Commit 44c50ca2 authored by Kartik Mistry's avatar Kartik Mistry 🇮🇳

Imported Upstream version 1.18.1

parent 5b0326c5
Tatsuhiro Tsujikawa <t-tujikawa at users dot sourceforge dot net>
Ross Smith II <aria2spam at netebb dot com> (Windows port)
Nils Maier <maierman at web dot Germany>
This diff is collapsed.
aria2 1.18.1
============
Release Note
------------
This release fixes the percent-encoding bug which affects file name
encodings. It adds PKCS12 support in certificate import. It also adds
experimental internal implementation of message digest functions, ARC4
cipher and bignum. It means that no external libraries are required to
build BitTorrent support, but this feature is still marked as
experimental. This release also fixes the android build with NDK r9.
Changes
-------
* LibsslTLSContext: Remove weak cipher suite
* AppleTLS: Enable --certificate
* util::percentEncodeMini: Fix regression bug removed unsignedness
srange-based for around std::string is convenient but several
functions depend unsigned char for correctness and readability.
* Log exception; throw error if loading private key and/or certificate
failed
* Provide internal ARC4 implementation
Now you can build bittorrent support without without external
libraries, meaning you can skip libnettle, libgmp, libgcrypt, GnuTLS
and OpenSSL on OSX (for now).
* Internal implementation of DHKeyExchange
Reusing a bignum (well, unsigned very-long) implementation I had
lying around for years and just cleaned up a bit and brought to
C++11 land.
It might not be the most performant implementation, but it shoud be
fast enough for our purposes and will go a long way of removing
gcrypt, nettle, gmp, openssl dependencies when using AppleTLS and
WinTLS (upcoming).
* PKCS12 support in --certificate and --rpc-certificate options.
* Add --disable-ssl configure option
* Add internal md5 and sha1 message digests
* Fix AppleMessageDigestImpl use with large data
* Set old cookie's creation-time to new cookie on replacement
As described in http://tools.ietf.org/html/rfc6265#section-5.3
* Fix link error with Android NDK r9
Since Android ndk r9, __set_errno is deprecated. It is now defined
as inline function in errno.h. The syscall assembly calls
__set_errno, but since libc.so does not export it, the link
fails. To workaround this, replace all occurrences of __set_errno
with a2_set_errno and define it as normal C function.
aria2 1.18.0
============
......
......@@ -422,8 +422,8 @@ files are stored there.</p>
<h1>Dependency</h1>
<table border="1" class="docutils">
<colgroup>
<col width="38%" />
<col width="63%" />
<col width="35%" />
<col width="65%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">features</th>
......@@ -432,7 +432,7 @@ files are stored there.</p>
</thead>
<tbody valign="top">
<tr><td>HTTPS</td>
<td>GnuTLS or OpenSSL</td>
<td>OSX or GnuTLS or OpenSSL</td>
</tr>
<tr><td>BitTorrent</td>
<td>libnettle+libgmp or libgcrypt or OpenSSL</td>
......@@ -441,7 +441,8 @@ files are stored there.</p>
<td>libxml2 or Expat.</td>
</tr>
<tr><td>Checksum</td>
<td>libnettle or libgcrypt or OpenSSL</td>
<td>None. Optional: OSX or libnettle or libgcrypt
or OpenSSL (see note)</td>
</tr>
<tr><td>gzip, deflate in HTTP</td>
<td>zlib</td>
......@@ -467,16 +468,23 @@ If you prefer Expat, run configure with <tt class="docutils literal"><span class
</div>
<div class="note">
<p class="first admonition-title">Note</p>
<p>On Apple OSX the OS-level SSL/TLS support will be preferred. Hence
neither GnuTLS nor OpenSSL are required on that platform. If you'd like
to disable this behavior, run configure with <tt class="docutils literal"><span class="pre">--without-appletls</span></tt>.</p>
<p class="last">GnuTLS has precedence over OpenSSL if both libraries are installed.
If you prefer OpenSSL, run configure with <tt class="docutils literal"><span class="pre">--without-gnutls</span></tt>
<tt class="docutils literal"><span class="pre">--with-openssl</span></tt>.</p>
</div>
<div class="note">
<p class="first admonition-title">Note</p>
<p class="last">libnettle has precedence over libgcrypt if both libraries are
<p>On Apple OSX the OS-level checksumming support will be preferred,
unless aria2 is configured with <tt class="docutils literal"><span class="pre">--without-appletls</span></tt>.</p>
<p>libnettle has precedence over libgcrypt if both libraries are
installed. If you prefer libgcrypt, run configure with
<tt class="docutils literal"><span class="pre">--without-libnettle</span> <span class="pre">--with-libgcrypt</span></tt>. If OpenSSL is selected over
GnuTLS, neither libnettle nor libgcrypt will be used.</p>
<p class="last">If none of the optional dependencies are installed, an internal
implementation that only supports md5 and sha1 will be used.</p>
</div>
<p>A user can have one of the following configurations for SSL and crypto
libraries:</p>
......@@ -530,8 +538,7 @@ libgnutls-dev, nettle-dev, libgmp-dev, libgpg-error-dev and libgcrypt-dev:</p>
<li>libexpat1-dev (Required for Metalink support)</li>
</ul>
<p>On Fedora you need the following packages: gcc, gcc-c++, kernel-devel,
libgcrypt-devel, libgcrypt-devel, libxml2-devel, openssl-devel,
gettext-devel, cppunit</p>
libgcrypt-devel, libxml2-devel, openssl-devel, gettext-devel, cppunit</p>
<p>If you downloaded source code from git repository, you have to run
following command to generate configure script and other files
necessary to build the program:</p>
......@@ -631,6 +638,8 @@ $ HOST=x86_64-w64-mingw32 ./mingw-config
<h1>Cross-compiling Android binary</h1>
<p>In this section, we describe how to build Android binary using Android
NDK cross-compiler on Debian Linux.</p>
<p>At the time of this writing, android-ndk-r9 should compile aria2
without errors.</p>
<p><tt class="docutils literal"><span class="pre">android-config</span></tt> script is a configure script wrapper for Android
build. We use it to create official Android build. This script
assumes the following libraries have been built for cross-compile:</p>
......@@ -648,13 +657,13 @@ by ourselves.</p>
environment variable which must fulfill the following conditions:</p>
<ul>
<li><p class="first">Android NDK toolchain is installed under
<tt class="docutils literal">$ANDROID_HOME/toolchain</tt>. Refer to &quot;3/ Invoking the compiler
<tt class="docutils literal">$ANDROID_HOME/toolchain</tt>. Refer to &quot;4/ Invoking the compiler
(the easy way):&quot; section in Android NDK
<tt class="docutils literal"><span class="pre">docs/STANDALONE-TOOLCHAIN.html</span></tt> to install custom toolchain.</p>
<p>For example, to install toolchain under <tt class="docutils literal">$ANDROID_HOME/toolchain</tt>,
do this:</p>
<pre class="literal-block">
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-9 --install-dir=$ANDROID_HOME/toolchain
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-18 --toolchain=arm-linux-androideabi-4.8 --install-dir=$ANDROID_HOME/toolchain
</pre>
<p>You may need to add <tt class="docutils literal"><span class="pre">--system=linux-x86_64</span></tt> to the above
command-line for x86_64 Linux host.</p>
......
......@@ -99,10 +99,11 @@ Dependency
======================== ========================================
features dependency
======================== ========================================
HTTPS GnuTLS or OpenSSL
HTTPS OSX or GnuTLS or OpenSSL
BitTorrent libnettle+libgmp or libgcrypt or OpenSSL
Metalink libxml2 or Expat.
Checksum libnettle or libgcrypt or OpenSSL
Checksum None. Optional: OSX or libnettle or libgcrypt
or OpenSSL (see note)
gzip, deflate in HTTP zlib
Async DNS C-Ares
Firefox3/Chromium cookie libsqlite3
......@@ -118,16 +119,26 @@ JSON-RPC over WebSocket libnettle or libgcrypt or OpenSSL
.. note::
On Apple OSX the OS-level SSL/TLS support will be preferred. Hence
neither GnuTLS nor OpenSSL are required on that platform. If you'd like
to disable this behavior, run configure with ``--without-appletls``.
GnuTLS has precedence over OpenSSL if both libraries are installed.
If you prefer OpenSSL, run configure with ``--without-gnutls``
``--with-openssl``.
.. note::
On Apple OSX the OS-level checksumming support will be preferred,
unless aria2 is configured with ``--without-appletls``.
libnettle has precedence over libgcrypt if both libraries are
installed. If you prefer libgcrypt, run configure with
``--without-libnettle --with-libgcrypt``. If OpenSSL is selected over
GnuTLS, neither libnettle nor libgcrypt will be used.
If none of the optional dependencies are installed, an internal
implementation that only supports md5 and sha1 will be used.
A user can have one of the following configurations for SSL and crypto
libraries:
......@@ -183,8 +194,7 @@ You can use libexpat1-dev instead of libxml2-dev:
* libexpat1-dev (Required for Metalink support)
On Fedora you need the following packages: gcc, gcc-c++, kernel-devel,
libgcrypt-devel, libgcrypt-devel, libxml2-devel, openssl-devel,
gettext-devel, cppunit
libgcrypt-devel, libxml2-devel, openssl-devel, gettext-devel, cppunit
If you downloaded source code from git repository, you have to run
following command to generate configure script and other files
......@@ -296,6 +306,9 @@ Cross-compiling Android binary
In this section, we describe how to build Android binary using Android
NDK cross-compiler on Debian Linux.
At the time of this writing, android-ndk-r9 should compile aria2
without errors.
``android-config`` script is a configure script wrapper for Android
build. We use it to create official Android build. This script
assumes the following libraries have been built for cross-compile:
......@@ -315,14 +328,14 @@ by ourselves.
environment variable which must fulfill the following conditions:
* Android NDK toolchain is installed under
``$ANDROID_HOME/toolchain``. Refer to "3/ Invoking the compiler
``$ANDROID_HOME/toolchain``. Refer to "4/ Invoking the compiler
(the easy way):" section in Android NDK
``docs/STANDALONE-TOOLCHAIN.html`` to install custom toolchain.
For example, to install toolchain under ``$ANDROID_HOME/toolchain``,
do this::
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-9 --install-dir=$ANDROID_HOME/toolchain
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-18 --toolchain=arm-linux-androideabi-4.8 --install-dir=$ANDROID_HOME/toolchain
You may need to add ``--system=linux-x86_64`` to the above
command-line for x86_64 Linux host.
......
......@@ -557,6 +557,9 @@
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Use security.h in WIN32 mode */
#undef SECURITY_WIN32
/* Define to the type of arg 1 for `select'. */
#undef SELECT_TYPE_ARG1
......@@ -589,6 +592,15 @@
/* What message digest implementation to use */
#undef USE_APPLE_MD
/* Define to 1 if internal ARC4 support is enabled. */
#undef USE_INTERNAL_ARC4
/* Define to 1 if internal BIGNUM support is enabled. */
#undef USE_INTERNAL_BIGNUM
/* What message digest implementation to use */
#undef USE_INTERNAL_MD
/* What message digest implementation to use */
#undef USE_LIBGCRYPT_MD
......@@ -620,6 +632,9 @@
#endif
/* What message digest implementation to use */
#undef USE_WINDOWS_MD
/* Version number of package */
#undef VERSION
......
This diff is collapsed.
......@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
#
AC_PREREQ([2.67])
AC_INIT([aria2],[1.18.0],[t-tujikawa@users.sourceforge.net],[aria2],[http://aria2.sourceforge.net/])
AC_INIT([aria2],[1.18.1],[t-tujikawa@users.sourceforge.net],[aria2],[http://aria2.sourceforge.net/])
AC_CANONICAL_HOST
AC_CANONICAL_TARGET
......@@ -40,6 +40,7 @@ AC_DEFINE_UNQUOTED([TARGET], ["$target"], [Define target-type])
# Checks for arguments.
ARIA2_ARG_WITHOUT([libuv])
ARIA2_ARG_WITHOUT([appletls])
ARIA2_ARG_WITH([wintls])
ARIA2_ARG_WITHOUT([gnutls])
ARIA2_ARG_WITHOUT([libnettle])
ARIA2_ARG_WITHOUT([libgmp])
......@@ -53,6 +54,7 @@ ARIA2_ARG_WITHOUT([libz])
ARIA2_ARG_WITH([tcmalloc])
ARIA2_ARG_WITH([jemalloc])
ARIA2_ARG_DISABLE([ssl])
ARIA2_ARG_DISABLE([bittorrent])
ARIA2_ARG_DISABLE([metalink])
ARIA2_ARG_DISABLE([epoll])
......@@ -286,8 +288,39 @@ case "$host" in
*darwin*)
have_osx="yes"
;;
*mingw*)
AC_CHECK_HEADERS([windows.h \
winsock2.h \
ws2tcpip.h \
mmsystem.h \
io.h \
iphlpapi.h\
winioctl.h \
share.h], [], [],
[[
#ifdef HAVE_WS2TCPIP_H
# include <ws2tcpip.h>
#endif
#ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
#endif
#ifdef HAVE_WINDOWS_H
# include <windows.h>
#endif
]])
;;
esac
if test "x$enable_ssl" != "xyes"; then
with_appletls=no
with_wintls=no
with_libnettle=no
with_libgcrypt=no
with_gnutls=no
with_openssl=no
fi
if test "x$with_appletls" = "xyes"; then
AC_MSG_CHECKING([whether to enable Mac OS X native SSL/TLS])
if test "x$have_osx" = "xyes"; then
......@@ -303,7 +336,40 @@ if test "x$with_appletls" = "xyes"; then
fi
fi
if test "x$with_gnutls" = "xyes" && test "x$have_appletls" != "xyes"; then
if test "x$with_wintls" = "xyes"; then
AC_HAVE_LIBRARY([crypt32],[have_wintls_libs=yes],[have_wintls_libs=no])
AC_HAVE_LIBRARY([secur32],[have_wintls_libs=$have_wintls_libs],[have_wintls_libs=no])
AC_HAVE_LIBRARY([advapi32],[have_wintls_libs=$have_wintls_libs],[have_wintls_libs=no])
AC_CHECK_HEADER([wincrypt.h], [have_wintls_headers=yes], [have_wintls_headers=no], [[
#ifdef HAVE_WINDOWS_H
# include <windows.h>
#endif
]])
AC_CHECK_HEADER([security.h], [have_wintls_headers=$have_wintls_headers], [have_wintls_headers=no], [[
#ifdef HAVE_WINDOWS_H
# include <windows.h>
#endif
#ifndef SECURITY_WIN32
#define SECURITY_WIN32 1
#endif
]])
if test "x$have_wintls_libs" = "xyes" &&
test "x$have_wintls_headers" = "xyes"; then
AC_DEFINE([SECURITY_WIN32], [1], [Use security.h in WIN32 mode])
LIBS="$LIBS -lcrypt32 -lsecur32 -ladvapi32"
have_wintls=yes
else
have_wintls=no
fi
if test "x$have_wintls" != "xyes"; then
if test "x$with_wintls_requested" = "xyes"; then
ARIA2_DEP_NOT_MET([wintls])
fi
fi
fi
if test "x$with_gnutls" = "xyes" && test "x$have_appletls" != "xyes" && test "x$have_wintls" != "xyes"; then
# gnutls >= 2.8 doesn't have libgnutls-config anymore. We require
# 2.2.0 because we use gnutls_priority_set_direct()
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 2.2.0],
......@@ -321,7 +387,7 @@ if test "x$with_gnutls" = "xyes" && test "x$have_appletls" != "xyes"; then
fi
fi
if test "x$with_openssl" = "xyes" && test "x$have_appletls" != "xyes" && test "x$have_libgnutls" != "xyes"; then
if test "x$with_openssl" = "xyes" && test "x$have_appletls" != "xyes" && test "x$have_wintls" != "xyes" && test "x$have_libgnutls" != "xyes"; then
PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],
[have_openssl=yes], [have_openssl=no])
if test "x$have_openssl" = "xyes"; then
......@@ -394,39 +460,50 @@ if test "x$with_libcares" = "xyes"; then
fi
use_md=""
if test "x$have_osx" == "xyes"; then
if test "x$have_appletls" == "xyes"; then
use_md="apple"
AC_DEFINE([USE_APPLE_MD], [1], [What message digest implementation to use])
else
if test "x$have_libnettle" = "xyes"; then
AC_DEFINE([USE_LIBNETTLE_MD], [1], [What message digest implementation to use])
use_md="libnettle"
if test "x$have_wintls" == "xyes"; then
use_md="windows"
AC_DEFINE([USE_WINDOWS_MD], [1], [What message digest implementation to use])
else
if test "x$have_libgcrypt" = "xyes"; then
AC_DEFINE([USE_LIBGCRYPT_MD], [1], [What message digest implementation to use])
use_md="libgcrypt"
if test "x$have_libnettle" = "xyes"; then
AC_DEFINE([USE_LIBNETTLE_MD], [1], [What message digest implementation to use])
use_md="libnettle"
else
if test "x$have_openssl" = "xyes"; then
AC_DEFINE([USE_OPENSSL_MD], [1], [What message digest implementation to use])
use_md="openssl"
if test "x$have_libgcrypt" = "xyes"; then
AC_DEFINE([USE_LIBGCRYPT_MD], [1], [What message digest implementation to use])
use_md="libgcrypt"
else
if test "x$have_openssl" = "xyes"; then
AC_DEFINE([USE_OPENSSL_MD], [1], [What message digest implementation to use])
use_md="openssl"
else
AC_DEFINE([USE_INTERNAL_MD], [1], [What message digest implementation to use])
use_md="internal"
fi
fi
fi
fi
fi
# Define variables based on the result of the checks for libraries.
if test "x$have_appletls" = "xyes" || test "x$have_libgnutls" = "xyes" || test "x$have_openssl" = "xyes"; then
if test "x$have_appletls" = "xyes" || test "x$have_wintls" == "xyes" || test "x$have_libgnutls" = "xyes" || test "x$have_openssl" = "xyes"; then
have_ssl="yes"
AC_DEFINE([ENABLE_SSL], [1], [Define to 1 if ssl support is enabled.])
AM_CONDITIONAL([ENABLE_SSL], true)
else
have_ssl="no"
AM_CONDITIONAL([ENABLE_SSL], false)
fi
AM_CONDITIONAL([HAVE_OSX], [ test "x$have_osx" = "xyes" ])
AM_CONDITIONAL([HAVE_APPLETLS], [ test "x$have_appletls" = "xyes" ])
AM_CONDITIONAL([HAVE_WINTLS], [ test "x$have_wintls" = "xyes" ])
AM_CONDITIONAL([USE_APPLE_MD], [ test "x$use_md" = "xapple" ])
AM_CONDITIONAL([USE_WINDOWS_MD], [ test "x$use_md" = "xwindows" ])
AM_CONDITIONAL([HAVE_LIBGNUTLS], [ test "x$have_libgnutls" = "xyes" ])
AM_CONDITIONAL([HAVE_LIBNETTLE], [ test "x$have_libnettle" = "xyes" ])
AM_CONDITIONAL([USE_LIBNETTLE_MD], [ test "x$use_md" = "xlibnettle"])
......@@ -435,6 +512,7 @@ AM_CONDITIONAL([HAVE_LIBGCRYPT], [ test "x$have_libgcrypt" = "xyes" ])
AM_CONDITIONAL([USE_LIBGCRYPT_MD], [ test "x$use_md" = "xlibgcrypt"])
AM_CONDITIONAL([HAVE_OPENSSL], [ test "x$have_openssl" = "xyes" ])
AM_CONDITIONAL([USE_OPENSSL_MD], [ test "x$use_md" = "xopenssl"])
AM_CONDITIONAL([USE_INTERNAL_MD], [ test "x$use_md" = "xinternal"])
if test "x$use_md" != "x"; then
AC_DEFINE([ENABLE_MESSAGE_DIGEST], [1],
......@@ -445,14 +523,26 @@ else
AM_CONDITIONAL([ENABLE_MESSAGE_DIGEST], false)
fi
if test "x$have_libnettle" = "xyes" && test "x$have_libgmp" = "xyes" ||
test "x$have_libgcrypt" = "xyes" || test "x$have_openssl" = "xyes"; then
enable_bignum=yes
if test "x$have_libgmp" = "xyes" ||
test "x$have_libgcrypt" = "xyes" ||
test "x$have_openssl" = "xyes"; then
AM_CONDITIONAL([USE_INTERNAL_BIGNUM], false)
else
AC_DEFINE([USE_INTERNAL_BIGNUM], [1], [Define to 1 if internal BIGNUM support is enabled.])
AM_CONDITIONAL([USE_INTERNAL_BIGNUM], true)
fi
if test "x$have_libnettle" = "xyes" ||
test "x$have_libgcrypt" = "xyes" ||
test "x$have_openssl" = "xyes"; then
AM_CONDITIONAL([USE_INTERNAL_ARC4], false)
else
AC_DEFINE([USE_INTERNAL_ARC4], [1], [Define to 1 if internal ARC4 support is enabled.])
AM_CONDITIONAL([USE_INTERNAL_ARC4], true)
fi
if test "x$enable_bittorrent" = "xyes" &&
test "x$enable_message_digest" = "xyes" &&
test "x$enable_bignum" = "xyes"; then
test "x$enable_message_digest" = "xyes"; then
AC_DEFINE([ENABLE_BITTORRENT], [1],
[Define to 1 if BitTorrent support is enabled.])
AM_CONDITIONAL([ENABLE_BITTORRENT], true)
......@@ -519,30 +609,6 @@ esac
AC_FUNC_ALLOCA
AC_HEADER_STDC
case "$host" in
*mingw*)
AC_CHECK_HEADERS([windows.h \
winsock2.h \
ws2tcpip.h \
mmsystem.h \
io.h \
iphlpapi.h\
winioctl.h \
share.h], [], [],
[[
#ifdef HAVE_WS2TCPIP_H
# include <ws2tcpip.h>
#endif
#ifdef HAVE_WINSOCK2_H
# include <winsock2.h>
#endif
#ifdef HAVE_WINDOWS_H
# include <windows.h>
#endif
]])
;;
esac
AC_CHECK_HEADERS([argz.h \
arpa/inet.h \
fcntl.h \
......@@ -869,6 +935,7 @@ AC_SUBST([bashcompletiondir])
case "$host" in
*android*)
android=yes
LIBS="$LIBS -lstdc++ -lsupc++"
case "$host" in
arm-*)
......@@ -886,6 +953,7 @@ case "$host" in
;;
esac
AM_CONDITIONAL([ANDROID], [test "x$android" = "xyes"])
AM_CONDITIONAL([ANDROID_ARM], [test "x$android_arm" = "xyes"])
AM_CONDITIONAL([ANDROID_MIPS], [test "x$android_mips" = "xyes"])
AM_CONDITIONAL([ANDROID_X86], [test "x$android_x86" = "xyes"])
......@@ -934,6 +1002,7 @@ echo "LibUV: $have_libuv"
echo "SQLite3: $have_sqlite3"
echo "SSL Support: $have_ssl"
echo "AppleTLS: $have_appletls"
echo "WinTLS: $have_wintls"
echo "GnuTLS: $have_libgnutls"
echo "OpenSSL: $have_openssl"
echo "CA Bundle: $ca_bundle"
......@@ -945,7 +1014,7 @@ echo "Epoll: $have_epoll"
echo "Bittorrent: $enable_bittorrent"
echo "Metalink: $enable_metalink"
echo "XML-RPC: $enable_xml_rpc"
echo "Message Digest: $enable_message_digest"
echo "Message Digest: $use_md"
echo "WebSocket: $enable_websocket"
echo "Libaria2: $enable_libaria2"
if test "x$enable_libaria2" = "xyes"; then
......
.TH "ARIA2C" "1" "September 10, 2013" "1.18.0" "aria2"
.TH "ARIA2C" "1" "October 20, 2013" "1.18.1" "aria2"
.SH NAME
aria2c \- The ultra fast download utility
.
......@@ -424,13 +424,46 @@ certificates store, aria2 will automatically load those
certificates at the startup.
.UNINDENT
.UNINDENT
.sp
\fBNOTE:\fP
.INDENT 7.0
.INDENT 3.5
\fIWinTLS\fP and \fIAppleTLS\fP do not support this option. Instead you will
have to import the certificate into the OS trust store.
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-\-certificate=<FILE>
Use the client certificate in FILE.
The certificate must be in PEM format.
You may use \fI\%--private-key\fP option to specify the private key.
Use the client certificate in FILE. The certificate must be
either in PKCS12 (.p12, .pfx) or in PEM format.
.sp
PKCS12 files must contain the certificate, a key and optionally a chain
of additional certificates. Only PKCS12 files with a blank import password
can be opened!
.sp
When using PEM, you have to specify the private key via \fI\%--private-key\fP
as well.
.sp
\fBNOTE:\fP
.INDENT 7.0
.INDENT 3.5
\fIWinTLS\fP does not support PEM files at the moment. Users have to use PKCS12
files.
.UNINDENT
.UNINDENT
.sp
\fBNOTE:\fP
.INDENT 7.0
.INDENT 3.5
\fIAppleTLS\fP users should use the Keychain Access utility to import the client
certificate and get the SHA\-1 fingerprint from the Information dialog
corresponding to that certificate.
To start aria2c use \fI\-\-certificate=<SHA\-1>\fP and just omit the
\fI\%--private-key\fP option.
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
......@@ -1102,9 +1135,26 @@ Default: \fBfalse\fP
.TP
.B \-\-rpc\-certificate=<FILE>
Use the certificate in FILE for RPC server. The certificate must be
in PEM format. Use \fI\%--rpc-private-key\fP option to specify the
private key. Use \fI\%--rpc-secure\fP option to enable encryption.
either in PKCS12 (.p12, .pfx) or in PEM format.
.sp
PKCS12 files must contain the certificate, a key and optionally a chain
of additional certificates. Only PKCS12 files with a blank import password
can be opened!
.sp
When using PEM, you have to specify the private key via \fI\%--rpc-private-key\fP
as well. Use \fI\%--rpc-secure\fP option to enable encryption.
.sp
\fBNOTE:\fP
.INDENT 7.0
.INDENT 3.5
\fIWinTLS\fP does not support PEM files at the moment. Users have to use PKCS12
files.
.UNINDENT
.UNINDENT
.sp
\fBNOTE:\fP
.INDENT 7.0
.INDENT 3.5
\fIAppleTLS\fP users should use the Keychain Access utility to first generate a
self\-signed SSL\-Server certificate, e.g. using the wizard, and get the
SHA\-1 fingerprint from the Information dialog corresponding to that new
......@@ -1113,6 +1163,8 @@ To start aria2c with \fI\%--rpc-secure\fP use
\fI\-\-rpc\-certificate=<SHA\-1>\fP and just omit the \fI\%--rpc-private-key\fP
option.
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B \-\-rpc\-listen\-all[=true|false]
......
......@@ -347,11 +347,33 @@ HTTP Specific Options
certificates store, aria2 will automatically load those
certificates at the startup.
.. note::
*WinTLS* and *AppleTLS* do not support this option. Instead you will
have to import the certificate into the OS trust store.
.. option:: --certificate=<FILE>
Use the client certificate in FILE.
The certificate must be in PEM format.
You may use :option:`--private-key` option to specify the private key.
Use the client certificate in FILE. The certificate must be
either in PKCS12 (.p12, .pfx) or in PEM format.
PKCS12 files must contain the certificate, a key and optionally a chain
of additional certificates. Only PKCS12 files with a blank import password
can be opened!
When using PEM, you have to specify the private key via :option:`--private-key`
as well.
.. note::
*WinTLS* does not support PEM files at the moment. Users have to use PKCS12
files.
.. note::
*AppleTLS* users should use the Keychain Access utility to import the client
certificate and get the SHA-1 fingerprint from the Information dialog
corresponding to that certificate.
To start aria2c use `--certificate=<SHA-1>` and just omit the
:option:`--private-key` option.
.. option:: --check-certificate[=true|false]
......@@ -922,16 +944,27 @@ RPC Options
.. option:: --rpc-certificate=<FILE>
Use the certificate in FILE for RPC server. The certificate must be
in PEM format. Use :option:`--rpc-private-key` option to specify the
private key. Use :option:`--rpc-secure` option to enable encryption.
*AppleTLS* users should use the Keychain Access utility to first generate a