325 lines
11 KiB
Plaintext
325 lines
11 KiB
Plaintext
|
.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
|
||
|
.\"
|
||
|
.\" Standard preamble:
|
||
|
.\" ========================================================================
|
||
|
.de Sp \" Vertical space (when we can't use .PP)
|
||
|
.if t .sp .5v
|
||
|
.if n .sp
|
||
|
..
|
||
|
.de Vb \" Begin verbatim text
|
||
|
.ft CW
|
||
|
.nf
|
||
|
.ne \\$1
|
||
|
..
|
||
|
.de Ve \" End verbatim text
|
||
|
.ft R
|
||
|
.fi
|
||
|
..
|
||
|
.\" Set up some character translations and predefined strings. \*(-- will
|
||
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
||
|
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
|
||
|
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
|
||
|
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
|
||
|
.\" nothing in troff, for use with C<>.
|
||
|
.tr \(*W-
|
||
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
||
|
.ie n \{\
|
||
|
. ds -- \(*W-
|
||
|
. ds PI pi
|
||
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
||
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
||
|
. ds L" ""
|
||
|
. ds R" ""
|
||
|
. ds C` ""
|
||
|
. ds C' ""
|
||
|
'br\}
|
||
|
.el\{\
|
||
|
. ds -- \|\(em\|
|
||
|
. ds PI \(*p
|
||
|
. ds L" ``
|
||
|
. ds R" ''
|
||
|
. ds C`
|
||
|
. ds C'
|
||
|
'br\}
|
||
|
.\"
|
||
|
.\" Escape single quotes in literal strings from groff's Unicode transform.
|
||
|
.ie \n(.g .ds Aq \(aq
|
||
|
.el .ds Aq '
|
||
|
.\"
|
||
|
.\" If the F register is turned on, we'll generate index entries on stderr for
|
||
|
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
|
||
|
.\" entries marked with X<> in POD. Of course, you'll have to process the
|
||
|
.\" output yourself in some meaningful fashion.
|
||
|
.\"
|
||
|
.\" Avoid warning from groff about undefined register 'F'.
|
||
|
.de IX
|
||
|
..
|
||
|
.nr rF 0
|
||
|
.if \n(.g .if rF .nr rF 1
|
||
|
.if (\n(rF:(\n(.g==0)) \{
|
||
|
. if \nF \{
|
||
|
. de IX
|
||
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
||
|
..
|
||
|
. if !\nF==2 \{
|
||
|
. nr % 0
|
||
|
. nr F 2
|
||
|
. \}
|
||
|
. \}
|
||
|
.\}
|
||
|
.rr rF
|
||
|
.\"
|
||
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
||
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
||
|
. \" fudge factors for nroff and troff
|
||
|
.if n \{\
|
||
|
. ds #H 0
|
||
|
. ds #V .8m
|
||
|
. ds #F .3m
|
||
|
. ds #[ \f1
|
||
|
. ds #] \fP
|
||
|
.\}
|
||
|
.if t \{\
|
||
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
||
|
. ds #V .6m
|
||
|
. ds #F 0
|
||
|
. ds #[ \&
|
||
|
. ds #] \&
|
||
|
.\}
|
||
|
. \" simple accents for nroff and troff
|
||
|
.if n \{\
|
||
|
. ds ' \&
|
||
|
. ds ` \&
|
||
|
. ds ^ \&
|
||
|
. ds , \&
|
||
|
. ds ~ ~
|
||
|
. ds /
|
||
|
.\}
|
||
|
.if t \{\
|
||
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
||
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
||
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
||
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
||
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
||
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
||
|
.\}
|
||
|
. \" troff and (daisy-wheel) nroff accents
|
||
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
||
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
||
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
||
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
||
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
||
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
||
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
||
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
||
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
||
|
. \" corrections for vroff
|
||
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
||
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
||
|
. \" for low resolution devices (crt and lpr)
|
||
|
.if \n(.H>23 .if \n(.V>19 \
|
||
|
\{\
|
||
|
. ds : e
|
||
|
. ds 8 ss
|
||
|
. ds o a
|
||
|
. ds d- d\h'-1'\(ga
|
||
|
. ds D- D\h'-1'\(hy
|
||
|
. ds th \o'bp'
|
||
|
. ds Th \o'LP'
|
||
|
. ds ae ae
|
||
|
. ds Ae AE
|
||
|
.\}
|
||
|
.rm #[ #] #H #V #F C
|
||
|
.\" ========================================================================
|
||
|
.\"
|
||
|
.IX Title "TSGET 1ossl"
|
||
|
.TH TSGET 1ossl "2024-01-30" "3.2.1" "OpenSSL"
|
||
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||
|
.\" way too many mistakes in technical documents.
|
||
|
.if n .ad l
|
||
|
.nh
|
||
|
.SH "NAME"
|
||
|
tsget \- Time Stamping HTTP/HTTPS client
|
||
|
.SH "SYNOPSIS"
|
||
|
.IX Header "SYNOPSIS"
|
||
|
\&\fBtsget\fR
|
||
|
\&\fB\-h\fR \fIserver_url\fR
|
||
|
[\fB\-e\fR \fIextension\fR]
|
||
|
[\fB\-o\fR \fIoutput\fR]
|
||
|
[\fB\-v\fR]
|
||
|
[\fB\-d\fR]
|
||
|
[\fB\-k\fR \fIprivate_key.pem\fR]
|
||
|
[\fB\-p\fR \fIkey_password\fR]
|
||
|
[\fB\-c\fR \fIclient_cert.pem\fR]
|
||
|
[\fB\-C\fR \fICA_certs.pem\fR]
|
||
|
[\fB\-P\fR \fICA_path\fR]
|
||
|
[\fB\-r\fR \fIfiles\fR]
|
||
|
[\fB\-g\fR \fIEGD_socket\fR]
|
||
|
[\fIrequest\fR ...]
|
||
|
.SH "DESCRIPTION"
|
||
|
.IX Header "DESCRIPTION"
|
||
|
This command can be used for sending a timestamp request, as specified
|
||
|
in \s-1RFC 3161,\s0 to a timestamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing the
|
||
|
timestamp response in a file. It cannot be used for creating the requests
|
||
|
and verifying responses, you have to use \fIopenssl\-ts\fR\|(1) to do that. This
|
||
|
command can send several requests to the server without closing the \s-1TCP\s0
|
||
|
connection if more than one requests are specified on the command line.
|
||
|
.PP
|
||
|
This command sends the following \s-1HTTP\s0 request for each timestamp request:
|
||
|
.PP
|
||
|
.Vb 7
|
||
|
\& POST url HTTP/1.1
|
||
|
\& User\-Agent: OpenTSA tsget.pl/<version>
|
||
|
\& Host: <host>:<port>
|
||
|
\& Pragma: no\-cache
|
||
|
\& Content\-Type: application/timestamp\-query
|
||
|
\& Accept: application/timestamp\-reply
|
||
|
\& Content\-Length: length of body
|
||
|
\&
|
||
|
\& ...binary request specified by the user...
|
||
|
.Ve
|
||
|
.PP
|
||
|
It expects a response of type application/timestamp\-reply, which is
|
||
|
written to a file without any interpretation.
|
||
|
.SH "OPTIONS"
|
||
|
.IX Header "OPTIONS"
|
||
|
.IP "\fB\-h\fR \fIserver_url\fR" 4
|
||
|
.IX Item "-h server_url"
|
||
|
The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for timestamp requests.
|
||
|
.IP "\fB\-e\fR \fIextension\fR" 4
|
||
|
.IX Item "-e extension"
|
||
|
If the \fB\-o\fR option is not given this argument specifies the extension of the
|
||
|
output files. The base name of the output file will be the same as those of
|
||
|
the input files. Default extension is \fI.tsr\fR. (Optional)
|
||
|
.IP "\fB\-o\fR \fIoutput\fR" 4
|
||
|
.IX Item "-o output"
|
||
|
This option can be specified only when just one request is sent to the
|
||
|
server. The timestamp response will be written to the given output file. '\-'
|
||
|
means standard output. In case of multiple timestamp requests or the absence
|
||
|
of this argument the names of the output files will be derived from the names
|
||
|
of the input files and the default or specified extension argument. (Optional)
|
||
|
.IP "\fB\-v\fR" 4
|
||
|
.IX Item "-v"
|
||
|
The name of the currently processed request is printed on standard
|
||
|
error. (Optional)
|
||
|
.IP "\fB\-d\fR" 4
|
||
|
.IX Item "-d"
|
||
|
Switches on verbose mode for the underlying perl module WWW::Curl::Easy.
|
||
|
You can see detailed debug messages for the connection. (Optional)
|
||
|
.IP "\fB\-k\fR \fIprivate_key.pem\fR" 4
|
||
|
.IX Item "-k private_key.pem"
|
||
|
(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS
|
||
|
\&\s0\fIprivate_key.pem\fR must contain the private key of the user. The private key
|
||
|
file can optionally be protected by a passphrase. The \fB\-c\fR option must also
|
||
|
be specified. (Optional)
|
||
|
.IP "\fB\-p\fR \fIkey_password\fR" 4
|
||
|
.IX Item "-p key_password"
|
||
|
(\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR
|
||
|
argument. If this option is omitted and the key is passphrase protected,
|
||
|
it will be prompted for. (Optional)
|
||
|
.IP "\fB\-c\fR \fIclient_cert.pem\fR" 4
|
||
|
.IX Item "-c client_cert.pem"
|
||
|
(\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS
|
||
|
\&\s0\fIclient_cert.pem\fR must contain the X.509 certificate of the user. The \fB\-k\fR
|
||
|
option must also be specified. If this option is not specified no
|
||
|
certificate-based client authentication will take place. (Optional)
|
||
|
.IP "\fB\-C\fR \fICA_certs.pem\fR" 4
|
||
|
.IX Item "-C CA_certs.pem"
|
||
|
(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's
|
||
|
certificate must include one of the \s-1CA\s0 certificates specified in this file.
|
||
|
Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS. \s0(Optional)
|
||
|
.IP "\fB\-P\fR \fICA_path\fR" 4
|
||
|
.IX Item "-P CA_path"
|
||
|
(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's
|
||
|
certificate. The directory must be prepared with \fIopenssl\-rehash\fR\|(1). Either
|
||
|
option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS. \s0(Optional)
|
||
|
.IP "\fB\-r\fR \fIfiles\fR" 4
|
||
|
.IX Item "-r files"
|
||
|
See \*(L"Random State Options\*(R" in \fIopenssl\fR\|(1) for more information.
|
||
|
.IP "\fB\-g\fR \fIEGD_socket\fR" 4
|
||
|
.IX Item "-g EGD_socket"
|
||
|
The name of an \s-1EGD\s0 socket to get random data from. (Optional)
|
||
|
.IP "\fIrequest\fR ..." 4
|
||
|
.IX Item "request ..."
|
||
|
List of files containing \s-1RFC 3161\s0 DER-encoded timestamp requests. If no
|
||
|
requests are specified only one request will be sent to the server and it will
|
||
|
be read from the standard input.
|
||
|
(Optional)
|
||
|
.SH "ENVIRONMENT VARIABLES"
|
||
|
.IX Header "ENVIRONMENT VARIABLES"
|
||
|
The \fB\s-1TSGET\s0\fR environment variable can optionally contain default
|
||
|
arguments. The content of this variable is added to the list of command line
|
||
|
arguments.
|
||
|
.SH "EXAMPLES"
|
||
|
.IX Header "EXAMPLES"
|
||
|
The examples below presume that \fIfile1.tsq\fR and \fIfile2.tsq\fR contain valid
|
||
|
timestamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests
|
||
|
and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa
|
||
|
absolute path.
|
||
|
.PP
|
||
|
Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTP,\s0 output is written to
|
||
|
\&\fIfile1.tsr\fR:
|
||
|
.PP
|
||
|
.Vb 1
|
||
|
\& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq
|
||
|
.Ve
|
||
|
.PP
|
||
|
Get a timestamp response for \fIfile1.tsq\fR and \fIfile2.tsq\fR over \s-1HTTP\s0 showing
|
||
|
progress, output is written to \fIfile1.reply\fR and \fIfile2.reply\fR respectively:
|
||
|
.PP
|
||
|
.Vb 2
|
||
|
\& tsget \-h http://tsa.opentsa.org:8080/tsa \-v \-e .reply \e
|
||
|
\& file1.tsq file2.tsq
|
||
|
.Ve
|
||
|
.PP
|
||
|
Create a timestamp request, write it to \fIfile3.tsq\fR, send it to the server and
|
||
|
write the response to \fIfile3.tsr\fR:
|
||
|
.PP
|
||
|
.Vb 3
|
||
|
\& openssl ts \-query \-data file3.txt \-cert | tee file3.tsq \e
|
||
|
\& | tsget \-h http://tsa.opentsa.org:8080/tsa \e
|
||
|
\& \-o file3.tsr
|
||
|
.Ve
|
||
|
.PP
|
||
|
Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 without client
|
||
|
authentication:
|
||
|
.PP
|
||
|
.Vb 2
|
||
|
\& tsget \-h https://tsa.opentsa.org:8443/tsa \e
|
||
|
\& \-C cacerts.pem file1.tsq
|
||
|
.Ve
|
||
|
.PP
|
||
|
Get a timestamp response for \fIfile1.tsq\fR over \s-1HTTPS\s0 with certificate-based
|
||
|
client authentication (it will ask for the passphrase if \fIclient_key.pem\fR is
|
||
|
protected):
|
||
|
.PP
|
||
|
.Vb 2
|
||
|
\& tsget \-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e
|
||
|
\& \-k client_key.pem \-c client_cert.pem file1.tsq
|
||
|
.Ve
|
||
|
.PP
|
||
|
You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR
|
||
|
environment variable. The following commands do the same as the previous
|
||
|
example:
|
||
|
.PP
|
||
|
.Vb 4
|
||
|
\& TSGET=\*(Aq\-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e
|
||
|
\& \-k client_key.pem \-c client_cert.pem\*(Aq
|
||
|
\& export TSGET
|
||
|
\& tsget file1.tsq
|
||
|
.Ve
|
||
|
.SH "SEE ALSO"
|
||
|
.IX Header "SEE ALSO"
|
||
|
\&\fIopenssl\fR\|(1),
|
||
|
\&\fIopenssl\-ts\fR\|(1),
|
||
|
WWW::Curl::Easy,
|
||
|
<https://www.rfc\-editor.org/rfc/rfc3161.html>
|
||
|
.SH "COPYRIGHT"
|
||
|
.IX Header "COPYRIGHT"
|
||
|
Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
.PP
|
||
|
Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
|
||
|
this file except in compliance with the License. You can obtain a copy
|
||
|
in the file \s-1LICENSE\s0 in the source distribution or at
|
||
|
<https://www.openssl.org/source/license.html>.
|