The ucspi-ssl environment variables

Standard environment variables

The ucspi-ssl servers and clients set the following environment variables:

$PROTO is the string SSL.
$SSLLOCALHOST is the name listed in DNS for the local host. If no name is available, $SSLLOCALHOST is not set. Beware that $SSLLOCALHOST can contain arbitrary characters.
$SSLLOCALIP is the IP address of the local host, in dotted-decimal format.
$SSLLOCALPORT is the local TCP port number, in decimal.
$SSLREMOTEHOST is the name listed in DNS for the remote host. If no name is available, $SSLREMOTEHOST is not set. Beware that $SSLREMOTEHOST can contain arbitrary characters.
$SSLREMOTEINFO is a connection-specific string supplied by the remote host via the 931/1413/IDENT/TAP protocol. If no information is available, $SSLREMOTEINFO is not set. Beware that $SSLREMOTEINFO can contain arbitrary characters.
$SSLREMOTEIP is the IP address of the remote host, in dotted-decimal format.
$SSLREMOTEPORT is the remote TCP port number, in decimal.

Environment for compatibility with ucspi-tcp

When invoked with the argument -e, sslserver and sslhandle servers set the following ucspi-tcp environment variables to their corresponding ucspi-ssl values:

$TCPLOCALHOST
$TCPLOCALIP
$TCPLOCALPORT
$TCPREMOTEHOST
$TCPREMOTEINFO
$TCPREMOTEIP
$TCPREMOTEPORT

SSL environment variables

When invoked with the argument -s, sslserver and sslhandle servers set the following SSL-related environment variables, similar to those set by mod_ssl. Note that sslserver etc. do not set the $HTTPS environment variable.

$SSL_PROTOCOL The SSL protocol version in use.
$SSL_SESSION_ID The current SSL session ID, hex encoded.
$SSL_CIPHER The cipher in use.
$SSL_CIPHER_ALGKEYSIZE The number of bits permitted in the cipher.
$SSL_CIPHER_USEKEYSIZE The number of bits used in the cipher.
$SSL_CIPHER_EXPORT The string "true" if $SSL_CIPHER_USEKEYSIZE is less than 56, otherwise "false".
$SSL_VERSION_INTERFACE The string "ucspi-ssl".
$SSL_VERSION_LIBRARY The OpenSSL library version in use.
$SSL_SERVER_A_KEY The signature algorithm used in the server key, if available, or "UNKNOWN".
$SSL_SERVER_A_SIG The signature algorithm used in the server certificate, if available, or "UNKNOWN".
$SSL_SERVER_CERT The server certificate.
$SSL_SERVER_CERT_CHAIN_N The list of certificates in the server verification chain.
$SSL_SERVER_M_VERSION The server certificate version.
$SSL_SERVER_M_SERIAL The server certificate serial number.
$SSL_SERVER_V_START The server certificate validity start time.
$SSL_SERVER_V_END The server certificate validity end time.
$SSL_SERVER_S_DN The server certificate distinguished name subject.
$SSL_SERVER_S_DN_X The server certificate distinguished name component X, where X is one of C, CN, D, Email, G, I, L, O, OU, S, ST, T, and UID.
$SSL_SERVER_I_DN The server certificate issuer distinguished name subject.
$SSL_SERVER_I_DN_X The server certificate issuer distinguished name component X, where X is one of C, CN, D, Email, G, I, L, O, OU, S, ST, T, and UID.
$SSL_CLIENT_A_KEY The signature algorithm used in the client key, if available, or "UNKNOWN".
$SSL_CLIENT_A_SIG The signature algorithm used in the client certificate, if available, or "UNKNOWN".
$SSL_CLIENT_CERT The client certificate.
$SSL_CLIENT_CERT_CHAIN_N The list of certificates in the client verification chain.
$SSL_CLIENT_M_VERSION The certificate version.
$SSL_CLIENT_M_SERIAL The certificate serial number.
$SSL_CLIENT_V_END The client certificate validity start time.
$SSL_CLIENT_V_START The client certificate validity end time.
$SSL_CLIENT_S_DN The client certificate distinguished name subject.
$SSL_CLIENT_S_DN_X The client certificate distinguished name component X, where X is one of C, CN, D, Email, G, I, L, O, OU, S, ST, T, and UID.
$SSL_CLIENT_I_DN The client certificate issuer distinguished name subject.
$SSL_CLIENT_I_DN_X The client certificate issuer distinguished name component X, where X is one of C, CN, D, Email, G, I, L, O, OU, S, ST, T, and UID.