-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathtlsc.1
104 lines (104 loc) · 2.52 KB
/
tlsc.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
.Dd April 28, 2016
.Dt TLSC 1
.Os
.Sh NAME
.Nm tlsc
.Nd UCSPI TLS Client
.Sh SYNOPSIS
.Nm tcpclient Ar host Ar port Nm tlsc
.Op Fl hsCHTV
.Op Fl F Ar fingerprint
.Op Fl n Ar hostname
.Op Fl c Ar cert_file
.Op Fl k Ar key_file
.Op Fl f Ar ca_file
.Op Fl p Ar ca_path
.Ar program
.Op args...
.Sh DESCRIPTION
The
.Nm
utility is a TLS client to be used in an UCSPI exec-chains.
.Nm
initializes the TLS tunnel an checks the server side certificate.
The certificate verification can be controlled by to following options.
The system CA certificates are used to verify the current connection
certificate by default.
With
.Fl f
.Nm
verifies the certificate chain based on one of the CA certificates stored in
.Ar ca_file
It is also possible to set a directory of CA certificate as trusted base with
.Fl p .
The options are as follows:
.Bl -tag -width Ds
.It Fl h
Show usage text.
.It Fl s
Show the servers certificate information and exits.
All certificate checks are deactivated in this case.
.It Fl c Ar cert_file
Uses first certificate in
.Ar cert_file
for client site authentication.
.It Fl k Ar key_file
Uses first private key in
.Ar key_file
for client site authentication.
.It Fl f Ar cafile
.Ar cafile
is a file of CA certificates in PEM format.
The file can contain several CA certificates.
.It Fl p Ar capath
.Ar capath
is a directory containing CA certificates in PEM format.
The files each contain one CA certificate.
.It Fl n Ar hostname
Uses
.Ar hostname
for hostname verification.
.It Fl F Ar fingerprint
sets the hash of the server certificate.
If the hash does not match than the connection is about after handshake.
(look at option
.Fl s
to get the fingerprint)
.It Fl H
Disables hostname verification.
.It Fl C
Disables certificate chain verification.
.It Fl T
Disables time verification.
.It Fl V
Disables certificate verification in general.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It TLSC_FINGERPRINT
sets fingerprint of the fingerprint.
If the fingerprint does not match than the connection is about after the TLS
handshake.
(look at option
.Fl s
to get the fingerprint)
.It TLSC_NO_VERIFICATION
turns of all kind of certificate verification.
.It TLSC_NO_HOST_VERIFICATION
turns of verification of the certificate hostname.
.It TLSC_NO_CERT_VERIFICATION
turns of verification of the certificate chain.
.It TLSC_NO_TIME_VERIFICATION
turns of verification of the certificate validation time.
.El
.Sh EXIT STATUS
.Ex -std
.Sh SEE ALSO
.Xr socks 1 ,
.Xr tcpclient 1
.Sh AUTHORS
.An -nosplit
The
.Nm
program was written by
.An Jan Klemkow Aq Mt [email protected] .