diff options
Diffstat (limited to 'doc/manpages/crywrap.8')
-rw-r--r-- | doc/manpages/crywrap.8 | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/doc/manpages/crywrap.8 b/doc/manpages/crywrap.8 new file mode 100644 index 0000000000..e845c51a72 --- /dev/null +++ b/doc/manpages/crywrap.8 @@ -0,0 +1,122 @@ +.\" -*- nroff -*- +.\" This manual is for CRYWrap +.\" +.\" Copyright (C) 2003 Gergely Nagy <algernon@@bonehunter.rulez.org> +.\" +.\" Permission is granted to make and distribute verbatim copies of this +.\" manual provided the copyright notice and this permission notice are +.\" preserved on all copies. +.\" +.\" Permission is granted to copy and distribute modified versions of this +.\" manual under the conditions for verbatim copying, provided that the +.\" entire resulting derived work is distributed under the terms of a +.\" permission notice identical to this one. +.\" +.\" Permission is granted to copy and distribute translations of this +.\" manual into another language, under the above conditions for modified +.\" versions, except that this permission notice may be stated in a +.\" translation approved by the Author. +.TH CRYWRAP 8 "03 May 2003" "CryWrap" "CryWrap" +.SH "NAME" +CryWrap \- Simple TCP/IP service encryption using TLS/SSL +.SH "SYNOPSIS" +.BI "crywrap \-\-listen " HOST / PORT " \-\-destination " HOST / PORT +.BI [ options ] +.SH "DESCRIPTION" +.B CryWrap +is a simple wrapper that waits for TLS/SSL connections, and proxies +them to an unencrypted location. +.SH "OPTIONS" +.B CryWrap +takes the following options: +.SS "Required options" +.TP +.BI "\-\-destionation (\-d) " HOST / PORT +The destionation host and address, where CryWrap should connect +to. Both arguments are required. +.SS "TLS options" +.TP +.B \-\-anon (\-a) +Enables Anon-DH mode. If enabled, no certificate will be sent to the +client, and only anonymous sessions will be enabled. +.br +Default is \fBoff\fR. +.TP +.BI "\-\-pem (\-p) " cert = PATH , key = PATH +.TP +.BI "\-\-pem (\-p) " PATH +.br +The public certificate to send to clients, and the private server key. +If one of \fIcert\fR or \fIkey\fR is omitted, the value of the other +will be used for the missing one too. +If no \fIcert=\fR or \fIkey=\fR tag is given, \fIPATH\fR will be used +for both. +.br +Default is \fB/usr/local/etc/crywrap/server.pem\fR, unless \fB--anon\fR is also +specified, in which case no certificate will be used. +.TP +.BI "\-\-verify (\-v) [" LEVEL ] +Set the level of client certificate verification. Level one simply +logs the result, level two and above abort if the certificate could +not be verified. +.br +Default is \fB0\fR. +.SS "Miscellaneous options" +.TP +.B \-\-inetd (\-i) +Enable inetd-mode. Use this if you want to run CryWrap from inetd. If +this option is not enabled, then \fB\-\-listen\fR is a required +option. +.br +Default is \fBoff\fR. +.TP +.BI "\-\-listen (\-l) " HOST / PORT +The host and port CryWrap should listen on. \fIHOST\fR can be an IPv4 +or IPv6 address, or a hostname, and is optional \- if unspecified, +CryWrap will listen on all available addresses. \fIPORT\fR is +mandatory. +.br +This option is required, unless CryWrap was put into inetd mode. +.TP +.BI "\-\-pidfile (\-P) " PIDFILE +Write the pid thy runs with to +.IR PIDFILE . +.br +Default is +.BR /var/run/crywrap.pid . +.TP +.BI "\-\-user (\-u) " UID +.I UID +is the numerical user id of the user thy should run as. +.br +Default is +.BR 65534 . +.TP +.B \-\-version (\-V) +Print the version number and exit. +.TP +.B \-\-help (\-?) +Print a verbose help screen and exit. +.TP +.B \-\-usage +Print a short summary of options. +.SH "EXAMPLES" +.SS "Setting up pop3s" +.nf +crywrap \-\-listen /995 \-\-destination localhost/110 +.fi +.SS "Setting up imaps with a different certificate" +.nf +crywrap \-\-listen /993 \-\-destination localhost/143 \\ + \-\-pem /etc/ssl/certs/imap.pem +.fi +.SH "FILES" +.TP +.I /etc/crywrap/ +.RS +This directory contains the default server key and certificate. +.RE +.SH "BUGS" +Probably many. +.SH "AUTHOR" +Gergely Nagy <algernon@bonehunter.rulez.org> |