mirror of
https://github.com/mirror/wget.git
synced 2024-12-28 22:00:27 +08:00
[svn] Document the SSL command-line options.
This commit is contained in:
parent
f97fe7bd3c
commit
369554bd74
@ -1,3 +1,7 @@
|
||||
2005-04-23 Hrvoje Niksic <hniksic@xemacs.org>
|
||||
|
||||
* wget.texi: Documented the SSL command-line options.
|
||||
|
||||
2005-04-23 Hrvoje Niksic <hniksic@xemacs.org>
|
||||
|
||||
* wget.texi (Wgetrc Commands): Document ftp_passwd.
|
||||
|
113
doc/wget.texi
113
doc/wget.texi
@ -260,6 +260,7 @@ the command line.
|
||||
* Download Options::
|
||||
* Directory Options::
|
||||
* HTTP Options::
|
||||
* HTTPS (SSL/TLS) Options::
|
||||
* FTP Options::
|
||||
* Recursive Retrieval Options::
|
||||
* Recursive Accept/Reject Options::
|
||||
@ -1250,6 +1251,74 @@ wget --load-cookies cookies.txt \
|
||||
@end example
|
||||
@end table
|
||||
|
||||
@node HTTPS (SSL/TLS) Options
|
||||
@section HTTPS (SSL/TLS) Options
|
||||
|
||||
@cindex SSL
|
||||
To support SSL-based HTTP (HTTPS) downloads, Wget must be compiled
|
||||
with an external SSL library, currently OpenSSL. If Wget is compiled
|
||||
without SSL support, none of these options are available.
|
||||
|
||||
@table @samp
|
||||
@item --sslcertfile=@var{file}
|
||||
Use the client certificate stored in @var{file}. This is needed for
|
||||
servers that are configured to require certificates from the clients
|
||||
that connect to them. Normally a certificate is not required and this
|
||||
switch is optional.
|
||||
|
||||
@cindex SSL certificate
|
||||
@item --sslcertkey=@var{keyfile}
|
||||
Read the certificate key from @var{keyfile}.
|
||||
|
||||
@cindex SSL certificate authority
|
||||
@item --sslcadir=@var{directory}
|
||||
Specifies directory used for certificate authorities (``CA'').
|
||||
|
||||
@item --sslcafile=@var{file}
|
||||
Use @var{file} as the file with the bundle of certificate authorities.
|
||||
|
||||
@cindex SSL certificate type, specify
|
||||
@item --sslcerttype=0/1
|
||||
Specify the type of the client certificate: 0 means @code{PEM}
|
||||
(default), 1 means @code{ASN1} (@code{DER}).
|
||||
|
||||
@cindex SSL certificate, check
|
||||
@item --sslcheckcert=0/1
|
||||
If set to 1, check the server certificate against the specified client
|
||||
authorities. If this is 0 (the default), Wget will break the SSL
|
||||
handshake if the server certificate is not valid.
|
||||
|
||||
@cindex SSL protocol, choose
|
||||
@item --sslprotocol=0-3
|
||||
Choose the SSL protocol to be used. If 0 is specified (the default),
|
||||
the OpenSSL library chooses the appropriate protocol automatically.
|
||||
Specifying 1 forces the use of SSLv2, specifying 2 forces SSLv3, and
|
||||
specifying 3 forces TLSv1.
|
||||
|
||||
In most cases the OpenSSL library is capable of making an intelligent
|
||||
choice of the protocol, but there have been reports of sites that use
|
||||
old (and presumably buggy) server libraries with which a protocol has
|
||||
to be specified manually.
|
||||
|
||||
@cindex EGD
|
||||
@item --egd-file=@var{file}
|
||||
Use @var{file} as the EGD socket. EGD stands for @dfn{Entropy
|
||||
Gathering Daemon}, a user-space program that collects data from
|
||||
various unpredictable system sources and makes it available to other
|
||||
programs that might need it. Encryption software, such as the SSL
|
||||
library, needs sources of non-repeating randomness to seed the random
|
||||
number generator used to produce cryptographically strong keys.
|
||||
|
||||
OpenSSL allows the user to specify his own source of entropy using the
|
||||
@code{RAND_FILE} environment variable. If this variable is unset, or
|
||||
if the specified file does not produce enough randomness, OpenSSL will
|
||||
read random data from EGD socket specified using this option.
|
||||
|
||||
If this option is not specified (and the equivalent startup command is
|
||||
not used), EGD is never contacted. EGD is not needed on modern Unix
|
||||
systems that support @file{/dev/random}.
|
||||
@end table
|
||||
|
||||
@node FTP Options
|
||||
@section FTP Options
|
||||
|
||||
@ -2331,6 +2400,10 @@ the retrieval (50 by default).
|
||||
@item dot_spacing = @var{n}
|
||||
Specify the number of dots in a single cluster (10 by default).
|
||||
|
||||
@item egd_file = @var{string}
|
||||
Use @var{string} as the EGD socket file name. The same as
|
||||
@samp{--egd-file}.
|
||||
|
||||
@item exclude_directories = @var{string}
|
||||
Specify a comma-separated list of directories you wish to exclude from
|
||||
download---the same as @samp{-X} (@pxref{Directory-Based Limits}).
|
||||
@ -2482,11 +2555,6 @@ Set proxy authentication user name to @var{string}, like @samp{--proxy-user}.
|
||||
@item proxy_passwd = @var{string}
|
||||
Set proxy authentication password to @var{string}, like @samp{--proxy-passwd}.
|
||||
|
||||
@item referer = @var{string}
|
||||
Set HTTP @samp{Referer:} header just like @samp{--referer}. (Note it
|
||||
was the folks who wrote the @sc{http} spec who got the spelling of
|
||||
``referrer'' wrong.)
|
||||
|
||||
@item quiet = on/off
|
||||
Quiet mode---the same as @samp{-q}.
|
||||
|
||||
@ -2508,6 +2576,11 @@ Recursion level---the same as @samp{-l}.
|
||||
@item recursive = on/off
|
||||
Recursive on/off---the same as @samp{-r}.
|
||||
|
||||
@item referer = @var{string}
|
||||
Set HTTP @samp{Referer:} header just like @samp{--referer}. (Note it
|
||||
was the folks who wrote the @sc{http} spec who got the spelling of
|
||||
``referrer'' wrong.)
|
||||
|
||||
@item relative_only = on/off
|
||||
Follow only relative links---the same as @samp{-L} (@pxref{Relative
|
||||
Links}).
|
||||
@ -2538,6 +2611,36 @@ responses---the same as @samp{-S}.
|
||||
@item span_hosts = on/off
|
||||
Same as @samp{-H}.
|
||||
|
||||
@item ssl_cert_file = @var{string}
|
||||
Set the client certificate file name to @var{string}. The same as
|
||||
@samp{--sslcertfile}.
|
||||
|
||||
@item ssl_cert_key = @var{string}
|
||||
Set the certificate key file to @var{string}. The same as
|
||||
@samp{--sslcertkey}.
|
||||
|
||||
@item ssl_ca_dir = @var{string}
|
||||
Set the directory used for certificate authorities. The same as
|
||||
@samp{--sslcadir}.
|
||||
|
||||
@item ssl_ca_file = @var{string}
|
||||
Set the certificate authority bundle file to @var{string}. The same
|
||||
as @samp{--sslcafile}.
|
||||
|
||||
@item ssl_cert_type = 0/1
|
||||
Specify the type of the client certificate: 0 means @code{PEM}
|
||||
(default), 1 means @code{ASN1} (@code{DER}). The same as
|
||||
@samp{--sslcerttype}.
|
||||
|
||||
@item ssl_check_cert = 0/1
|
||||
If this is set to 1, the server certificate is checked against the
|
||||
specified client authorities. The same as @samp{--sslcheckcert}.
|
||||
|
||||
@item ssl_protocol = 0-3
|
||||
Choose the SSL protocol to be used. 0 means choose automatically, 1
|
||||
means force SSLv2, 2 means force SSLv3, and 3 means force TLSv1. The
|
||||
same as @samp{--sslprotocol}.
|
||||
|
||||
@item strict_comments = on/off
|
||||
Same as @samp{--strict-comments}.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user