3 tlssrv, tlsclient, tlssrvtunnel, tlsclienttunnel \- TLS server and client
88 is a helper program, typically exec'd in a
90 file to establish an SSL or TLS connection before launching
93 a typical command might start the IMAP or HTTP server.
95 is the server certificate;
97 should hold the corresponding private key.
100 is by convention the same as for the target server.
102 is mainly used for logging.
109 authentication is run before the TLS handshake and the resulting
110 plan9 session secret is used as a pre-shared key for TLS encryption.
111 This enables the use of TLS without certificates and also runs
112 the server command as the authorized user when the
123 between the network connection
124 and standard input and output or executes
126 with standard input and output redirected to the connection.
129 flag enables some debug output.
130 Specifying a certificate in pem(8) format with the
132 flag, causes the client to submit this certificate upon
133 server's request. A corresponding key has to be present in
137 flag writes the server's certificate to the file
139 in binary ASN.1 encoding.
140 If the server doesnt provide a certificate, an empty
145 (and, optionally, the
148 is given, the remote server must present a public key
149 whose SHA1 or SHA256 hash is listed in the file
155 for more information. The
157 option passes the string
159 in the TLS hello message (Server Name Idenfitication)
160 which is usefull when talking to webservers.
163 option was specified,
165 is interpreted as a filename to be opend read-write instead of
175 to provide TLS network tunnels, allowing legacy
176 application to take advantage of TLS encryption.
178 Listen for TLS-encrypted IMAP by creating a server certificate
179 .B /sys/lib/tls/imap.pem
180 and a listener script
181 .B /bin/service.auth/tcp993
186 exec tlssrv -c/sys/lib/tls/imap.pem -limap4d -r`{cat $3/remote} \e
187 /bin/ip/imap4d -p -dyourdomain -r`{cat $3/remote} \e
191 Interact with the server, putting the appropriate hash into
196 tlsclient -t /sys/lib/tls/mail tcp!server!imaps
199 Create a TLS-encrypted VNC connection from a client on
206 mosc% tlssrvtunnel tcp!moscvax!5903 tcp!*!12345 \e
207 /usr/you/lib/cert.pem
208 krem% tlsclienttunnel tcp!moscvax!12345 tcp!*!5905 \e
209 /usr/you/lib/cert.thumb
213 (The port numbers passed to the VNC tools are offset by 5900 from the
214 actual TCP port numbers.)
219 .B /sys/src/cmd/tlssrv.c
221 .B /sys/src/cmd/tlsclient.c
223 .B /rc/bin/tlssrvtunnel
225 .B /rc/bin/tlsclienttunnel