Provided by: ipsvd_0.11.1-1_i386 bug

NAME

       sslio - SSL input/output for service programs

SYNOPSIS

       sslio  [-cv]  [-u  user] [-U user] [-/ root] [-C cert] [-K key] [-A ca]
       prog

DESCRIPTION

       sslio provides SSL encrypted network connections for  service  programs
       started by tcpsvd(8) or tcpserver(1), and tcpclient(1).

       Normally  sslio is started by tcpsvd(8) or tcpclient(1), in turn starts
       the service program prog, and runs as  child  process  of  the  service
       program.  After performing the SSL handshake, sslio reads SSL encrypted
       data from the network, and writes decrypted data to the service program
       prog;  it  reads  data  from  the  service program prog, and writes SSL
       encrypted data to the network.  sslio should run under a different user
       ID  than  the service program, and with a changed root directory.  When
       started by root, the -u option must be given, and the -U and -/ options
       should be given.

       The  sslio  program  uses  the  SSLv3  implementation  of the matrixssl
       library.

OPTIONS

       prog   prog consists of one or more arguments, specifying  the  service
              program normally run directly by tcpsvd(8), or tcpserver(1).

       -u user[:group]
              drop permissions.  Switch user ID to user’s UID, and group ID to
              user’s primary GID before reading data from, or writing data  to
              the  network.   If user is followed by a colon and a group name,
              the group ID is switched to  the  GID  of  group  instead.   All
              supplementary  groups are removed.  This option must be set when
              sslio is started by root, and cannot be set otherwise.

       -U user[:group]
              drop permissions.  Switch user ID to user’s UID, and group ID to
              user’s primary GID before starting the service program prog.  If
              user is followed by a colon and a group name, the  group  ID  is
              switched  to the GID of group instead.  All supplementary groups
              are removed.  This option should be set when sslio is started by
              root, and cannot be set otherwise.

       -/ root
              chroot.   Change  the root directory to root before reading data
              from, or writing data to the network.  This option should be set
              when sslio is started by root, and cannot be set otherwise.

       -C cert
              cert  file  (server  mode).   Read the certificate from the file
              cert (default is ‘‘./cert.pem’’).  If the -/  option  is  given,
              first the root directory is changed, then the cert file is read.

       -K key private key (server mode).  Read the private key from  the  file
              key  (default  is  cert).   If the -/ option is given, first the
              root directory is changed, then the private key is read.

       -A ca  ca file (client mode).  Read the trusted root  certificate  from
              the file ca.  Multiple files can be specified, using a semicolon
              as delimiter.  If  the  -/  option  is  given,  first  the  root
              directory is changed, then the ca file is read.

       -c     client mode.  This option must be given when running sslio under
              tcpclient(1).  In client mode, filedescriptors 6 and 7 are  used
              instead  of  standard  input and standard ouput to read from and
              write to the network and the service program.  If the -A  option
              is  given,  sslio  refuses  to  connect  to  a  servers  which’s
              certificates cannot be verified by  the  root  certificates,  it
              accepts any server certificate otherwise.

       -v     verbose.  Print verbose messages to standard error.

       -vv    more verbose.  Print more verbose messages to standard error.

       -vvv   even more verbose.  Print even more verbose messages to standard
              error.

ENVIRONMENT

       SSLIO_BUFIN
              The environment variable SSLIO_BUFIN overrides the default input
              buffer size for sslio (8192).

       SSLIO_BUFOU
              The  environment  variable  SSLIO_BUFOU  overrides  the  default
              output buffer size for sslio (12288).  If the output  buffer  is
              too   small   to   hold   encrypted  or  decrypted  data,  sslio
              automatically blows up the buffer to SSLIO_BUFOU more bytes.

SEE ALSO

       tcpsvd(8), udpsvd(8), ipsvd(7), ipsvd-instruct(5), ipsvd-cdb(8)

       http://smarden.org/ipsvd/

AUTHOR

       Gerrit Pape <pape@smarden.org>

                                                                      sslio(8)