File: //usr/local/rvm/rubies/default/share/man/cat2/ucspi-tls.0
ucspi-tls(2) System Calls Manual ucspi-tls(2)
�[1mNAME�[0m
UCSPI-TLS - advanced and secure communication between server and prog
�[1mDESCRIPTON�[0m
A �[1mUCSPI-TLS �[22menhanced server makes optional SSL services available to
the client by providing three file descriptors: a �[4mcontrol�[24m �[4msocket,�[24m a
�[4mreading�[24m �[4mpipe,�[24m and a �[4mwriting�[24m �[4mpipe.�[0m
The file descriptor number of the control socket will be in the envi‐
ronment variable $SSLCTLFD.
The file descriptor number of the reading pipe will be in the environ‐
ment variable $SSLREADFD, and the file descriptor number of the writing
pipe will be in the environment variable $SSLWRITEFD.
It's possible for all three of these file descriptors to be the same.
�[1mUSAGE�[0m
�[1mUCSPI-TLS �[22mprovides standard IN and OUT (file descriptors 0 and 1) to
connected directly to the socket, for unencrypted communication.
The �[4mcontrol�[24m �[4msocket�[24m must accept at least these two commands:
�[1my �[22mStart TLS.
�[1mY �[22mStart TLS, and send optional SSL connection information back
over the control socket.
The SSL connection information will be in the in the form of an envi‐
ronment string, with zero or more environment variables, terminated by
two ASCII NULL's. Each environment variable is stored as "VAR=val ",
and an additional trailing is used to indicate the end of all envi‐
ronment variables. If there are no variables to set, " " should be
used.
When TLS is started, the �[1mUCSPI-TLS �[22menabled server will take control of
the socket, and the application is expected to switch to the file
descriptors in $SSLREADFD and $SSLWRITEFD for all future communica‐
tions. Using the regular socket after activating TLS will probably
just confuse the client.
�[1mREFERENCE�[0m
Where possible, the environment variables set should be the same ones
as Apache's �[4mmod_ssl:�[0m
http://httpd.apache.org/docs-2.4/mod/mod_ssl.html
�[1mCREDITS�[0m
Scott Gifford, Charlie Brady
ucspi-tls(2)