EnglishFrenchSpanish

OnWorks favicon

couriertls - Online in the Cloud

Run couriertls in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command couriertls that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


couriertls - the Courier mail server TLS/SSL protocol wrapper

SYNOPSIS


couriertls [option...] {program} {arg...}

DESCRIPTION


The couriertls program is used by applications to encrypt a network connection using
SSL/TLS, without having the application deal with the gory details of SSL/TLS. couriertls
is used by the Courier mail server IMAP and ESMTP servers.

couriertls is not usually run directly from the commandline. An application typically
creates a network connection, then runs couriertls with appropriate options to encrypt the
network connection with SSL/TLS.

OPTIONS


-host=host, -port=port
These options are used instead of -remotefd, mostly for debugging purposes.
couriertls connects to the specified server and immediately starts SSL/TLS negotation
when the connection is established.

-localfd=n
Read and write data to encrypt via SSL/TLS from file descriptor n.

-statusfd=n
Write SSL negotiation status to file descriptor n, then close this file descriptor. If
SSL starts succesfully, reading on n gets an immediate EOF. Otherwise, a single line
of text - the error message - is read; the file descriptor is closed; and couriertls
terminates.

-printx509=n
Print the x509 certificate on file descriptor n then close it. The x509 certificate is
printed before SSL/TLS encryption starts. The application may immediately read the
certificate after running couriertls, until the file descriptor is closed.

-remotefd=n
File descriptor n is the network connection where SSL/TLS encryption is to be used.

-server
Negotiate server side of the SSL/TLS connection. If this option is not used the client
side of the SSL/TLS connection is negotiated.

-tcpd

couriertls is being called from couriertcpd, and the remote socket is present on
descriptors 0 and 1. -tcpd means, basically, the same as -remotefd=0, but couriertls
closes file descriptor 1, and redirects file descriptor 1 to file descriptor 2.

-verify=domain
Verify that domain is set in the CN field of the trusted X.509 certificate presented
by the SSL/TLS peer. TLS_TRUSTCERTS must be initialized (see below), and the
certificate must be signed by one of the trusted certificates. The CN field can
contain a wildcard: CN=*.example will match -verify=foo.example.com. For SSL/TLS
clients, TLS_VERIFYPEER must be set to PEER (see below).

-protocol=proto
Send proto protocol commands before enabling SSL/TLS on the remote connection. proto
is either "smtp" or "imap". This is a debugging option that can be used to
troubleshoot SSL/TLS with a remote IMAP or SMTP server.

If the -remotefd=n option is not specified, the rest of the command line specifies the
program to run -- and its arguments -- whose standard input and output is encrypted via
SSL/TLS over the network connection. If the program is not specified, the standard input
and output of couriertls itself is encrypted.

ENVIRONMENT VARIABLES


couriertls reads the following environment variables in order to configure the SSL/TLS
protocol:

TLS_PROTOCOL=proto
Set the protocol version. The possible versions are: SSL2, SSL3, TLS1.

TLS_CIPHER_LIST=cipherlist
Optionally set the list of protocol ciphers to be used. See OpenSSL´s documentation
for more information.

TLS_TIMEOUT=seconds
Currently not implemented, and reserved for future use. This is supposed to be an
inactivity timeout, but it´s not yet implemented.

TLS_DHCERTFILE=filename
PEM file that stores our Diffie-Hellman cipher pair. When OpenSSL is compiled to use
Diffie-Hellman ciphers instead of RSA you must generate a DH pair that will be used.
In most situations the DH pair is to be treated as confidential, and filename must not
be world-readable.

TLS_CERTFILE=filename
The certificate to use. TLS_CERTFILE is required for SSL/TLS servers, and is optional
for SSL/TLS clients. filename must not be world-readable.

TLS_TRUSTCERTS=pathname
Load trusted root certificates from pathname. pathname can be a file or a directory.
If a file, the file should contain a list of trusted certificates, in PEM format. If a
directory, the directory should contain the trusted certificates, in PEM format, one
per file and hashed using OpenSSL´s c_rehash script. TLS_TRUSTCERTS is used by
SSL/TLS clients (by specifying the -domain option) and by SSL/TLS servers
(TLS_VERIFYPEER is set to PEER or REQUIREPEER).

TLS_VERIFYPEER=level
Whether to verify peer´s X.509 certificate. The exact meaning of this option depends
upon whether couriertls is used in the client or server mode. In server mode: NONE -
do not request an X.509 certificate from the client; PEER - request an optional X.509
certificate from the client, if the client returns one, the SSL/TLS connection is shut
down unless the certificate is signed by a trusted certificate authority (see
TLS_TRUSTCERTS); REQUIREPEER - same as PEER, except that the SSL/TLS connects is also
shut down if the client does not return the optional X.509 certificate. In client
mode: NONE - ignore the server´s X.509 certificate; PEER - verify the server´s X.509
certificate according to the -domain option, (see above).

Use couriertls online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    archlabs_repo
    archlabs_repo
    Package repo for ArchLabs This is an
    application that can also be fetched
    from
    https://sourceforge.net/projects/archlabs-repo/.
    It has been hosted in OnWorks in...
    Download archlabs_repo
  • 2
    Zephyr Project
    Zephyr Project
    The Zephyr Project is a new generation
    real-time operating system (RTOS) that
    supports multiple hardware
    architectures. It is based on a
    small-footprint kernel...
    Download Zephyr Project
  • 3
    SCons
    SCons
    SCons is a software construction tool
    that is a superior alternative to the
    classic "Make" build tool that
    we all know and love. SCons is
    implemented a...
    Download SCons
  • 4
    PSeInt
    PSeInt
    PSeInt is a pseudo-code interpreter for
    spanish-speaking programming students.
    Its main purpose is to be a tool for
    learning and understanding the basic
    concep...
    Download PSeInt
  • 5
    oStorybook
    oStorybook
    oStorybook l'outil privil�gi� des
    �crivains. ATTENTION : voir sur
    http://ostorybook.tuxfamily.org/v5/
    --en_EN oStorybook the right tool for
    writers. WARNIN...
    Download oStorybook
  • 6
    Asuswrt-Merlin
    Asuswrt-Merlin
    Asuswrt-Merlin is a third party
    firmware for select Asus wireless
    routers. Based on the Asuswrt firmware
    developed by Asus, it brings tweaks, new
    features and ...
    Download Asuswrt-Merlin
  • More »

Linux commands

  • 1
    aafigure
    aafigure
    aafigure - convert ASCII art to an
    image ...
    Run aafigure
  • 2
    aafire
    aafire
    aafire, aainfo, aasavefont, aatest -
    aalib example programs ...
    Run aafire
  • 3
    coqtop.opt
    coqtop.opt
    coqtop.opt - The native-code Coq
    toplevel ...
    Run coqtop.opt
  • 4
    coqwc
    coqwc
    coqwc - print the number of
    specification, proof and comment lines
    in Coq files ...
    Run coqwc
  • 5
    g15composer
    g15composer
    g15composer - Scriptable command
    interface to libg15render(3) drawing
    functions DESCRIPTION: G15composer is a
    scriptable command interface to the
    libg15render ...
    Run g15composer
  • 6
    g15daemon
    g15daemon
    g15daemon - provides access to extra
    keys and the LCD available on the
    logitech G15 keyboard. DESCRIPTION:
    G15Daemon allows users access to all
    extra keys by d...
    Run g15daemon
  • More »

Ad