Page MenuHomeFreeBSD
Files F151121010

D5558.id14102.diff
No OneTemporary
Actions

D5558.id14102.diff
View Options

Index: lib/libfetch/fetch.3
===================================================================
--- lib/libfetch/fetch.3
+++ lib/libfetch/fetch.3
@@ -1,6 +1,6 @@
.\"-
.\" Copyright (c) 1998-2013 Dag-Erling Smørgrav
-.\" Copyright (c) 2013 Michael Gmelin <freebsd@grem.de>
+.\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd November 29, 2015
+.Dd March 5, 2016
.Dt FETCH 3
.Os
.Sh NAME
@@ -396,8 +396,15 @@
.Sh HTTPS SCHEME
Based on HTTP SCHEME.
By default the peer is verified using the CA bundle located in
-.Pa /etc/ssl/cert.pem .
-The file may contain multiple CA certificates.
+.Pa /usr/local/etc/ssl/cert.pem .
+If this file does not exist,
+.Pa /etc/ssl/cert.pem
+is used instead.
+If both files do not exist and
+.Ev SSL_CA_CERT_PATH
+has not been set,
+OpenSSL's default CA cert and path settings apply.
+The certificate bundle may contain multiple CA certificates.
A common source of a current CA bundle is
.Pa \%security/ca_root_nss .
.Pp
@@ -428,8 +435,8 @@
The environment variable
.Ev SSL_CLIENT_CERT_FILE
should be set to point to a file containing key and client certificate
-to be used in PEM format. In case the key is stored in a separate
-file, the environment variable
+to be used in PEM format.
+In case the key is stored in a separate file, the environment variable
.Ev SSL_CLIENT_KEY_FILE
can be set to point to the key in PEM format.
In case the key uses a password, the user will be prompted on standard
@@ -531,7 +538,7 @@
.El
.Pp
The accompanying error message includes a protocol-specific error code
-and message, e.g.\& "File is not available (404 Not Found)"
+and message, e.g., \& "File is not available (404 Not Found)"
.Sh ENVIRONMENT
.Bl -tag -width ".Ev FETCH_BIND_ADDRESS"
.It Ev FETCH_BIND_ADDRESS
@@ -648,8 +655,7 @@
Allow SSL version 3 when negotiating the connection (not recommended).
.It Ev SSL_CA_CERT_FILE
CA certificate bundle containing trusted CA certificates.
-Default value:
-.Pa /etc/ssl/cert.pem .
+Default value: See HTTPS SCHEME above.
.It Ev SSL_CA_CERT_PATH
Path containing trusted CA hashes.
.It Ev SSL_CLIENT_CERT_FILE
Index: usr.bin/fetch/fetch.1
===================================================================
--- usr.bin/fetch/fetch.1
+++ usr.bin/fetch/fetch.1
@@ -1,6 +1,6 @@
.\"-
.\" Copyright (c) 2000-2014 Dag-Erling Smørgrav
-.\" Copyright (c) 2013 Michael Gmelin <freebsd@grem.de>
+.\" Copyright (c) 2013-2016 Michael Gmelin <freebsd@grem.de>
.\" All rights reserved.
.\" Portions Copyright (c) 1999 Massachusetts Institute of Technology; used
.\" by permission.
@@ -30,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd March 25, 2015
+.Dd March 5, 2016
.Dt FETCH 1
.Os
.Sh NAME
@@ -134,9 +134,15 @@
[SSL]
Path to certificate bundle containing trusted CA certificates.
If not specified,
-.Pa /etc/ssl/cert.pem
+.Pa /usr/local/etc/ssl/cert.pem
is used.
-The file may contain multiple CA certificates. The port
+If this file does not exist,
+.Pa /etc/ssl/cert.pem
+is used instead.
+If both files do not exist and no CA path has been configured,
+OpenSSL's default CA cert and path settings apply.
+The certificate bundle may contain multiple CA certificates.
+The port
.Pa security/ca_root_nss
is a common source of a current CA bundle.
.It Fl -ca-path= Ns Ar dir
@@ -218,10 +224,10 @@
which proxies should not be used.
.It Fl -no-sslv3
[SSL]
-Don't allow SSL version 3 when negotiating the connection.
+Do not allow SSL version 3 when negotiating the connection.
.It Fl -no-tlsv1
[SSL]
-Don't allow TLS version 1 when negotiating the connection.
+Do not allow TLS version 1 when negotiating the connection.
.It Fl -no-verify-hostname
[SSL]
Do not verify that the hostname matches the subject of the

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 7, 5:37 AM (14 h, 51 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31013472
Default Alt Text
D5558.id14102.diff (3 KB)

Event Timeline