minssl
Software
www.skarnet.org
The minsslclient program
minsslclient is a
UCSPI client for the
minssl protocol. It connects to a remote service provided by
minsslserver and runs a program with
descriptors 6 and 7 communicating with that service over a secure channel.
Interface
minsslclient [ -z timeout ] [ -y keymgr ] [ tcpclient options ] host port prog...
- minsslclient tries and connect to a minsslserver
process listening on host:port.
- It verifies that it knows the server host key by calling the
keymgr program. By default, the contents of the
MINSSL_KEY_MANAGER variable are used. If no key manager
is specified either on the command line or in the MINSSL_KEY_MANAGER
environment variable, minsslclient will assume that the server
host key is valid and go on with the connection. This behaviour is a
potential security risk, so know what you are doing.
- It execs into prog..., with fd 6 reading from the
server and fd 7 writing to the server. The channel between the client
and the server is secure.
Options
- -y keymgr : run keymgr as the
minssl key manager program. This program should follow the
minssl keymgr interface. If this option
is not set, the value of the MINSSL_KEY_MANAGER environment
variable will be used. Be sure to always use some key manager.
- -z timeout : if there is no activity for
timeout seconds, close the connection. By default,
timeout is zero, which means infinite (no timeout).
minsslclient also accepts every option suitable for
tcpclient. It will
pass verbatim those options to the tcpclient program.
The tcpclient options modifying TCPx environment
variables will have the same effect with minsslclient, except that
the variables will be named MINSSLx.
Additional UCSPI variables
minsslclient sets the following additional environment variables
to strings of 56 hexadecimal signs:
- MINSSLREMOTEHOSTPUBKEY
- MINSSLREMOTESESSIONPUBKEY
- MINSSLLOCALSESSIONPUBKEY
Internals
minsslclient is actually a wrapper combining
tcpclient and
minssl.