fetch.3
1 .\"- 2 .\" Copyright (c) 1998-2013 Dag-Erling Smørgrav 3 .\" Copyright (c) 2013 Michael Gmelin <freebsd@grem.de> 4 .\" All rights reserved. 5 .\" 6 .\" Redistribution and use in source and binary forms, with or without 7 .\" modification, are permitted provided that the following conditions 8 .\" are met: 9 .\" 1. Redistributions of source code must retain the above copyright 10 .\" notice, this list of conditions and the following disclaimer. 11 .\" 2. Redistributions in binary form must reproduce the above copyright 12 .\" notice, this list of conditions and the following disclaimer in the 13 .\" documentation and/or other materials provided with the distribution. 14 .\" 15 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 .\" SUCH DAMAGE. 26 .\" 27 .\" $FreeBSD: head/lib/libfetch/fetch.3 273124 2014-10-15 07:35:50Z des $ 28 .\" 29 .Dd October 15, 2014 30 .Dt FETCH 3 31 .Os 32 .Sh NAME 33 .Nm fetchMakeURL , 34 .Nm fetchParseURL , 35 .Nm fetchFreeURL , 36 .Nm fetchXGetURL , 37 .Nm fetchGetURL , 38 .Nm fetchPutURL , 39 .Nm fetchStatURL , 40 .Nm fetchListURL , 41 .Nm fetchXGet , 42 .Nm fetchGet , 43 .Nm fetchPut , 44 .Nm fetchStat , 45 .Nm fetchList , 46 .Nm fetchXGetFile , 47 .Nm fetchGetFile , 48 .Nm fetchPutFile , 49 .Nm fetchStatFile , 50 .Nm fetchListFile , 51 .Nm fetchXGetHTTP , 52 .Nm fetchGetHTTP , 53 .Nm fetchPutHTTP , 54 .Nm fetchStatHTTP , 55 .Nm fetchListHTTP , 56 .Nm fetchXGetFTP , 57 .Nm fetchGetFTP , 58 .Nm fetchPutFTP , 59 .Nm fetchStatFTP , 60 .Nm fetchListFTP 61 .Nd file transfer functions 62 .Sh LIBRARY 63 .Lb libfetch 64 .Sh SYNOPSIS 65 .In sys/param.h 66 .In stdio.h 67 .In fetch.h 68 .Ft struct url * 69 .Fn fetchMakeURL "const char *scheme" "const char *host" "int port" "const char *doc" "const char *user" "const char *pwd" 70 .Ft struct url * 71 .Fn fetchParseURL "const char *URL" 72 .Ft void 73 .Fn fetchFreeURL "struct url *u" 74 .Ft FILE * 75 .Fn fetchXGetURL "const char *URL" "struct url_stat *us" "const char *flags" 76 .Ft FILE * 77 .Fn fetchGetURL "const char *URL" "const char *flags" 78 .Ft FILE * 79 .Fn fetchPutURL "const char *URL" "const char *flags" 80 .Ft int 81 .Fn fetchStatURL "const char *URL" "struct url_stat *us" "const char *flags" 82 .Ft struct url_ent * 83 .Fn fetchListURL "const char *URL" "const char *flags" 84 .Ft FILE * 85 .Fn fetchXGet "struct url *u" "struct url_stat *us" "const char *flags" 86 .Ft FILE * 87 .Fn fetchGet "struct url *u" "const char *flags" 88 .Ft FILE * 89 .Fn fetchPut "struct url *u" "const char *flags" 90 .Ft int 91 .Fn fetchStat "struct url *u" "struct url_stat *us" "const char *flags" 92 .Ft struct url_ent * 93 .Fn fetchList "struct url *u" "const char *flags" 94 .Ft FILE * 95 .Fn fetchXGetFile "struct url *u" "struct url_stat *us" "const char *flags" 96 .Ft FILE * 97 .Fn fetchGetFile "struct url *u" "const char *flags" 98 .Ft FILE * 99 .Fn fetchPutFile "struct url *u" "const char *flags" 100 .Ft int 101 .Fn fetchStatFile "struct url *u" "struct url_stat *us" "const char *flags" 102 .Ft struct url_ent * 103 .Fn fetchListFile "struct url *u" "const char *flags" 104 .Ft FILE * 105 .Fn fetchXGetHTTP "struct url *u" "struct url_stat *us" "const char *flags" 106 .Ft FILE * 107 .Fn fetchGetHTTP "struct url *u" "const char *flags" 108 .Ft FILE * 109 .Fn fetchPutHTTP "struct url *u" "const char *flags" 110 .Ft int 111 .Fn fetchStatHTTP "struct url *u" "struct url_stat *us" "const char *flags" 112 .Ft struct url_ent * 113 .Fn fetchListHTTP "struct url *u" "const char *flags" 114 .Ft FILE * 115 .Fn fetchXGetFTP "struct url *u" "struct url_stat *us" "const char *flags" 116 .Ft FILE * 117 .Fn fetchGetFTP "struct url *u" "const char *flags" 118 .Ft FILE * 119 .Fn fetchPutFTP "struct url *u" "const char *flags" 120 .Ft int 121 .Fn fetchStatFTP "struct url *u" "struct url_stat *us" "const char *flags" 122 .Ft struct url_ent * 123 .Fn fetchListFTP "struct url *u" "const char *flags" 124 .Sh DESCRIPTION 125 These functions implement a high-level library for retrieving and 126 uploading files using Uniform Resource Locators (URLs). 127 .Pp 128 .Fn fetchParseURL 129 takes a URL in the form of a null-terminated string and splits it into 130 its components function according to the Common Internet Scheme Syntax 131 detailed in RFC1738. 132 A regular expression which produces this syntax is: 133 .Bd -literal 134 <scheme>:(//(<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 135 .Ed 136 .Pp 137 If the URL does not seem to begin with a scheme name, the following 138 syntax is assumed: 139 .Bd -literal 140 ((<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 141 .Ed 142 .Pp 143 Note that some components of the URL are not necessarily relevant to 144 all URL schemes. 145 For instance, the file scheme only needs the <scheme> and <document> 146 components. 147 .Pp 148 .Fn fetchMakeURL 149 and 150 .Fn fetchParseURL 151 return a pointer to a 152 .Vt url 153 structure, which is defined as follows in 154 .In fetch.h : 155 .Bd -literal 156 #define URL_SCHEMELEN 16 157 #define URL_USERLEN 256 158 #define URL_PWDLEN 256 159 160 struct url { 161 char scheme[URL_SCHEMELEN+1]; 162 char user[URL_USERLEN+1]; 163 char pwd[URL_PWDLEN+1]; 164 char host[MAXHOSTNAMELEN+1]; 165 int port; 166 char *doc; 167 off_t offset; 168 size_t length; 169 time_t ims_time; 170 }; 171 .Ed 172 .Pp 173 The 174 .Va ims_time 175 field stores the time value for 176 .Li If-Modified-Since 177 HTTP requests. 178 .Pp 179 The pointer returned by 180 .Fn fetchMakeURL 181 or 182 .Fn fetchParseURL 183 should be freed using 184 .Fn fetchFreeURL . 185 .Pp 186 .Fn fetchXGetURL , 187 .Fn fetchGetURL , 188 and 189 .Fn fetchPutURL 190 constitute the recommended interface to the 191 .Nm fetch 192 library. 193 They examine the URL passed to them to determine the transfer 194 method, and call the appropriate lower-level functions to perform the 195 actual transfer. 196 .Fn fetchXGetURL 197 also returns the remote document's metadata in the 198 .Vt url_stat 199 structure pointed to by the 200 .Fa us 201 argument. 202 .Pp 203 The 204 .Fa flags 205 argument is a string of characters which specify transfer options. 206 The 207 meaning of the individual flags is scheme-dependent, and is detailed 208 in the appropriate section below. 209 .Pp 210 .Fn fetchStatURL 211 attempts to obtain the requested document's metadata and fill in the 212 structure pointed to by its second argument. 213 The 214 .Vt url_stat 215 structure is defined as follows in 216 .In fetch.h : 217 .Bd -literal 218 struct url_stat { 219 off_t size; 220 time_t atime; 221 time_t mtime; 222 }; 223 .Ed 224 .Pp 225 If the size could not be obtained from the server, the 226 .Fa size 227 field is set to -1. 228 If the modification time could not be obtained from the server, the 229 .Fa mtime 230 field is set to the epoch. 231 If the access time could not be obtained from the server, the 232 .Fa atime 233 field is set to the modification time. 234 .Pp 235 .Fn fetchListURL 236 attempts to list the contents of the directory pointed to by the URL 237 provided. 238 If successful, it returns a malloced array of 239 .Vt url_ent 240 structures. 241 The 242 .Vt url_ent 243 structure is defined as follows in 244 .In fetch.h : 245 .Bd -literal 246 struct url_ent { 247 char name[PATH_MAX]; 248 struct url_stat stat; 249 }; 250 .Ed 251 .Pp 252 The list is terminated by an entry with an empty name. 253 .Pp 254 The pointer returned by 255 .Fn fetchListURL 256 should be freed using 257 .Fn free . 258 .Pp 259 .Fn fetchXGet , 260 .Fn fetchGet , 261 .Fn fetchPut 262 and 263 .Fn fetchStat 264 are similar to 265 .Fn fetchXGetURL , 266 .Fn fetchGetURL , 267 .Fn fetchPutURL 268 and 269 .Fn fetchStatURL , 270 except that they expect a pre-parsed URL in the form of a pointer to 271 a 272 .Vt struct url 273 rather than a string. 274 .Pp 275 All of the 276 .Fn fetchXGetXXX , 277 .Fn fetchGetXXX 278 and 279 .Fn fetchPutXXX 280 functions return a pointer to a stream which can be used to read or 281 write data from or to the requested document, respectively. 282 Note that 283 although the implementation details of the individual access methods 284 vary, it can generally be assumed that a stream returned by one of the 285 .Fn fetchXGetXXX 286 or 287 .Fn fetchGetXXX 288 functions is read-only, and that a stream returned by one of the 289 .Fn fetchPutXXX 290 functions is write-only. 291 .Sh FILE SCHEME 292 .Fn fetchXGetFile , 293 .Fn fetchGetFile 294 and 295 .Fn fetchPutFile 296 provide access to documents which are files in a locally mounted file 297 system. 298 Only the <document> component of the URL is used. 299 .Pp 300 .Fn fetchXGetFile 301 and 302 .Fn fetchGetFile 303 do not accept any flags. 304 .Pp 305 .Fn fetchPutFile 306 accepts the 307 .Ql a 308 (append to file) flag. 309 If that flag is specified, the data written to 310 the stream returned by 311 .Fn fetchPutFile 312 will be appended to the previous contents of the file, instead of 313 replacing them. 314 .Sh FTP SCHEME 315 .Fn fetchXGetFTP , 316 .Fn fetchGetFTP 317 and 318 .Fn fetchPutFTP 319 implement the FTP protocol as described in RFC959. 320 .Pp 321 If the 322 .Ql P 323 (not passive) flag is specified, an active (rather than passive) 324 connection will be attempted. 325 .Pp 326 The 327 .Ql p 328 flag is supported for compatibility with earlier versions where active 329 connections were the default. 330 It has precedence over the 331 .Ql P 332 flag, so if both are specified, 333 .Nm 334 will use a passive connection. 335 .Pp 336 If the 337 .Ql l 338 (low) flag is specified, data sockets will be allocated in the low (or 339 default) port range instead of the high port range (see 340 .Xr ip 4 ) . 341 .Pp 342 If the 343 .Ql d 344 (direct) flag is specified, 345 .Fn fetchXGetFTP , 346 .Fn fetchGetFTP 347 and 348 .Fn fetchPutFTP 349 will use a direct connection even if a proxy server is defined. 350 .Pp 351 If no user name or password is given, the 352 .Nm fetch 353 library will attempt an anonymous login, with user name "anonymous" 354 and password "anonymous@<hostname>". 355 .Sh HTTP SCHEME 356 The 357 .Fn fetchXGetHTTP , 358 .Fn fetchGetHTTP 359 and 360 .Fn fetchPutHTTP 361 functions implement the HTTP/1.1 protocol. 362 With a little luck, there is 363 even a chance that they comply with RFC2616 and RFC2617. 364 .Pp 365 If the 366 .Ql d 367 (direct) flag is specified, 368 .Fn fetchXGetHTTP , 369 .Fn fetchGetHTTP 370 and 371 .Fn fetchPutHTTP 372 will use a direct connection even if a proxy server is defined. 373 .Pp 374 If the 375 .Ql i 376 (if-modified-since) flag is specified, and 377 the 378 .Va ims_time 379 field is set in 380 .Vt "struct url" , 381 then 382 .Fn fetchXGetHTTP 383 and 384 .Fn fetchGetHTTP 385 will send a conditional 386 .Li If-Modified-Since 387 HTTP header to only fetch the content if it is newer than 388 .Va ims_time . 389 .Pp 390 Since there seems to be no good way of implementing the HTTP PUT 391 method in a manner consistent with the rest of the 392 .Nm fetch 393 library, 394 .Fn fetchPutHTTP 395 is currently unimplemented. 396 .Sh HTTPS SCHEME 397 Based on HTTP SCHEME. 398 By default the peer is verified using the CA bundle located in 399 .Pa /etc/ssl/cert.pem . 400 The file may contain multiple CA certificates. 401 A common source of a current CA bundle is 402 .Pa \%security/ca_root_nss . 403 .Pp 404 The CA bundle used for peer verification can be changed by setting the 405 environment variables 406 .Ev SSL_CA_CERT_FILE 407 to point to a concatenated bundle of trusted certificates and 408 .Ev SSL_CA_CERT_PATH 409 to point to a directory containing hashes of trusted CAs (see 410 .Xr verify 1 ) . 411 .Pp 412 A certificate revocation list (CRL) can be used by setting the 413 environment variable 414 .Ev SSL_CRL_FILE 415 (see 416 .Xr crl 1 ) . 417 .Pp 418 Peer verification can be disabled by setting the environment variable 419 .Ev SSL_NO_VERIFY_PEER . 420 Note that this also disables CRL checking. 421 .Pp 422 By default the service identity is verified according to the rules 423 detailed in RFC6125 (also known as hostname verification). 424 This feature can be disabled by setting the environment variable 425 .Ev SSL_NO_VERIFY_HOSTNAME . 426 .Pp 427 Client certificate based authentication is supported. 428 The environment variable 429 .Ev SSL_CLIENT_CERT_FILE 430 should be set to point to a file containing key and client certificate 431 to be used in PEM format. In case the key is stored in a separate 432 file, the environment variable 433 .Ev SSL_CLIENT_KEY_FILE 434 can be set to point to the key in PEM format. 435 In case the key uses a password, the user will be prompted on standard 436 input (see 437 .Xr PEM 3 ) . 438 .Pp 439 By default 440 .Nm libfetch 441 allows TLSv1 and newer when negotiating the connecting with the remote 442 peer. 443 You can change this behavior by setting the 444 .Ev SSL_ALLOW_SSL2 445 and 446 .Ev SSL_ALLOW_SSL3 447 environment variables to allow SSLv2 and SSLv3, respectively, and 448 .Ev SSL_NO_TLS1 , 449 .Ev SSL_NO_TLS1_1 and 450 .Ev SSL_NO_TLS1_2 451 to disable TLS 1.0, 1.1 and 1.2 respectively. 452 .Sh AUTHENTICATION 453 Apart from setting the appropriate environment variables and 454 specifying the user name and password in the URL or the 455 .Vt struct url , 456 the calling program has the option of defining an authentication 457 function with the following prototype: 458 .Pp 459 .Ft int 460 .Fn myAuthMethod "struct url *u" 461 .Pp 462 The callback function should fill in the 463 .Fa user 464 and 465 .Fa pwd 466 fields in the provided 467 .Vt struct url 468 and return 0 on success, or any other value to indicate failure. 469 .Pp 470 To register the authentication callback, simply set 471 .Va fetchAuthMethod 472 to point at it. 473 The callback will be used whenever a site requires authentication and 474 the appropriate environment variables are not set. 475 .Pp 476 This interface is experimental and may be subject to change. 477 .Sh RETURN VALUES 478 .Fn fetchParseURL 479 returns a pointer to a 480 .Vt struct url 481 containing the individual components of the URL. 482 If it is 483 unable to allocate memory, or the URL is syntactically incorrect, 484 .Fn fetchParseURL 485 returns a NULL pointer. 486 .Pp 487 The 488 .Fn fetchStat 489 functions return 0 on success and -1 on failure. 490 .Pp 491 All other functions return a stream pointer which may be used to 492 access the requested document, or NULL if an error occurred. 493 .Pp 494 The following error codes are defined in 495 .In fetch.h : 496 .Bl -tag -width 18n 497 .It Bq Er FETCH_ABORT 498 Operation aborted 499 .It Bq Er FETCH_AUTH 500 Authentication failed 501 .It Bq Er FETCH_DOWN 502 Service unavailable 503 .It Bq Er FETCH_EXISTS 504 File exists 505 .It Bq Er FETCH_FULL 506 File system full 507 .It Bq Er FETCH_INFO 508 Informational response 509 .It Bq Er FETCH_MEMORY 510 Insufficient memory 511 .It Bq Er FETCH_MOVED 512 File has moved 513 .It Bq Er FETCH_NETWORK 514 Network error 515 .It Bq Er FETCH_OK 516 No error 517 .It Bq Er FETCH_PROTO 518 Protocol error 519 .It Bq Er FETCH_RESOLV 520 Resolver error 521 .It Bq Er FETCH_SERVER 522 Server error 523 .It Bq Er FETCH_TEMP 524 Temporary error 525 .It Bq Er FETCH_TIMEOUT 526 Operation timed out 527 .It Bq Er FETCH_UNAVAIL 528 File is not available 529 .It Bq Er FETCH_UNKNOWN 530 Unknown error 531 .It Bq Er FETCH_URL 532 Invalid URL 533 .El 534 .Pp 535 The accompanying error message includes a protocol-specific error code 536 and message, e.g.\& "File is not available (404 Not Found)" 537 .Sh ENVIRONMENT 538 .Bl -tag -width ".Ev FETCH_BIND_ADDRESS" 539 .It Ev FETCH_BIND_ADDRESS 540 Specifies a hostname or IP address to which sockets used for outgoing 541 connections will be bound. 542 .It Ev FTP_LOGIN 543 Default FTP login if none was provided in the URL. 544 .It Ev FTP_PASSIVE_MODE 545 If set to 546 .Ql no , 547 forces the FTP code to use active mode. 548 If set to any other value, forces passive mode even if the application 549 requested active mode. 550 .It Ev FTP_PASSWORD 551 Default FTP password if the remote server requests one and none was 552 provided in the URL. 553 .It Ev FTP_PROXY 554 URL of the proxy to use for FTP requests. 555 The document part is ignored. 556 FTP and HTTP proxies are supported; if no scheme is specified, FTP is 557 assumed. 558 If the proxy is an FTP proxy, 559 .Nm libfetch 560 will send 561 .Ql user@host 562 as user name to the proxy, where 563 .Ql user 564 is the real user name, and 565 .Ql host 566 is the name of the FTP server. 567 .Pp 568 If this variable is set to an empty string, no proxy will be used for 569 FTP requests, even if the 570 .Ev HTTP_PROXY 571 variable is set. 572 .It Ev ftp_proxy 573 Same as 574 .Ev FTP_PROXY , 575 for compatibility. 576 .It Ev HTTP_ACCEPT 577 Specifies the value of the 578 .Va Accept 579 header for HTTP requests. 580 If empty, no 581 .Va Accept 582 header is sent. 583 The default is 584 .Dq */* . 585 .It Ev HTTP_AUTH 586 Specifies HTTP authorization parameters as a colon-separated list of 587 items. 588 The first and second item are the authorization scheme and realm 589 respectively; further items are scheme-dependent. 590 Currently, the 591 .Dq basic 592 and 593 .Dq digest 594 authorization methods are supported. 595 .Pp 596 Both methods require two parameters: the user name and 597 password, in that order. 598 .Pp 599 This variable is only used if the server requires authorization and 600 no user name or password was specified in the URL. 601 .It Ev HTTP_PROXY 602 URL of the proxy to use for HTTP requests. 603 The document part is ignored. 604 Only HTTP proxies are supported for HTTP requests. 605 If no port number is specified, the default is 3128. 606 .Pp 607 Note that this proxy will also be used for FTP documents, unless the 608 .Ev FTP_PROXY 609 variable is set. 610 .It Ev http_proxy 611 Same as 612 .Ev HTTP_PROXY , 613 for compatibility. 614 .It Ev HTTP_PROXY_AUTH 615 Specifies authorization parameters for the HTTP proxy in the same 616 format as the 617 .Ev HTTP_AUTH 618 variable. 619 .Pp 620 This variable is used if and only if connected to an HTTP proxy, and 621 is ignored if a user and/or a password were specified in the proxy 622 URL. 623 .It Ev HTTP_REFERER 624 Specifies the referrer URL to use for HTTP requests. 625 If set to 626 .Dq auto , 627 the document URL will be used as referrer URL. 628 .It Ev HTTP_USER_AGENT 629 Specifies the User-Agent string to use for HTTP requests. 630 This can be useful when working with HTTP origin or proxy servers that 631 differentiate between user agents. 632 If defined but empty, no User-Agent header is sent. 633 .It Ev NETRC 634 Specifies a file to use instead of 635 .Pa ~/.netrc 636 to look up login names and passwords for FTP sites. 637 See 638 .Xr ftp 1 639 for a description of the file format. 640 This feature is experimental. 641 .It Ev NO_PROXY 642 Either a single asterisk, which disables the use of proxies 643 altogether, or a comma- or whitespace-separated list of hosts for 644 which proxies should not be used. 645 .It Ev no_proxy 646 Same as 647 .Ev NO_PROXY , 648 for compatibility. 649 .It Ev SSL_ALLOW_SSL2 650 Allow SSL version 2 when negotiating the connection (not recommended). 651 .It Ev SSL_ALLOW_SSL3 652 Allow SSL version 3 when negotiating the connection (not recommended). 653 .It Ev SSL_CA_CERT_FILE 654 CA certificate bundle containing trusted CA certificates. 655 Default value: 656 .Pa /etc/ssl/cert.pem . 657 .It Ev SSL_CA_CERT_PATH 658 Path containing trusted CA hashes. 659 .It Ev SSL_CLIENT_CERT_FILE 660 PEM encoded client certificate/key which will be used in 661 client certificate authentication. 662 .It Ev SSL_CLIENT_KEY_FILE 663 PEM encoded client key in case key and client certificate 664 are stored separately. 665 .It Ev SSL_CRL_FILE 666 File containing certificate revocation list. 667 .It Ev SSL_NO_TLS1 668 Do not allow TLS version 1.0 when negotiating the connection. 669 .It Ev SSL_NO_TLS1_1 670 Do not allow TLS version 1.1 when negotiating the connection. 671 .It Ev SSL_NO_TLS1_2 672 Do not allow TLS version 1.2 when negotiating the connection. 673 .It Ev SSL_NO_VERIFY_HOSTNAME 674 If set, do not verify that the hostname matches the subject of the 675 certificate presented by the server. 676 .It Ev SSL_NO_VERIFY_PEER 677 If set, do not verify the peer certificate against trusted CAs. 678 .El 679 .Sh EXAMPLES 680 To access a proxy server on 681 .Pa proxy.example.com 682 port 8080, set the 683 .Ev HTTP_PROXY 684 environment variable in a manner similar to this: 685 .Pp 686 .Dl HTTP_PROXY=http://proxy.example.com:8080 687 .Pp 688 If the proxy server requires authentication, there are 689 two options available for passing the authentication data. 690 The first method is by using the proxy URL: 691 .Pp 692 .Dl HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:8080 693 .Pp 694 The second method is by using the 695 .Ev HTTP_PROXY_AUTH 696 environment variable: 697 .Bd -literal -offset indent 698 HTTP_PROXY=http://proxy.example.com:8080 699 HTTP_PROXY_AUTH=basic:*:<user>:<pwd> 700 .Ed 701 .Pp 702 To disable the use of a proxy for an HTTP server running on the local 703 host, define 704 .Ev NO_PROXY 705 as follows: 706 .Bd -literal -offset indent 707 NO_PROXY=localhost,127.0.0.1 708 .Ed 709 .Pp 710 Access HTTPS website without any certificate verification whatsoever: 711 .Bd -literal -offset indent 712 SSL_NO_VERIFY_PEER=1 713 SSL_NO_VERIFY_HOSTNAME=1 714 .Ed 715 .Pp 716 Access HTTPS website using client certificate based authentication 717 and a private CA: 718 .Bd -literal -offset indent 719 SSL_CLIENT_CERT_FILE=/path/to/client.pem 720 SSL_CA_CERT_FILE=/path/to/myca.pem 721 .Ed 722 .Sh SEE ALSO 723 .Xr fetch 1 , 724 .Xr ftpio 3 , 725 .Xr ip 4 726 .Rs 727 .%A J. Postel 728 .%A J. K. Reynolds 729 .%D October 1985 730 .%B File Transfer Protocol 731 .%O RFC959 732 .Re 733 .Rs 734 .%A P. Deutsch 735 .%A A. Emtage 736 .%A A. Marine. 737 .%D May 1994 738 .%T How to Use Anonymous FTP 739 .%O RFC1635 740 .Re 741 .Rs 742 .%A T. Berners-Lee 743 .%A L. Masinter 744 .%A M. McCahill 745 .%D December 1994 746 .%T Uniform Resource Locators (URL) 747 .%O RFC1738 748 .Re 749 .Rs 750 .%A R. Fielding 751 .%A J. Gettys 752 .%A J. Mogul 753 .%A H. Frystyk 754 .%A L. Masinter 755 .%A P. Leach 756 .%A T. Berners-Lee 757 .%D January 1999 758 .%B Hypertext Transfer Protocol -- HTTP/1.1 759 .%O RFC2616 760 .Re 761 .Rs 762 .%A J. Franks 763 .%A P. Hallam-Baker 764 .%A J. Hostetler 765 .%A S. Lawrence 766 .%A P. Leach 767 .%A A. Luotonen 768 .%A L. Stewart 769 .%D June 1999 770 .%B HTTP Authentication: Basic and Digest Access Authentication 771 .%O RFC2617 772 .Re 773 .Sh HISTORY 774 The 775 .Nm fetch 776 library first appeared in 777 .Fx 3.0 . 778 .Sh AUTHORS 779 .An -nosplit 780 The 781 .Nm fetch 782 library was mostly written by 783 .An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 784 with numerous suggestions and contributions from 785 .An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org , 786 .An Eugene Skepner Aq Mt eu@qub.com , 787 .An Hajimu Umemoto Aq Mt ume@FreeBSD.org , 788 .An Henry Whincup Aq Mt henry@techiebod.com , 789 .An Jukka A. Ukkonen Aq Mt jau@iki.fi , 790 .An Jean-Fran\(,cois Dockes Aq Mt jf@dockes.org , 791 .An Michael Gmelin Aq Mt freebsd@grem.de 792 and others. 793 It replaces the older 794 .Nm ftpio 795 library written by 796 .An Poul-Henning Kamp Aq Mt phk@FreeBSD.org 797 and 798 .An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org . 799 .Pp 800 This manual page was written by 801 .An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 802 and 803 .An Michael Gmelin Aq Mt freebsd@grem.de . 804 .Sh BUGS 805 Some parts of the library are not yet implemented. 806 The most notable 807 examples of this are 808 .Fn fetchPutHTTP , 809 .Fn fetchListHTTP , 810 .Fn fetchListFTP 811 and FTP proxy support. 812 .Pp 813 There is no way to select a proxy at run-time other than setting the 814 .Ev HTTP_PROXY 815 or 816 .Ev FTP_PROXY 817 environment variables as appropriate. 818 .Pp 819 .Nm libfetch 820 does not understand or obey 305 (Use Proxy) replies. 821 .Pp 822 Error numbers are unique only within a certain context; the error 823 codes used for FTP and HTTP overlap, as do those used for resolver and 824 system errors. 825 For instance, error code 202 means "Command not 826 implemented, superfluous at this site" in an FTP context and 827 "Accepted" in an HTTP context. 828 .Pp 829 .Fn fetchStatFTP 830 does not check that the result of an MDTM command is a valid date. 831 .Pp 832 In case password protected keys are used for client certificate based 833 authentication the user is prompted for the password on each and every 834 fetch operation. 835 .Pp 836 The man page is incomplete, poorly written and produces badly 837 formatted text. 838 .Pp 839 The error reporting mechanism is unsatisfactory. 840 .Pp 841 Some parts of the code are not fully reentrant.