2006-02-12 23:11:56 +00:00
|
|
|
=pod
|
|
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
|
|
tsget - Time Stamping HTTP/HTTPS client
|
|
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
|
|
B<tsget>
|
|
|
|
|
B<-h> server_url
|
|
|
|
|
[B<-e> extension]
|
|
|
|
|
[B<-o> output]
|
|
|
|
|
[B<-v>]
|
|
|
|
|
[B<-d>]
|
|
|
|
|
[B<-k> private_key.pem]
|
|
|
|
|
[B<-p> key_password]
|
|
|
|
|
[B<-c> client_cert.pem]
|
|
|
|
|
[B<-C> CA_certs.pem]
|
|
|
|
|
[B<-P> CA_path]
|
|
|
|
|
[B<-r> file:file...]
|
|
|
|
|
[B<-g> EGD_socket]
|
2019-09-25 15:20:11 -04:00
|
|
|
[B<request...>
|
2006-02-12 23:11:56 +00:00
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-01 19:43:36 +02:00
|
|
|
This command can be used for sending a timestamp request, as specified
|
|
|
|
|
in B<RFC 3161>, to a timestamp server over HTTP or HTTPS and storing the
|
|
|
|
|
timestamp response in a file. It cannot be used for creating the requests
|
|
|
|
|
and verifying responses, you have to use L<openssl-ts(1)> to do that. This
|
|
|
|
|
command can send several requests to the server without closing the TCP
|
|
|
|
|
connection if more than one requests are specified on the command line.
|
2006-02-12 23:11:56 +00:00
|
|
|
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-01 19:43:36 +02:00
|
|
|
This command sends the following HTTP request for each timestamp request:
|
2006-02-12 23:11:56 +00:00
|
|
|
|
2016-05-20 08:11:46 -04:00
|
|
|
POST url HTTP/1.1
|
|
|
|
|
User-Agent: OpenTSA tsget.pl/<version>
|
|
|
|
|
Host: <host>:<port>
|
|
|
|
|
Pragma: no-cache
|
|
|
|
|
Content-Type: application/timestamp-query
|
|
|
|
|
Accept: application/timestamp-reply
|
|
|
|
|
Content-Length: length of body
|
2006-02-12 23:11:56 +00:00
|
|
|
|
2016-05-20 08:11:46 -04:00
|
|
|
...binary request specified by the user...
|
2006-02-12 23:11:56 +00:00
|
|
|
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-01 19:43:36 +02:00
|
|
|
It expects a response of type application/timestamp-reply, which is
|
2006-02-12 23:11:56 +00:00
|
|
|
written to a file without any interpretation.
|
|
|
|
|
|
|
|
|
|
=head1 OPTIONS
|
|
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
|
|
=item B<-h> server_url
|
|
|
|
|
|
2019-09-27 13:17:09 -04:00
|
|
|
The URL of the HTTP/HTTPS server listening for timestamp requests.
|
2006-02-12 23:11:56 +00:00
|
|
|
|
|
|
|
|
=item B<-e> extension
|
|
|
|
|
|
|
|
|
|
If the B<-o> option is not given this argument specifies the extension of the
|
|
|
|
|
output files. The base name of the output file will be the same as those of
|
|
|
|
|
the input files. Default extension is '.tsr'. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-o> output
|
|
|
|
|
|
|
|
|
|
This option can be specified only when just one request is sent to the
|
2019-09-27 13:17:09 -04:00
|
|
|
server. The timestamp response will be written to the given output file. '-'
|
|
|
|
|
means standard output. In case of multiple timestamp requests or the absence
|
2006-02-12 23:11:56 +00:00
|
|
|
of this argument the names of the output files will be derived from the names
|
|
|
|
|
of the input files and the default or specified extension argument. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-v>
|
|
|
|
|
|
|
|
|
|
The name of the currently processed request is printed on standard
|
|
|
|
|
error. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-d>
|
|
|
|
|
|
|
|
|
|
Switches on verbose mode for the underlying B<curl> library. You can see
|
|
|
|
|
detailed debug messages for the connection. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-k> private_key.pem
|
|
|
|
|
|
|
|
|
|
(HTTPS) In case of certificate-based client authentication over HTTPS
|
|
|
|
|
<private_key.pem> must contain the private key of the user. The private key
|
|
|
|
|
file can optionally be protected by a passphrase. The B<-c> option must also
|
|
|
|
|
be specified. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-p> key_password
|
|
|
|
|
|
|
|
|
|
(HTTPS) Specifies the passphrase for the private key specified by the B<-k>
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-01 19:43:36 +02:00
|
|
|
argument. If this option is omitted and the key is passphrase protected,
|
|
|
|
|
it will be prompted for. (Optional)
|
2006-02-12 23:11:56 +00:00
|
|
|
|
|
|
|
|
=item B<-c> client_cert.pem
|
|
|
|
|
|
|
|
|
|
(HTTPS) In case of certificate-based client authentication over HTTPS
|
|
|
|
|
<client_cert.pem> must contain the X.509 certificate of the user. The B<-k>
|
|
|
|
|
option must also be specified. If this option is not specified no
|
|
|
|
|
certificate-based client authentication will take place. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-C> CA_certs.pem
|
|
|
|
|
|
|
|
|
|
(HTTPS) The trusted CA certificate store. The certificate chain of the peer's
|
|
|
|
|
certificate must include one of the CA certificates specified in this file.
|
|
|
|
|
Either option B<-C> or option B<-P> must be given in case of HTTPS. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-P> CA_path
|
|
|
|
|
|
|
|
|
|
(HTTPS) The path containing the trusted CA certificates to verify the peer's
|
Command docs: fix up command references
Almost all OpenSSL commands are in reality 'openssl cmd', so make sure
they are refered to like that and not just as the sub-command.
Self-references are avoided as much as is possible, and replaced with
"this command". In some cases, we even avoid that with a slight
rewrite of the sentence or paragrah they were in. However, in the few
cases where a self-reference is still admissible, they are done in
bold, i.e. openssl-speed.pod references itself like this:
B<openssl speed>
References to other commands are done as manual links, i.e. CA.pl.pod
references 'openssl req' like this: L<openssl-req(1)>
Some commands are examples rather than references; we enclose those in
C<>.
While we are it, we abolish "utility", replacing it with "command", or
remove it entirely in some cases.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
2019-10-01 19:43:36 +02:00
|
|
|
certificate. The directory must be prepared with L<openssl-rehash(1)>. Either
|
|
|
|
|
option B<-C> or option B<-P> must be given in case of HTTPS. (Optional)
|
2006-02-12 23:11:56 +00:00
|
|
|
|
|
|
|
|
=item B<-rand> file:file...
|
|
|
|
|
|
|
|
|
|
The files containing random data for seeding the random number
|
|
|
|
|
generator. Multiple files can be specified, the separator is B<;> for
|
|
|
|
|
MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
|
|
|
|
|
|
|
|
|
|
=item B<-g> EGD_socket
|
|
|
|
|
|
|
|
|
|
The name of an EGD socket to get random data from. (Optional)
|
|
|
|
|
|
2019-09-25 15:20:11 -04:00
|
|
|
=item B<request...>
|
2006-02-12 23:11:56 +00:00
|
|
|
|
2019-09-27 13:17:09 -04:00
|
|
|
List of files containing B<RFC 3161> DER-encoded timestamp requests. If no
|
2013-12-23 19:28:30 +01:00
|
|
|
requests are specified only one request will be sent to the server and it will be
|
2006-02-12 23:11:56 +00:00
|
|
|
read from the standard input. (Optional)
|
|
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
|
|
=head1 ENVIRONMENT VARIABLES
|
|
|
|
|
|
|
|
|
|
The B<TSGET> environment variable can optionally contain default
|
|
|
|
|
arguments. The content of this variable is added to the list of command line
|
|
|
|
|
arguments.
|
|
|
|
|
|
|
|
|
|
=head1 EXAMPLES
|
|
|
|
|
|
|
|
|
|
The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid
|
2019-09-27 13:17:09 -04:00
|
|
|
timestamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
|
2006-02-12 23:11:56 +00:00
|
|
|
and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
|
|
|
|
|
absolute path.
|
|
|
|
|
|
2019-09-27 13:17:09 -04:00
|
|
|
Get a timestamp response for file1.tsq over HTTP, output is written to
|
2006-02-12 23:11:56 +00:00
|
|
|
file1.tsr:
|
2010-01-05 17:16:54 +00:00
|
|
|
|
2006-02-12 23:11:56 +00:00
|
|
|
tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
|
|
|
|
|
|
2019-09-27 13:17:09 -04:00
|
|
|
Get a timestamp response for file1.tsq and file2.tsq over HTTP showing
|
2006-02-12 23:11:56 +00:00
|
|
|
progress, output is written to file1.reply and file2.reply respectively:
|
2010-01-05 17:16:54 +00:00
|
|
|
|
2006-02-12 23:11:56 +00:00
|
|
|
tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
|
2016-05-20 08:11:46 -04:00
|
|
|
file1.tsq file2.tsq
|
2006-02-12 23:11:56 +00:00
|
|
|
|
2019-09-27 13:17:09 -04:00
|
|
|
Create a timestamp request, write it to file3.tsq, send it to the server and
|
2006-02-12 23:11:56 +00:00
|
|
|
write the response to file3.tsr:
|
2010-01-05 17:16:54 +00:00
|
|
|
|
2006-02-12 23:11:56 +00:00
|
|
|
openssl ts -query -data file3.txt -cert | tee file3.tsq \
|
2016-05-20 08:11:46 -04:00
|
|
|
| tsget -h http://tsa.opentsa.org:8080/tsa \
|
|
|
|
|
-o file3.tsr
|
2006-02-12 23:11:56 +00:00
|
|
|
|
2019-09-27 13:17:09 -04:00
|
|
|
Get a timestamp response for file1.tsq over HTTPS without client
|
2006-02-12 23:11:56 +00:00
|
|
|
authentication:
|
2010-01-05 17:16:54 +00:00
|
|
|
|
2006-02-12 23:11:56 +00:00
|
|
|
tsget -h https://tsa.opentsa.org:8443/tsa \
|
2016-05-20 08:11:46 -04:00
|
|
|
-C cacerts.pem file1.tsq
|
2006-02-12 23:11:56 +00:00
|
|
|
|
2019-09-27 13:17:09 -04:00
|
|
|
Get a timestamp response for file1.tsq over HTTPS with certificate-based
|
2006-02-12 23:11:56 +00:00
|
|
|
client authentication (it will ask for the passphrase if client_key.pem is
|
|
|
|
|
protected):
|
|
|
|
|
|
|
|
|
|
tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
|
2016-05-20 08:11:46 -04:00
|
|
|
-k client_key.pem -c client_cert.pem file1.tsq
|
2006-02-12 23:11:56 +00:00
|
|
|
|
|
|
|
|
You can shorten the previous command line if you make use of the B<TSGET>
|
|
|
|
|
environment variable. The following commands do the same as the previous
|
|
|
|
|
example:
|
|
|
|
|
|
|
|
|
|
TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
|
2016-05-20 08:11:46 -04:00
|
|
|
-k client_key.pem -c client_cert.pem'
|
2006-02-12 23:11:56 +00:00
|
|
|
export TSGET
|
|
|
|
|
tsget file1.tsq
|
|
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
2016-11-11 09:33:47 +01:00
|
|
|
=for comment foreign manuals: curl(1)
|
|
|
|
|
|
2019-08-22 01:04:41 +02:00
|
|
|
L<openssl(1)>,
|
|
|
|
|
L<openssl-ts(1)>,
|
|
|
|
|
L<openssl-curl(1)>,
|
2006-02-12 23:11:56 +00:00
|
|
|
B<RFC 3161>
|
|
|
|
|
|
2016-05-18 11:44:05 -04:00
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
2019-08-22 01:04:41 +02:00
|
|
|
Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
2016-05-18 11:44:05 -04:00
|
|
|
|
2018-12-06 14:04:11 +01:00
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 11:44:05 -04:00
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
|
|
=cut
|
