File: upscli_init.txt

package info (click to toggle)
nut 2.8.1-5
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 18,284 kB
  • sloc: ansic: 108,785; sh: 9,370; cpp: 3,370; makefile: 2,842; python: 1,029; perl: 763; xml: 47
file content (71 lines) | stat: -rw-r--r-- 2,522 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
UPSCLI_INIT(3)
==============

NAME
----

upscli_init - Initialize upsclient module specifying security properties.

SYNOPSIS
--------

 #include <upsclient.h>

 int upscli_init(int certverify, const char *certpath,
			const char *certname, const char *certpasswd);

DESCRIPTION
-----------

The *upscli_init()* function initialize upsclient module and set many
TLS/SSL-related properties: 'certverify' to 1 makes certificate verification
required for all SSL connections and 'certpath' is the location of
certificate database.

If compiled with OpenSSL, certpath refers to directory containing
certificates where the certificates must be named according to their
hash values ending in a ".0" extension. If two certificates result in
the same hash value (thus file name), the ".0" can be incremented to ".1"
and so on, as needed. The bash command for creating links in this manner
would be:

    ln -s ca.pem ./$(openssl x509 -hash -noout -in ca.pem).0

Alternatively, the c_rehash utility (provided by openssl-perl) can take a
directory and iterate it to link all certificates found in that directory,
in the manner described above.

If compiled with NSS, certpath refers to a directory containing database
files.

If compiled with NSS and using SSL, you can specify 'certname' the name
of the certificate to send to upsd and 'certpasswd' the password used
to decrypt certificate private key.

If compiled with NSS, it would normally log either the infamous message
"Init SSL without certificate database" if no 'certpath' was provided,
or "Init SSL with certificate database located at %s" otherwise.
Since some programmatic consumers become confused by such extra text on
the `stderr` of tools they call (such as monitoring systems doing `upsc`
queries), you can export an environment variable `NUT_QUIET_INIT_SSL`
with string values "true", "TRUE" or "1", to avoid logging these messages
and just emit them as debug stream (at verbosity 1 or higher).

You can call linkman:upscli_add_host_cert[3] to register specific host
security policy before initialize connections to them.

You must call linkman:upscli_cleanup[3] when exiting application.

RETURN VALUE
------------

The *upscli_init()* function returns 1 on success, or -1 if an error occurs.

SEE ALSO
--------

linkman:upscli_add_host_cert[3], linkman:upscli_cleanup[3],
linkman:upscli_disconnect[3], linkman:upscli_fd[3],
linkman:upscli_splitaddr[3], linkman:upscli_splitname[3],
linkman:upscli_ssl[3], linkman:upscli_strerror[3],
linkman:upscli_upserror[3]