXGetURL ,
|
|
.Fn fetchGetURL ,
|
|
.Fn fetchPutURL
|
|
and
|
|
.Fn fetchStatURL ,
|
|
except that they expect a pre-parsed URL in the form of a pointer to
|
|
a
|
|
.Vt struct url
|
|
rather than a string.
|
|
.Pp
|
|
All of the
|
|
.Fn fetchXGetXXX ,
|
|
.Fn fetchGetXXX
|
|
and
|
|
.Fn fetchPutXXX
|
|
functions return a pointer to a stream which can be used to read or
|
|
write data from or to the requested document, respectively.
|
|
Note that
|
|
although the implementation details of the individual access methods
|
|
vary, it can generally be assumed that a stream returned by one of the
|
|
.Fn fetchXGetXXX
|
|
or
|
|
.Fn fetchGetXXX
|
|
functions is read-only, and that a stream returned by one of the
|
|
.Fn fetchPutXXX
|
|
functions is write-only.
|
|
.Sh FILE SCHEME
|
|
.Fn fetchXGetFile ,
|
|
.Fn fetchGetFile
|
|
and
|
|
.Fn fetchPutFile
|
|
provide access to documents which are files in a locally mounted file
|
|
system.
|
|
Only the <document> component of the URL is used.
|
|
.Pp
|
|
.Fn fetchXGetFile
|
|
and
|
|
.Fn fetchGetFile
|
|
do not accept any flags.
|
|
.Pp
|
|
.Fn fetchPutFile
|
|
accepts the
|
|
.Ql a
|
|
(append to file) flag.
|
|
If that flag is specified, the data written to
|
|
the stream returned by
|
|
.Fn fetchPutFile
|
|
will be appended to the previous contents of the file, instead of
|
|
replacing them.
|
|
.Sh FTP SCHEME
|
|
.Fn fetchXGetFTP ,
|
|
.Fn fetchGetFTP
|
|
and
|
|
.Fn fetchPutFTP
|
|
implement the FTP protocol as described in RFC959.
|
|
.Pp
|
|
If the
|
|
.Ql P
|
|
(not passive) flag is specified, an active (rather than passive)
|
|
connection will be attempted.
|
|
.Pp
|
|
The
|
|
.Ql p
|
|
flag is supported for compatibility with earlier versions where active
|
|
connections were the default.
|
|
It has precedence over the
|
|
.Ql P
|
|
flag, so if both are specified,
|
|
.Nm
|
|
will use a passive connection.
|
|
.Pp
|
|
If the
|
|
.Ql l
|
|
(low) flag is specified, data sockets will be allocated in the low (or
|
|
default) port range instead of the high port range (see
|
|
.Xr ip 4 ) .
|
|
.Pp
|
|
If the
|
|
.Ql d
|
|
(direct) flag is specified,
|
|
.Fn fetchXGetFTP ,
|
|
.Fn fetchGetFTP
|
|
and
|
|
.Fn fetchPutFTP
|
|
will use a direct connection even if a proxy server is defined.
|
|
.Pp
|
|
If no user name or password is given, the
|
|
.Nm fetch
|
|
library will attempt an anonymous login, with user name "anonymous"
|
|
and password "anonymous@<hostname>".
|
|
.Sh HTTP SCHEME
|
|
The
|
|
.Fn fetchXGetHTTP ,
|
|
.Fn fetchGetHTTP ,
|
|
.Fn fetchPutHTTP
|
|
and
|
|
.Fn fetchReqHTTP
|
|
functions implement the HTTP/1.1 protocol.
|
|
With a little luck, there is
|
|
even a chance that they comply with RFC2616 and RFC2617.
|
|
.Pp
|
|
If the
|
|
.Ql d
|
|
(direct) flag is specified,
|
|
.Fn fetchXGetHTTP ,
|
|
.Fn fetchGetHTTP
|
|
and
|
|
.Fn fetchPutHTTP
|
|
will use a direct connection even if a proxy server is defined.
|
|
.Pp
|
|
If the
|
|
.Ql i
|
|
(if-modified-since) flag is specified, and
|
|
the
|
|
.Va ims_time
|
|
field is set in
|
|
.Vt "struct url" ,
|
|
then
|
|
.Fn fetchXGetHTTP
|
|
and
|
|
.Fn fetchGetHTTP
|
|
will send a conditional
|
|
.Li If-Modified-Since
|
|
HTTP header to only fetch the content if it is newer than
|
|
.Va ims_time .
|
|
.Pp
|
|
The function
|
|
.Fn fetchReqHTTP
|
|
can be used to make requests with an arbitrary HTTP verb,
|
|
including POST, DELETE, CONNECT, OPTIONS, TRACE or PATCH.
|
|
This can be done by setting the argument
|
|
.Fa method
|
|
to the intended verb, such as
|
|
.Ql POST ,
|
|
and
|
|
.Fa body
|
|
to the content.
|
|
.Pp
|
|
Since there seems to be no good way of implementing the HTTP PUT
|
|
method in a manner consistent with the rest of the
|
|
.Nm fetch
|
|
library,
|
|
.Fn fetchPutHTTP
|
|
is currently unimplemented.
|
|
.Sh HTTPS SCHEME
|
|
Based on HTTP SCHEME.
|
|
By default the peer is verified using the CA bundle located in
|
|
.Pa /usr/local/etc/ssl/cert.pem .
|
|
If this file does not exist,
|
|
.Pa /etc/ssl/cert.pem
|
|
is used instead.
|
|
If neither file exists, and
|
|
.Ev SSL_CA_CERT_PATH
|
|
has not been set,
|
|
OpenSSL's default CA cert and path settings apply.
|
|
The certificate bundle can contain multiple CA certificates.
|
|
A common source of a current CA bundle is
|
|
.Pa \%security/ca_root_nss .
|
|
.Pp
|
|
The CA bundle used for peer verification can be changed by setting the
|
|
environment variables
|
|
.Ev SSL_CA_CERT_FILE
|
|
to point to a concatenated bundle of trusted certificates and
|
|
.Ev SSL_CA_CERT_PATH
|
|
to point to a directory containing hashes of trusted CAs (see
|
|
.Xr verify 1 ) .
|
|
.Pp
|
|
A certificate revocation list (CRL) can be used by setting the
|
|
environment variable
|
|
.Ev SSL_CRL_FILE
|
|
(see
|
|
.Xr crl 1 ) .
|
|
.Pp
|
|
Peer verification can be disabled by setting the environment variable
|
|
.Ev SSL_NO_VERIFY_PEER .
|
|
Note that this also disables CRL checking.
|
|
.Pp
|
|
By default the service identity is verified according to the rules
|
|
detailed in RFC6125 (also known as hostname verification).
|
|
This feature can be disabled by setting the environment variable
|
|
.Ev SSL_NO_VERIFY_HOSTNAME .
|
|
.Pp
|
|
Client certificate based authentication is supported.
|
|
The environment variable
|
|
.Ev SSL_CLIENT_CERT_FILE
|
|
should be set to point to a file containing key and client certificate
|
|
to be used in PEM format.
|
|
When a PEM-format key is in a separate file from the client certificate,
|
|
the environment variable
|
|
.Ev SSL_CLIENT_KEY_FILE
|
|
can be set to point to the key file.
|
|
In case the key uses a password, the user will be prompted on standard
|
|
input (see
|
|
.Xr PEM 3 ) .
|
|
.Pp
|
|
By default
|
|
.Nm libfetch
|
|
allows TLSv1 and newer when negotiating the connecting with the remote
|
|
peer.
|
|
You can change this behavior by setting the
|
|
.Ev SSL_ALLOW_SSL3
|
|
environment variable to allow SSLv3 and
|
|
.Ev SSL_NO_TLS1 ,
|
|
.Ev SSL_NO_TLS1_1 and
|
|
.Ev SSL_NO_TLS1_2
|
|
to disable TLS 1.0, 1.1 and 1.2 respectively.
|
|
.Sh AUTHENTICATION
|
|
Apart from setting the appropriate environment variables and
|
|
specifying the user name and password in the URL or the
|
|
.Vt struct url ,
|
|
the calling program has the option of defining an authentication
|
|
function with the following prototype:
|
|
.Pp
|
|
.Ft int
|
|
.Fn myAuthMethod "struct url *u"
|
|
.Pp
|
|
The callback function should fill in the
|
|
.Fa user
|
|
and
|
|
.Fa pwd
|
|
fields in the provided
|
|
.Vt struct url
|
|
and return 0 on success, or any other value to indicate failure.
|
|
.Pp
|
|
To register the authentication callback, simply set
|
|
.Va fetchAuthMethod
|
|
to point at it.
|
|
The callback will be used whenever a site requires authentication and
|
|
the appropriate environment variables are not set.
|
|
.Pp
|
|
This interface is experimental and may be subject to change.
|
|
.Sh RETURN VALUES
|
|
.Fn fetchParseURL
|
|
returns a pointer to a
|
|
.Vt struct url
|
|
containing the individual components of the URL.
|
|
If it is
|
|
unable to allocate memory, or the URL is syntactically incorrect,
|
|
.Fn fetchParseURL
|
|
returns a NULL pointer.
|
|
.Pp
|
|
The
|
|
.Fn fetchStat
|
|
functions return 0 on success and -1 on failure.
|
|
.Pp
|
|
All other functions return a stream pointer which may be used to
|
|
access the requested document, or NULL if an error occurred.
|
|
.Pp
|
|
The following error codes are defined in
|
|
.In fetch.h :
|
|
.Bl -tag -width 18n
|
|
.It Bq Er FETCH_ABORT
|
|
Operation aborted
|
|
.It Bq Er FETCH_AUTH
|
|
Authentication failed
|
|
.It Bq Er FETCH_DOWN
|
|
Service unavailable
|
|
.It Bq Er FETCH_EXISTS
|
|
File exists
|
|
.It Bq Er FETCH_FULL
|
|
File system full
|
|
.It Bq Er FETCH_INFO
|
|
Informational response
|
|
.It Bq Er FETCH_MEMORY
|
|
Insufficient memory
|
|
.It Bq Er FETCH_MOVED
|
|
File has moved
|
|
.It Bq Er FETCH_NETWORK
|
|
Network error
|
|
.It Bq Er FETCH_OK
|
|
No error
|
|
.It Bq Er FETCH_PROTO
|
|
Protocol error
|
|
.It Bq Er FETCH_RESOLV
|
|
Resolver error
|
|
.It Bq Er FETCH_SERVER
|
|
Server error
|
|
.It Bq Er FETCH_TEMP
|
|
Temporary error
|
|
.It Bq Er FETCH_TIMEOUT
|
|
Operation timed out
|
|
.It Bq Er FETCH_UNAVAIL
|
|
File is not available
|
|
.It Bq Er FETCH_UNKNOWN
|
|
Unknown error
|
|
.It Bq Er FETCH_URL
|
|
Invalid URL
|
|
.El
|
|
.Pp
|
|
The accompanying error message includes a protocol-specific error code
|
|
and message, like "File is not available (404 Not Found)"
|
|
.Sh ENVIRONMENT
|
|
.Bl -tag -width ".Ev FETCH_BIND_ADDRESS"
|
|
.It Ev FETCH_BIND_ADDRESS
|
|
Specifies a hostname or IP address to which sockets used for outgoing
|
|
connections will be bound.
|
|
.It Ev FTP_LOGIN
|
|
Default FTP login if none was provided in the URL.
|
|
.It Ev FTP_PASSIVE_MODE
|
|
If set to
|
|
.Ql no ,
|
|
forces the FTP code to use active mode.
|
|
If set to any other value, forces passive mode even if the application
|
|
requested active mode.
|
|
.It Ev FTP_PASSWORD
|
|
Default FTP password if the remote server requests one and none was
|
|
provided in the URL.
|
|
.It Ev FTP_PROXY
|
|
URL of the proxy to use for FTP requests.
|
|
The document part is ignored.
|
|
FTP and HTTP proxies are supported; if no scheme is specified, FTP is
|
|
assumed.
|
|
If the proxy is an FTP proxy,
|
|
.Nm libfetch
|
|
will send
|
|
.Ql user@host
|
|
as user name to the proxy, where
|
|
.Ql user
|
|
is the real user name, and
|
|
.Ql host
|
|
is the name of the FTP server.
|
|
.Pp
|
|
If this variable is set to an empty string, no proxy will be used for
|
|
FTP requests, even if the
|
|
.Ev HTTP_PROXY
|
|
variable is set.
|
|
.It Ev ftp_proxy
|
|
Same as
|
|
.Ev FTP_PROXY ,
|
|
for compatibility.
|
|
.It Ev HTTP_ACCEPT
|
|
Specifies the value of the
|
|
.Va Accept
|
|
header for HTTP requests.
|
|
If empty, no
|
|
.Va Accept
|
|
header is sent.
|
|
The default is
|
|
.Dq */* .
|
|
.It Ev HTTP_AUTH
|
|
Specifies HTTP authorization parameters as a colon-separated list of
|
|
items.
|
|
The first and second item are the authorization scheme and realm
|
|
respectively; further items are scheme-dependent.
|
|
Currently, the
|
|
.Dq basic
|
|
and
|
|
.Dq digest
|
|
authorization methods are supported.
|
|
.Pp
|
|
Both methods require two parameters: the user name and
|
|
password, in that order.
|
|
.Pp
|
|
This variable is only used if the server requires authorization and
|
|
no user name or password was specified in the URL.
|
|
.It Ev HTTP_PROXY
|
|
URL of the proxy to use for HTTP requests.
|
|
The document part is ignored.
|
|
Only HTTP proxies are supported for HTTP requests.
|
|
If no port number is specified, the default is 3128.
|
|
.Pp
|
|
Note that this proxy will also be used for FTP documents, unless the
|
|
.Ev FTP_PROXY
|
|
variable is set.
|
|
.It Ev http_proxy
|
|
Same as
|
|
.Ev HTTP_PROXY ,
|
|
for compatibility.
|
|
.It Ev HTTP_PROXY_AUTH
|
|
Specifies authorization parameters for the HTTP proxy in the same
|
|
format as the
|
|
.Ev HTTP_AUTH
|
|
variable.
|
|
.Pp
|
|
This variable is used if and only if connected to an HTTP proxy, and
|
|
is ignored if a user and/or a password were specified in the proxy
|
|
URL.
|
|
.It Ev HTTP_REFERER
|
|
Specifies the referrer URL to use for HTTP requests.
|
|
If set to
|
|
.Dq auto ,
|
|
the document URL will be used as referrer URL.
|
|
.It Ev HTTP_USER_AGENT
|
|
Specifies the User-Agent string to use for HTTP requests.
|
|
This can be useful when working with HTTP origin or proxy servers that
|
|
differentiate between user agents.
|
|
If defined but empty, no User-Agent header is sent.
|
|
.It Ev NETRC
|
|
Specifies a file to use instead of
|
|
.Pa ~/.netrc
|
|
to look up login names and passwords for FTP and HTTP sites as well as
|
|
HTTP proxies.
|
|
See
|
|
.Xr ftp 1
|
|
for a description of the file format.
|
|
.It Ev NO_PROXY
|
|
Either a single asterisk, which disables the use of proxies
|
|
altogether, or a comma- or whitespace-separated list of hosts for
|
|
which proxies should not be used.
|
|
.It Ev no_proxy
|
|
Same as
|
|
.Ev NO_PROXY ,
|
|
for compatibility.
|
|
.It Ev SOCKS5_PROXY
|
|
Uses SOCKS version 5 to make connection.
|
|
The format must be the IP or hostname followed by a colon for the port.
|
|
IPv6 addresses must enclose the address in brackets.
|
|
If no port is specified, the default is 1080.
|
|
This setting will supercede a connection to an
|
|
.Ev HTTP_PROXY .
|
|
.It Ev SSL_ALLOW_SSL3
|
|
Allow SSL version 3 when negotiating the connection (not recommended).
|
|
.It Ev SSL_CA_CERT_FILE
|
|
CA certificate bundle containing trusted CA certificates.
|
|
Default value: See HTTPS SCHEME above.
|
|
.It Ev SSL_CA_CERT_PATH
|
|
Path containing trusted CA hashes.
|
|
.It Ev SSL_CLIENT_CERT_FILE
|
|
PEM encoded client certificate/key which will be used in
|
|
client certificate authentication.
|
|
.It Ev SSL_CLIENT_KEY_FILE
|
|
PEM encoded client key in case key and client certificate
|
|
are stored separately.
|
|
.It Ev SSL_CRL_FILE
|
|
File containing certificate revocation list.
|
|
.It Ev SSL_NO_TLS1
|
|
Do not allow TLS version 1.0 when negotiating the connection.
|
|
.It Ev SSL_NO_TLS1_1
|
|
Do not allow TLS version 1.1 when negotiating the connection.
|
|
.It Ev SSL_NO_TLS1_2
|
|
Do not allow TLS version 1.2 when negotiating the connection.
|
|
.It Ev SSL_NO_VERIFY_HOSTNAME
|
|
If set, do not verify that the hostname matches the subject of the
|
|
certificate presented by the server.
|
|
.It Ev SSL_NO_VERIFY_PEER
|
|
If set, do not verify the peer certificate against trusted CAs.
|
|
.El
|
|
.Sh EXAMPLES
|
|
To access a proxy server on
|
|
.Pa proxy.example.com
|
|
port 8080, set the
|
|
.Ev HTTP_PROXY
|
|
environment variable in a manner similar to this:
|
|
.Pp
|
|
.Dl HTTP_PROXY=http://proxy.example.com:8080
|
|
.Pp
|
|
If the proxy server requires authentication, there are
|
|
two options available for passing the authentication data.
|
|
The first method is by using the proxy URL:
|
|
.Pp
|
|
.Dl HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:8080
|
|
.Pp
|
|
The second method is by using the
|
|
.Ev HTTP_PROXY_AUTH
|
|
environment variable:
|
|
.Bd -literal -offset indent
|
|
HTTP_PROXY=http://proxy.example.com:8080
|
|
HTTP_PROXY_AUTH=basic:*:<user>:<pwd>
|
|
.Ed
|
|
.Pp
|
|
To disable the use of a proxy for an HTTP server running on the local
|
|
host, define
|
|
.Ev NO_PROXY
|
|
as follows:
|
|
.Bd -literal -offset indent
|
|
NO_PROXY=localhost,127.0.0.1
|
|
.Ed
|
|
.Pp
|
|
To use a SOCKS5 proxy, set the
|
|
.Ev SOCKS5_PROXY
|
|
environment variable to a
|
|
valid host or IP followed by an optional colon and the port.
|
|
IPv6 addresses must be enclosed in brackets.
|
|
The following are examples of valid settings:
|
|
.Bd -literal -offset indent
|
|
SOCKS5_PROXY=proxy.example.com
|
|
SOCKS5_PROXY=proxy.example.com:1080
|
|
SOCKS5_PROXY=192.0.2.0
|
|
SOCKS5_PROXY=198.51.100.0:1080
|
|
SOCKS5_PROXY=[2001:db8::1]
|
|
SOCKS5_PROXY=[2001:db8::2]:1080
|
|
.Ed
|
|
.Pp
|
|
Access HTTPS website without any certificate verification whatsoever:
|
|
.Bd -literal -offset indent
|
|
SSL_NO_VERIFY_PEER=1
|
|
SSL_NO_VERIFY_HOSTNAME=1
|
|
.Ed
|
|
.Pp
|
|
Access HTTPS website using client certificate based authentication
|
|
and a private CA:
|
|
.Bd -literal -offset indent
|
|
SSL_CLIENT_CERT_FILE=/path/to/client.pem
|
|
SSL_CA_CERT_FILE=/path/to/myca.pem
|
|
.Ed
|
|
.Sh SEE ALSO
|
|
.Xr fetch 1 ,
|
|
.Xr ip 4
|
|
.Rs
|
|
.%A J. Postel
|
|
.%A J. K. Reynolds
|
|
.%D October 1985
|
|
.%B File Transfer Protocol
|
|
.%O RFC959
|
|
.Re
|
|
.Rs
|
|
.%A P. Deutsch
|
|
.%A A. Emtage
|
|
.%A A. Marine.
|
|
.%D May 1994
|
|
.%T How to Use Anonymous FTP
|
|
.%O RFC1635
|
|
.Re
|
|
.Rs
|
|
.%A T. Berners-Lee
|
|
.%A L. Masinter
|
|
.%A M. McCahill
|
|
.%D December 1994
|
|
.%T Uniform Resource Locators (URL)
|
|
.%O RFC1738
|
|
.Re
|
|
.Rs
|
|
.%A R. Fielding
|
|
.%A J. Gettys
|
|
.%A J. Mogul
|
|
.%A H. Frystyk
|
|
.%A L. Masinter
|
|
.%A P. Leach
|
|
.%A T. Berners-Lee
|
|
.%D January 1999
|
|
.%B Hypertext Transfer Protocol -- HTTP/1.1
|
|
.%O RFC2616
|
|
.Re
|
|
.Rs
|
|
.%A J. Franks
|
|
.%A P. Hallam-Baker
|
|
.%A J. Hostetler
|
|
.%A S. Lawrence
|
|
.%A P. Leach
|
|
.%A A. Luotonen
|
|
.%A L. Stewart
|
|
.%D June 1999
|
|
.%B HTTP Authentication: Basic and Digest Access Authentication
|
|
.%O RFC2617
|
|
.Re
|
|
.Sh HISTORY
|
|
The
|
|
.Nm fetch
|
|
library first appeared in
|
|
.Fx 3.0 .
|
|
.Sh AUTHORS
|
|
.An -nosplit
|
|
The
|
|
.Nm fetch
|
|
library was mostly written by
|
|
.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org
|
|
with numerous suggestions and contributions from
|
|
.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org ,
|
|
.An Eugene Skepner Aq Mt eu@qub.com ,
|
|
.An Hajimu Umemoto Aq Mt ume@FreeBSD.org ,
|
|
.An Henry Whincup Aq Mt henry@techiebod.com ,
|
|
.An Jukka A. Ukkonen Aq Mt jau@iki.fi ,
|
|
.An Jean-Fran\(,cois Dockes Aq Mt jf@dockes.org ,
|
|
.An Michael Gmelin Aq Mt freebsd@grem.de
|
|
and others.
|
|
It replaces the older
|
|
.Nm ftpio
|
|
library written by
|
|
.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org
|
|
and
|
|
.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org .
|
|
.Pp
|
|
This manual page was written by
|
|
.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org
|
|
and
|
|
.An Michael Gmelin Aq Mt freebsd@grem.de .
|
|
.Sh BUGS
|
|
Some parts of the library are not yet implemented.
|
|
The most notable
|
|
examples of this are
|
|
.Fn fetchPutHTTP ,
|
|
.Fn fetchListHTTP ,
|
|
.Fn fetchListFTP
|
|
and FTP proxy support.
|
|
.Pp
|
|
There is no way to select a proxy at run-time other than setting the
|
|
.Ev HTTP_PROXY
|
|
or
|
|
.Ev FTP_PROXY
|
|
environment variables as appropriate.
|
|
.Pp
|
|
.Nm libfetch
|
|
does not understand or obey 305 (Use Proxy) replies.
|
|
.Pp
|
|
Error numbers are unique only within a certain context; the error
|
|
codes used for FTP and HTTP overlap, as do those used for resolver and
|
|
system errors.
|
|
For instance, error code 202 means "Command not
|
|
implemented, superfluous at this site" in an FTP context and
|
|
"Accepted" in an HTTP context.
|
|
.Pp
|
|
.Fn fetchStatFTP
|
|
does not check that the result of an MDTM command is a valid date.
|
|
.Pp
|
|
In case password protected keys are used for client certificate based
|
|
authentication the user is prompted for the password on each and every
|
|
fetch operation.
|
|
.Pp
|
|
The man page is incomplete, poorly written and produces badly
|
|
formatted text.
|
|
.Pp
|
|
The error reporting mechanism is unsatisfactory.
|
|
.Pp
|
|
Some parts of the code are not fully reentrant.
|