gmitool - a Net::Gemini command line tool


gmitool get [-A] [-C cert -K key] [-H sni-host] [-S] \
            [-V peer|none] [-f] [-t seconds] \
gmitool link [-b base-url] < text-gemini-content


gmitool offers various gemini protocol related utilities. It is part of the Net::Gemini module. Subcommands include:


Gets a gemini page and prints it to standard out, if all goes well (garbage in, garbage out). Options:


Accept verified leaf certificates without going through the usual TOFU path, assuming that the certificate can be verified. Probably good with sites that use "Let's Encrypt" as these certificates change frequently and would otherwise need the use of the -f flag to force updates, and usually will (but may not) verify correctly.

-C certificate-file

Client certificate file, use with -K for when gmitool must use a custom certificate.

-K key-file

Client private key file, use with -C.

-H hostname

Use the given hostname as the SNI host instead of the default that is taken from the URL given.


Show various diagnostic information (the META field, redirects, etc).

-V mode

Specifies a custom certificate verification mode. By default Trust On First Use (TOFU) is used, which only checks the first leaf certificate against the known_hosts table.

Verification modes include peer to verify the peer certificates (the full chain), and none to do no verification. There may be hostname verification regardless; SSL is pretty complicated. See also -A.

The SSL_CERT_FILE and SSL_CERT_DIR environment variables can be used to customize the trusted certificate authority certificates.


Force update of TOFU certificates. Updates to the cache will not happen if -A is used and the certificate can be verified.

-t seconds

Custom timeout for the connection, 30 seconds by default.

Extracts link from text/gemini input, and qualifies any relative links if the -b option is given.



Custom directory for SSL certificate authority certificates. The default is the operating system (OS) default, which could be /etc/ssl or similar. Customize this and the next to specify that only certain certificate authorities should be trusted, as opposed to everything that ships with the OS by default.

env SSL_CERT_DIR=/some/where SSL_CERT_FILE=/dev/null gmitool ...

Custom file for SSL certificate authorities.


~/.cache/gmitool/known_hosts is where the TOFU records are stored. JSON format, UTF-8 encoding.


The gmitool utility exits 0 on success, and >0 if an error occurs.


Net::Gemini, ftp(1), openssl(1), nc(1)


Jeremy Mates