NAME

gmitool - a Net::Gemini command line tool

SYNOPSIS

gmitool get [-A] [-C cert -K key] [-H sni-host] [-S] \
            [-V peer|none] [-f] [-t seconds] \
            gemini://example.org
gmitool link [-b base-url] < text-gemini-content

DESCRIPTION

gmitool offers various gemini protocol related utilities. It is part of the Net::Gemini module. Subcommands include:

get

Gets a gemini page and prints it to standard out, if all goes well (garbage in, garbage out). Options:

-A

Accept verified leaf certificates without going through the usual TOFU path, assuming that the certificate can be verified. Probably good with sites that use "Let's Encrypt" as these certificates change frequently and would otherwise need the use of the -f flag to force updates, and usually will (but may not) verify correctly.

-C certificate-file

Client certificate file, use with -K for when gmitool must use a custom certificate.

-K key-file

Client private key file, use with -C.

-H hostname

Use the given hostname as the SNI host instead of the default that is taken from the URL given.

-S

Show various diagnostic information (the META field, redirects, etc).

-V mode

Specifies a custom certificate verification mode. By default Trust On First Use (TOFU) is used, which only checks the first leaf certificate against the known_hosts table.

Verification modes include peer to verify the peer certificates (the full chain), and none to do no verification. There may be hostname verification regardless; SSL is pretty complicated. See also -A.

The SSL_CERT_FILE and SSL_CERT_DIR environment variables can be used to customize the trusted certificate authority certificates.

-f

Force update of TOFU certificates. Updates to the cache will not happen if -A is used and the certificate can be verified.

-t seconds

Custom timeout for the connection, 30 seconds by default.

Extracts link from text/gemini input, and qualifies any relative links if the -b option is given.

ENVIRONMENT

SSL_CERT_DIR

Custom directory for SSL certificate authority certificates. The default is the operating system (OS) default, which could be /etc/ssl or similar. Customize this and the next to specify that only certain certificate authorities should be trusted, as opposed to everything that ships with the OS by default.

env SSL_CERT_DIR=/some/where SSL_CERT_FILE=/dev/null gmitool ...
SSL_CERT_FILE

Custom file for SSL certificate authorities.

FILES

~/.cache/gmitool/known_hosts is where the TOFU records are stored. JSON format, UTF-8 encoding.

EXIT STATUS

The gmitool utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

Net::Gemini, ftp(1), openssl(1), nc(1)

AUTHOR

Jeremy Mates