1.\"- 2.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav 3.\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD: head/lib/libfetch/fetch.3 357968 2020-02-15 18:03:16Z kevans $ 28.\" 29.Dd August 28, 2019 30.Dt FETCH 3 31.Os 32.Sh NAME 33.Nm fetchMakeURL , 34.Nm fetchParseURL , 35.Nm fetchFreeURL , 36.Nm fetchXGetURL , 37.Nm fetchGetURL , 38.Nm fetchPutURL , 39.Nm fetchStatURL , 40.Nm fetchListURL , 41.Nm fetchXGet , 42.Nm fetchGet , 43.Nm fetchPut , 44.Nm fetchStat , 45.Nm fetchList , 46.Nm fetchXGetFile , 47.Nm fetchGetFile , 48.Nm fetchPutFile , 49.Nm fetchStatFile , 50.Nm fetchListFile , 51.Nm fetchXGetHTTP , 52.Nm fetchGetHTTP , 53.Nm fetchPutHTTP , 54.Nm fetchStatHTTP , 55.Nm fetchListHTTP , 56.Nm fetchReqHTTP , 57.Nm fetchXGetFTP , 58.Nm fetchGetFTP , 59.Nm fetchPutFTP , 60.Nm fetchStatFTP , 61.Nm fetchListFTP 62.Nd file transfer functions 63.Sh LIBRARY 64.Lb libfetch 65.Sh SYNOPSIS 66.In sys/param.h 67.In stdio.h 68.In fetch.h 69.Ft struct url * 70.Fn fetchMakeURL "const char *scheme" "const char *host" "int port" "const char *doc" "const char *user" "const char *pwd" 71.Ft struct url * 72.Fn fetchParseURL "const char *URL" 73.Ft void 74.Fn fetchFreeURL "struct url *u" 75.Ft FILE * 76.Fn fetchXGetURL "const char *URL" "struct url_stat *us" "const char *flags" 77.Ft FILE * 78.Fn fetchGetURL "const char *URL" "const char *flags" 79.Ft FILE * 80.Fn fetchPutURL "const char *URL" "const char *flags" 81.Ft int 82.Fn fetchStatURL "const char *URL" "struct url_stat *us" "const char *flags" 83.Ft struct url_ent * 84.Fn fetchListURL "const char *URL" "const char *flags" 85.Ft FILE * 86.Fn fetchXGet "struct url *u" "struct url_stat *us" "const char *flags" 87.Ft FILE * 88.Fn fetchGet "struct url *u" "const char *flags" 89.Ft FILE * 90.Fn fetchPut "struct url *u" "const char *flags" 91.Ft int 92.Fn fetchStat "struct url *u" "struct url_stat *us" "const char *flags" 93.Ft struct url_ent * 94.Fn fetchList "struct url *u" "const char *flags" 95.Ft FILE * 96.Fn fetchXGetFile "struct url *u" "struct url_stat *us" "const char *flags" 97.Ft FILE * 98.Fn fetchGetFile "struct url *u" "const char *flags" 99.Ft FILE * 100.Fn fetchPutFile "struct url *u" "const char *flags" 101.Ft int 102.Fn fetchStatFile "struct url *u" "struct url_stat *us" "const char *flags" 103.Ft struct url_ent * 104.Fn fetchListFile "struct url *u" "const char *flags" 105.Ft FILE * 106.Fn fetchXGetHTTP "struct url *u" "struct url_stat *us" "const char *flags" 107.Ft FILE * 108.Fn fetchGetHTTP "struct url *u" "const char *flags" 109.Ft FILE * 110.Fn fetchPutHTTP "struct url *u" "const char *flags" 111.Ft int 112.Fn fetchStatHTTP "struct url *u" "struct url_stat *us" "const char *flags" 113.Ft struct url_ent * 114.Fn fetchListHTTP "struct url *u" "const char *flags" 115.Ft FILE * 116.Fn fetchReqHTTP "struct url *u" "const char *method" "const char *flags" "const char *content_type" "const char *body" 117.Ft FILE * 118.Fn fetchXGetFTP "struct url *u" "struct url_stat *us" "const char *flags" 119.Ft FILE * 120.Fn fetchGetFTP "struct url *u" "const char *flags" 121.Ft FILE * 122.Fn fetchPutFTP "struct url *u" "const char *flags" 123.Ft int 124.Fn fetchStatFTP "struct url *u" "struct url_stat *us" "const char *flags" 125.Ft struct url_ent * 126.Fn fetchListFTP "struct url *u" "const char *flags" 127.Sh DESCRIPTION 128These functions implement a high-level library for retrieving and 129uploading files using Uniform Resource Locators (URLs). 130.Pp 131.Fn fetchParseURL 132takes a URL in the form of a null-terminated string and splits it into 133its components function according to the Common Internet Scheme Syntax 134detailed in RFC1738. 135A regular expression which produces this syntax is: 136.Bd -literal 137 <scheme>:(//(<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 138.Ed 139.Pp 140If the URL does not seem to begin with a scheme name, the following 141syntax is assumed: 142.Bd -literal 143 ((<user>(:<pwd>)?@)?<host>(:<port>)?)?/(<document>)? 144.Ed 145.Pp 146Note that some components of the URL are not necessarily relevant to 147all URL schemes. 148For instance, the file scheme only needs the <scheme> and <document> 149components. 150.Pp 151.Fn fetchMakeURL 152and 153.Fn fetchParseURL 154return a pointer to a 155.Vt url 156structure, which is defined as follows in 157.In fetch.h : 158.Bd -literal 159#define URL_SCHEMELEN 16 160#define URL_USERLEN 256 161#define URL_PWDLEN 256 162 163struct url { 164 char scheme[URL_SCHEMELEN+1]; 165 char user[URL_USERLEN+1]; 166 char pwd[URL_PWDLEN+1]; 167 char host[MAXHOSTNAMELEN+1]; 168 int port; 169 char *doc; 170 off_t offset; 171 size_t length; 172 time_t ims_time; 173}; 174.Ed 175.Pp 176The 177.Va ims_time 178field stores the time value for 179.Li If-Modified-Since 180HTTP requests. 181.Pp 182The pointer returned by 183.Fn fetchMakeURL 184or 185.Fn fetchParseURL 186should be freed using 187.Fn fetchFreeURL . 188.Pp 189.Fn fetchXGetURL , 190.Fn fetchGetURL , 191and 192.Fn fetchPutURL 193constitute the recommended interface to the 194.Nm fetch 195library. 196They examine the URL passed to them to determine the transfer 197method, and call the appropriate lower-level functions to perform the 198actual transfer. 199.Fn fetchXGetURL 200also returns the remote document's metadata in the 201.Vt url_stat 202structure pointed to by the 203.Fa us 204argument. 205.Pp 206The 207.Fa flags 208argument is a string of characters which specify transfer options. 209The 210meaning of the individual flags is scheme-dependent, and is detailed 211in the appropriate section below. 212.Pp 213.Fn fetchStatURL 214attempts to obtain the requested document's metadata and fill in the 215structure pointed to by its second argument. 216The 217.Vt url_stat 218structure is defined as follows in 219.In fetch.h : 220.Bd -literal 221struct url_stat { 222 off_t size; 223 time_t atime; 224 time_t mtime; 225}; 226.Ed 227.Pp 228If the size could not be obtained from the server, the 229.Fa size 230field is set to -1. 231If the modification time could not be obtained from the server, the 232.Fa mtime 233field is set to the epoch. 234If the access time could not be obtained from the server, the 235.Fa atime 236field is set to the modification time. 237.Pp 238.Fn fetchListURL 239attempts to list the contents of the directory pointed to by the URL 240provided. 241If successful, it returns a malloced array of 242.Vt url_ent 243structures. 244The 245.Vt url_ent 246structure is defined as follows in 247.In fetch.h : 248.Bd -literal 249struct url_ent { 250 char name[PATH_MAX]; 251 struct url_stat stat; 252}; 253.Ed 254.Pp 255The list is terminated by an entry with an empty name. 256.Pp 257The pointer returned by 258.Fn fetchListURL 259should be freed using 260.Fn free . 261.Pp 262.Fn fetchXGet , 263.Fn fetchGet , 264.Fn fetchPut 265and 266.Fn fetchStat 267are similar to 268.Fn fetchXGetURL , 269.Fn fetchGetURL , 270.Fn fetchPutURL 271and 272.Fn fetchStatURL , 273except that they expect a pre-parsed URL in the form of a pointer to 274a 275.Vt struct url 276rather than a string. 277.Pp 278All of the 279.Fn fetchXGetXXX , 280.Fn fetchGetXXX 281and 282.Fn fetchPutXXX 283functions return a pointer to a stream which can be used to read or 284write data from or to the requested document, respectively. 285Note that 286although the implementation details of the individual access methods 287vary, it can generally be assumed that a stream returned by one of the 288.Fn fetchXGetXXX 289or 290.Fn fetchGetXXX 291functions is read-only, and that a stream returned by one of the 292.Fn fetchPutXXX 293functions is write-only. 294.Sh FILE SCHEME 295.Fn fetchXGetFile , 296.Fn fetchGetFile 297and 298.Fn fetchPutFile 299provide access to documents which are files in a locally mounted file 300system. 301Only the <document> component of the URL is used. 302.Pp 303.Fn fetchXGetFile 304and 305.Fn fetchGetFile 306do not accept any flags. 307.Pp 308.Fn fetchPutFile 309accepts the 310.Ql a 311(append to file) flag. 312If that flag is specified, the data written to 313the stream returned by 314.Fn fetchPutFile 315will be appended to the previous contents of the file, instead of 316replacing them. 317.Sh FTP SCHEME 318.Fn fetchXGetFTP , 319.Fn fetchGetFTP 320and 321.Fn fetchPutFTP 322implement the FTP protocol as described in RFC959. 323.Pp 324If the 325.Ql P 326(not passive) flag is specified, an active (rather than passive) 327connection will be attempted. 328.Pp 329The 330.Ql p 331flag is supported for compatibility with earlier versions where active 332connections were the default. 333It has precedence over the 334.Ql P 335flag, so if both are specified, 336.Nm 337will use a passive connection. 338.Pp 339If the 340.Ql l 341(low) flag is specified, data sockets will be allocated in the low (or 342default) port range instead of the high port range (see 343.Xr ip 4 ) . 344.Pp 345If the 346.Ql d 347(direct) flag is specified, 348.Fn fetchXGetFTP , 349.Fn fetchGetFTP 350and 351.Fn fetchPutFTP 352will use a direct connection even if a proxy server is defined. 353.Pp 354If no user name or password is given, the 355.Nm fetch 356library will attempt an anonymous login, with user name "anonymous" 357and password "anonymous@<hostname>". 358.Sh HTTP SCHEME 359The 360.Fn fetchXGetHTTP , 361.Fn fetchGetHTTP , 362.Fn fetchPutHTTP 363and 364.Fn fetchReqHTTP 365functions implement the HTTP/1.1 protocol. 366With a little luck, there is 367even a chance that they comply with RFC2616 and RFC2617. 368.Pp 369If the 370.Ql d 371(direct) flag is specified, 372.Fn fetchXGetHTTP , 373.Fn fetchGetHTTP 374and 375.Fn fetchPutHTTP 376will use a direct connection even if a proxy server is defined. 377.Pp 378If the 379.Ql i 380(if-modified-since) flag is specified, and 381the 382.Va ims_time 383field is set in 384.Vt "struct url" , 385then 386.Fn fetchXGetHTTP 387and 388.Fn fetchGetHTTP 389will send a conditional 390.Li If-Modified-Since 391HTTP header to only fetch the content if it is newer than 392.Va ims_time . 393.Pp 394The function 395.Fn fetchReqHTTP 396can be used to make requests with an arbitrary HTTP verb, 397including POST, DELETE, CONNECT, OPTIONS, TRACE or PATCH. 398This can be done by setting the argument 399.Fa method 400to the intended verb, such as 401.Ql POST , 402and 403.Fa body 404to the content. 405.Pp 406Since there seems to be no good way of implementing the HTTP PUT 407method in a manner consistent with the rest of the 408.Nm fetch 409library, 410.Fn fetchPutHTTP 411is currently unimplemented. 412.Sh HTTPS SCHEME 413Based on HTTP SCHEME. 414By default the peer is verified using the CA bundle located in 415.Pa /usr/local/etc/ssl/cert.pem . 416If this file does not exist, 417.Pa /etc/ssl/cert.pem 418is used instead. 419If neither file exists, and 420.Ev SSL_CA_CERT_PATH 421has not been set, 422OpenSSL's default CA cert and path settings apply. 423The certificate bundle can contain multiple CA certificates. 424A common source of a current CA bundle is 425.Pa \%security/ca_root_nss . 426.Pp 427The CA bundle used for peer verification can be changed by setting the 428environment variables 429.Ev SSL_CA_CERT_FILE 430to point to a concatenated bundle of trusted certificates and 431.Ev SSL_CA_CERT_PATH 432to point to a directory containing hashes of trusted CAs (see 433.Xr verify 1 ) . 434.Pp 435A certificate revocation list (CRL) can be used by setting the 436environment variable 437.Ev SSL_CRL_FILE 438(see 439.Xr crl 1 ) . 440.Pp 441Peer verification can be disabled by setting the environment variable 442.Ev SSL_NO_VERIFY_PEER . 443Note that this also disables CRL checking. 444.Pp 445By default the service identity is verified according to the rules 446detailed in RFC6125 (also known as hostname verification). 447This feature can be disabled by setting the environment variable 448.Ev SSL_NO_VERIFY_HOSTNAME . 449.Pp 450Client certificate based authentication is supported. 451The environment variable 452.Ev SSL_CLIENT_CERT_FILE 453should be set to point to a file containing key and client certificate 454to be used in PEM format. 455When a PEM-format key is in a separate file from the client certificate, 456the environment variable 457.Ev SSL_CLIENT_KEY_FILE 458can be set to point to the key file. 459In case the key uses a password, the user will be prompted on standard 460input (see 461.Xr PEM 3 ) . 462.Pp 463By default 464.Nm libfetch 465allows TLSv1 and newer when negotiating the connecting with the remote 466peer. 467You can change this behavior by setting the 468.Ev SSL_ALLOW_SSL3 469environment variable to allow SSLv3 and 470.Ev SSL_NO_TLS1 , 471.Ev SSL_NO_TLS1_1 and 472.Ev SSL_NO_TLS1_2 473to disable TLS 1.0, 1.1 and 1.2 respectively. 474.Sh AUTHENTICATION 475Apart from setting the appropriate environment variables and 476specifying the user name and password in the URL or the 477.Vt struct url , 478the calling program has the option of defining an authentication 479function with the following prototype: 480.Pp 481.Ft int 482.Fn myAuthMethod "struct url *u" 483.Pp 484The callback function should fill in the 485.Fa user 486and 487.Fa pwd 488fields in the provided 489.Vt struct url 490and return 0 on success, or any other value to indicate failure. 491.Pp 492To register the authentication callback, simply set 493.Va fetchAuthMethod 494to point at it. 495The callback will be used whenever a site requires authentication and 496the appropriate environment variables are not set. 497.Pp 498This interface is experimental and may be subject to change. 499.Sh RETURN VALUES 500.Fn fetchParseURL 501returns a pointer to a 502.Vt struct url 503containing the individual components of the URL. 504If it is 505unable to allocate memory, or the URL is syntactically incorrect, 506.Fn fetchParseURL 507returns a NULL pointer. 508.Pp 509The 510.Fn fetchStat 511functions return 0 on success and -1 on failure. 512.Pp 513All other functions return a stream pointer which may be used to 514access the requested document, or NULL if an error occurred. 515.Pp 516The following error codes are defined in 517.In fetch.h : 518.Bl -tag -width 18n 519.It Bq Er FETCH_ABORT 520Operation aborted 521.It Bq Er FETCH_AUTH 522Authentication failed 523.It Bq Er FETCH_DOWN 524Service unavailable 525.It Bq Er FETCH_EXISTS 526File exists 527.It Bq Er FETCH_FULL 528File system full 529.It Bq Er FETCH_INFO 530Informational response 531.It Bq Er FETCH_MEMORY 532Insufficient memory 533.It Bq Er FETCH_MOVED 534File has moved 535.It Bq Er FETCH_NETWORK 536Network error 537.It Bq Er FETCH_OK 538No error 539.It Bq Er FETCH_PROTO 540Protocol error 541.It Bq Er FETCH_RESOLV 542Resolver error 543.It Bq Er FETCH_SERVER 544Server error 545.It Bq Er FETCH_TEMP 546Temporary error 547.It Bq Er FETCH_TIMEOUT 548Operation timed out 549.It Bq Er FETCH_UNAVAIL 550File is not available 551.It Bq Er FETCH_UNKNOWN 552Unknown error 553.It Bq Er FETCH_URL 554Invalid URL 555.El 556.Pp 557The accompanying error message includes a protocol-specific error code 558and message, like "File is not available (404 Not Found)" 559.Sh ENVIRONMENT 560.Bl -tag -width ".Ev FETCH_BIND_ADDRESS" 561.It Ev FETCH_BIND_ADDRESS 562Specifies a hostname or IP address to which sockets used for outgoing 563connections will be bound. 564.It Ev FTP_LOGIN 565Default FTP login if none was provided in the URL. 566.It Ev FTP_PASSIVE_MODE 567If set to 568.Ql no , 569forces the FTP code to use active mode. 570If set to any other value, forces passive mode even if the application 571requested active mode. 572.It Ev FTP_PASSWORD 573Default FTP password if the remote server requests one and none was 574provided in the URL. 575.It Ev FTP_PROXY 576URL of the proxy to use for FTP requests. 577The document part is ignored. 578FTP and HTTP proxies are supported; if no scheme is specified, FTP is 579assumed. 580If the proxy is an FTP proxy, 581.Nm libfetch 582will send 583.Ql user@host 584as user name to the proxy, where 585.Ql user 586is the real user name, and 587.Ql host 588is the name of the FTP server. 589.Pp 590If this variable is set to an empty string, no proxy will be used for 591FTP requests, even if the 592.Ev HTTP_PROXY 593variable is set. 594.It Ev ftp_proxy 595Same as 596.Ev FTP_PROXY , 597for compatibility. 598.It Ev HTTP_ACCEPT 599Specifies the value of the 600.Va Accept 601header for HTTP requests. 602If empty, no 603.Va Accept 604header is sent. 605The default is 606.Dq */* . 607.It Ev HTTP_AUTH 608Specifies HTTP authorization parameters as a colon-separated list of 609items. 610The first and second item are the authorization scheme and realm 611respectively; further items are scheme-dependent. 612Currently, the 613.Dq basic 614and 615.Dq digest 616authorization methods are supported. 617.Pp 618Both methods require two parameters: the user name and 619password, in that order. 620.Pp 621This variable is only used if the server requires authorization and 622no user name or password was specified in the URL. 623.It Ev HTTP_PROXY 624URL of the proxy to use for HTTP requests. 625The document part is ignored. 626Only HTTP proxies are supported for HTTP requests. 627If no port number is specified, the default is 3128. 628.Pp 629Note that this proxy will also be used for FTP documents, unless the 630.Ev FTP_PROXY 631variable is set. 632.It Ev http_proxy 633Same as 634.Ev HTTP_PROXY , 635for compatibility. 636.It Ev HTTP_PROXY_AUTH 637Specifies authorization parameters for the HTTP proxy in the same 638format as the 639.Ev HTTP_AUTH 640variable. 641.Pp 642This variable is used if and only if connected to an HTTP proxy, and 643is ignored if a user and/or a password were specified in the proxy 644URL. 645.It Ev HTTP_REFERER 646Specifies the referrer URL to use for HTTP requests. 647If set to 648.Dq auto , 649the document URL will be used as referrer URL. 650.It Ev HTTP_USER_AGENT 651Specifies the User-Agent string to use for HTTP requests. 652This can be useful when working with HTTP origin or proxy servers that 653differentiate between user agents. 654If defined but empty, no User-Agent header is sent. 655.It Ev NETRC 656Specifies a file to use instead of 657.Pa ~/.netrc 658to look up login names and passwords for FTP and HTTP sites as well as 659HTTP proxies. 660See 661.Xr ftp 1 662for a description of the file format. 663.It Ev NO_PROXY 664Either a single asterisk, which disables the use of proxies 665altogether, or a comma- or whitespace-separated list of hosts for 666which proxies should not be used. 667.It Ev no_proxy 668Same as 669.Ev NO_PROXY , 670for compatibility. 671.It Ev SOCKS5_PROXY 672Uses SOCKS version 5 to make connection. 673The format must be the IP or hostname followed by a colon for the port. 674IPv6 addresses must enclose the address in brackets. 675If no port is specified, the default is 1080. 676This setting will supersede a connection to an 677.Ev HTTP_PROXY . 678.It Ev SSL_ALLOW_SSL3 679Allow SSL version 3 when negotiating the connection (not recommended). 680.It Ev SSL_CA_CERT_FILE 681CA certificate bundle containing trusted CA certificates. 682Default value: See HTTPS SCHEME above. 683.It Ev SSL_CA_CERT_PATH 684Path containing trusted CA hashes. 685.It Ev SSL_CLIENT_CERT_FILE 686PEM encoded client certificate/key which will be used in 687client certificate authentication. 688.It Ev SSL_CLIENT_KEY_FILE 689PEM encoded client key in case key and client certificate 690are stored separately. 691.It Ev SSL_CRL_FILE 692File containing certificate revocation list. 693.It Ev SSL_NO_TLS1 694Do not allow TLS version 1.0 when negotiating the connection. 695.It Ev SSL_NO_TLS1_1 696Do not allow TLS version 1.1 when negotiating the connection. 697.It Ev SSL_NO_TLS1_2 698Do not allow TLS version 1.2 when negotiating the connection. 699.It Ev SSL_NO_VERIFY_HOSTNAME 700If set, do not verify that the hostname matches the subject of the 701certificate presented by the server. 702.It Ev SSL_NO_VERIFY_PEER 703If set, do not verify the peer certificate against trusted CAs. 704.El 705.Sh EXAMPLES 706To access a proxy server on 707.Pa proxy.example.com 708port 8080, set the 709.Ev HTTP_PROXY 710environment variable in a manner similar to this: 711.Pp 712.Dl HTTP_PROXY=http://proxy.example.com:8080 713.Pp 714If the proxy server requires authentication, there are 715two options available for passing the authentication data. 716The first method is by using the proxy URL: 717.Pp 718.Dl HTTP_PROXY=http://<user>:<pwd>@proxy.example.com:8080 719.Pp 720The second method is by using the 721.Ev HTTP_PROXY_AUTH 722environment variable: 723.Bd -literal -offset indent 724HTTP_PROXY=http://proxy.example.com:8080 725HTTP_PROXY_AUTH=basic:*:<user>:<pwd> 726.Ed 727.Pp 728To disable the use of a proxy for an HTTP server running on the local 729host, define 730.Ev NO_PROXY 731as follows: 732.Bd -literal -offset indent 733NO_PROXY=localhost,127.0.0.1 734.Ed 735.Pp 736To use a SOCKS5 proxy, set the 737.Ev SOCKS5_PROXY 738environment variable to a 739valid host or IP followed by an optional colon and the port. 740IPv6 addresses must be enclosed in brackets. 741The following are examples of valid settings: 742.Bd -literal -offset indent 743SOCKS5_PROXY=proxy.example.com 744SOCKS5_PROXY=proxy.example.com:1080 745SOCKS5_PROXY=192.0.2.0 746SOCKS5_PROXY=198.51.100.0:1080 747SOCKS5_PROXY=[2001:db8::1] 748SOCKS5_PROXY=[2001:db8::2]:1080 749.Ed 750.Pp 751Access HTTPS website without any certificate verification whatsoever: 752.Bd -literal -offset indent 753SSL_NO_VERIFY_PEER=1 754SSL_NO_VERIFY_HOSTNAME=1 755.Ed 756.Pp 757Access HTTPS website using client certificate based authentication 758and a private CA: 759.Bd -literal -offset indent 760SSL_CLIENT_CERT_FILE=/path/to/client.pem 761SSL_CA_CERT_FILE=/path/to/myca.pem 762.Ed 763.Sh SEE ALSO 764.Xr fetch 1 , 765.Xr ip 4 766.Rs 767.%A J. Postel 768.%A J. K. Reynolds 769.%D October 1985 770.%B File Transfer Protocol 771.%O RFC959 772.Re 773.Rs 774.%A P. Deutsch 775.%A A. Emtage 776.%A A. Marine. 777.%D May 1994 778.%T How to Use Anonymous FTP 779.%O RFC1635 780.Re 781.Rs 782.%A T. Berners-Lee 783.%A L. Masinter 784.%A M. McCahill 785.%D December 1994 786.%T Uniform Resource Locators (URL) 787.%O RFC1738 788.Re 789.Rs 790.%A R. Fielding 791.%A J. Gettys 792.%A J. Mogul 793.%A H. Frystyk 794.%A L. Masinter 795.%A P. Leach 796.%A T. Berners-Lee 797.%D January 1999 798.%B Hypertext Transfer Protocol -- HTTP/1.1 799.%O RFC2616 800.Re 801.Rs 802.%A J. Franks 803.%A P. Hallam-Baker 804.%A J. Hostetler 805.%A S. Lawrence 806.%A P. Leach 807.%A A. Luotonen 808.%A L. Stewart 809.%D June 1999 810.%B HTTP Authentication: Basic and Digest Access Authentication 811.%O RFC2617 812.Re 813.Sh HISTORY 814The 815.Nm fetch 816library first appeared in 817.Fx 3.0 . 818.Sh AUTHORS 819.An -nosplit 820The 821.Nm fetch 822library was mostly written by 823.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 824with numerous suggestions and contributions from 825.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org , 826.An Eugene Skepner Aq Mt eu@qub.com , 827.An Hajimu Umemoto Aq Mt ume@FreeBSD.org , 828.An Henry Whincup Aq Mt henry@techiebod.com , 829.An Jukka A. Ukkonen Aq Mt jau@iki.fi , 830.An Jean-Fran\(,cois Dockes Aq Mt jf@dockes.org , 831.An Michael Gmelin Aq Mt freebsd@grem.de 832and others. 833It replaces the older 834.Nm ftpio 835library written by 836.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org 837and 838.An Jordan K. Hubbard Aq Mt jkh@FreeBSD.org . 839.Pp 840This manual page was written by 841.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org 842and 843.An Michael Gmelin Aq Mt freebsd@grem.de . 844.Sh BUGS 845Some parts of the library are not yet implemented. 846The most notable 847examples of this are 848.Fn fetchPutHTTP , 849.Fn fetchListHTTP , 850.Fn fetchListFTP 851and FTP proxy support. 852.Pp 853There is no way to select a proxy at run-time other than setting the 854.Ev HTTP_PROXY 855or 856.Ev FTP_PROXY 857environment variables as appropriate. 858.Pp 859.Nm libfetch 860does not understand or obey 305 (Use Proxy) replies. 861.Pp 862Error numbers are unique only within a certain context; the error 863codes used for FTP and HTTP overlap, as do those used for resolver and 864system errors. 865For instance, error code 202 means "Command not 866implemented, superfluous at this site" in an FTP context and 867"Accepted" in an HTTP context. 868.Pp 869.Fn fetchStatFTP 870does not check that the result of an MDTM command is a valid date. 871.Pp 872In case password protected keys are used for client certificate based 873authentication the user is prompted for the password on each and every 874fetch operation. 875.Pp 876The man page is incomplete, poorly written and produces badly 877formatted text. 878.Pp 879The error reporting mechanism is unsatisfactory. 880.Pp 881Some parts of the code are not fully reentrant. 882