1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
SSL UCSPI protocol definition
Copyright 2001
SuperScript Technology, Inc. sst@superscript.com
This document defines the SSL protocol for UCSPI-1996 tools. An SSL
client communicates with an SSL server, on the same machine or on a
different machine, via the TCP/IP protocol through an Internet-domain
socket. The descriptors passed to a SSL UCSPI application are copies of
that socket, dup()ed from a single connect() or accept().
[address] consists of two arguments: [hostname] [port].
There are three possibilities for [hostname]: the number 0, referring to
the local host; a dotted-decimal IP address, such as 192.48.96.5; or a
name understood by the system's resolver, such as mail.uu.net. SSL UCSPI
servers use only the first IP address from the resolver; SSL UCSPI
clients try each address in turn.
There are three possibilities for [port]: a positive numeric TCP port
number, such as 25; the number 0, which permits selection of any port
number; or a name understood by the system's getservbyname(), such as
smtp.
The client and server set up the following environment variables:
PROTO: the string SSL
SSLLOCALIP: the dotted-decimal IP address of the local host
SSLLOCALPORT: the local SSL port number, in decimal
SSLREMOTEIP: the dotted-decimal IP address of the remote host
SSLREMOTEPORT: the remote SSL port number, in decimal
SSLLOCALHOST, if possible: the resolver's name for SSLLOCALIP
SSLREMOTEHOST, if possible: the resolver's name for SSLREMOTEIP
SSLREMOTEINFO, if possible: the result of a 931/1413/IDENT/TAP query
Uppercase letters in SSLLOCALHOST and SSLREMOTEHOST are converted to
lowercase. SSLREMOTEINFO is a connection-specific string supplied by the
remote host via 931/1413/IDENT/TAP.
SSL UCSPI tools take a -R option to turn off 931/1413/IDENT/TAP
querying, and a -r option to turn it back on. SSL UCSPI tools take a -I
option to turn off checking for a client certificate, and a -i option to
turn it back on. SSL UCSPI clients take a -p [locport] option to
require a particular TCP port on the local side of the connection. SSL
UCSPI servers take a -1 option to print the local port number (in
decimal, followed by a newline) to descriptor 1 before closing
descriptor 1 and after preparing to receive connections. SSL UCSPI
servers and clients take a -3 option to read a null-terminated key
password from file descriptor 3.
|
