FETCH(3) FreeBSD Library Functions Manual FETCH(3)


fetchMakeURL, fetchParseURL, fetchFreeURL, fetchXGetURL, fetchGetURL, fetchPutURL, fetchStatURL, fetchListURL, fetchXGet, fetchGet, fetchPut, fetchStat, fetchList, fetchXGetFile, fetchGetFile, fetchPutFile, fetchStatFile, fetchListFile, fetchXGetHTTP, fetchGetHTTP, fetchPutHTTP, fetchStatHTTP, fetchListHTTP, fetchXGetFTP, fetchGetFTP, fetchPutFTP, fetchStatFTP, fetchListFTPfile transfer functions


File Transfer Library (libfetch, -lfetch)


#include < sys/param.h>
#include < stdio.h>
#include < fetch.h>

struct url *
fetchMakeURL( const char *scheme, const char *host, int port, const char *doc, const char *user, const char *pwd);

struct url *
fetchParseURL( const char *URL);

fetchFreeURL( struct url *u);

fetchXGetURL( const char *URL, struct url_stat *us, const char *flags);

fetchGetURL( const char *URL, const char *flags);

fetchPutURL( const char *URL, const char *flags);

fetchStatURL( const char *URL, struct url_stat *us, const char *flags);

struct url_ent *
fetchListURL( const char *URL, const char *flags);

fetchXGet( struct url *u, struct url_stat *us, const char *flags);

fetchGet( struct url *u, const char *flags);

fetchPut( struct url *u, const char *flags);

fetchStat( struct url *u, struct url_stat *us, const char *flags);

struct url_ent *
fetchList( struct url *u, const char *flags);

fetchXGetFile( struct url *u, struct url_stat *us, const char *flags);

fetchGetFile( struct url *u, const char *flags);

fetchPutFile( struct url *u, const char *flags);

fetchStatFile( struct url *u, struct url_stat *us, const char *flags);

struct url_ent *
fetchListFile( struct url *u, const char *flags);

fetchXGetHTTP( struct url *u, struct url_stat *us, const char *flags);

fetchGetHTTP( struct url *u, const char *flags);

fetchPutHTTP( struct url *u, const char *flags);

fetchStatHTTP( struct url *u, struct url_stat *us, const char *flags);

struct url_ent *
fetchListHTTP( struct url *u, const char *flags);

fetchXGetFTP( struct url *u, struct url_stat *us, const char *flags);

fetchGetFTP( struct url *u, const char *flags);

fetchPutFTP( struct url *u, const char *flags);

fetchStatFTP( struct url *u, struct url_stat *us, const char *flags);

struct url_ent *
fetchListFTP( struct url *u, const char *flags);


These functions implement a high-level library for retrieving and uploading files using Uniform Resource Locators (URLs).

fetchParseURL() takes a URL in the form of a null-terminated string and splits it into its components function according to the Common Internet Scheme Syntax detailed in RFC1738. A regular expression which produces this syntax is:


If the URL does not seem to begin with a scheme name, the following syntax is assumed:


Note that some components of the URL are not necessarily relevant to all URL schemes. For instance, the file scheme only needs the <scheme> and <document> components.

fetchMakeURL() and fetchParseURL() return a pointer to a url structure, which is defined as follows in < fetch.h>:

#define URL_SCHEMELEN 16 
#define URL_USERLEN 256 
#define URL_PWDLEN 256 
struct url { 
    char  scheme[URL_SCHEMELEN+1]; 
    char  user[URL_USERLEN+1]; 
    char  pwd[URL_PWDLEN+1]; 
    char  host[MAXHOSTNAMELEN+1]; 
    int   port; 
    char *doc; 
    off_t  offset; 
    size_t  length; 
    time_t  ims_time; 

The ims_time field stores the time value for If-Modified-Since HTTP requests.

The pointer returned by fetchMakeURL() or fetchParseURL() should be freed using fetchFreeURL().

fetchXGetURL(), fetchGetURL(), and fetchPutURL() constitute the recommended interface to the fetch library. They examine the URL passed to them to determine the transfer method, and call the appropriate lower-level functions to perform the actual transfer. fetchXGetURL() also returns the remote document's metadata in the url_stat structure pointed to by the us argument.

The flags argument is a string of characters which specify transfer options. The meaning of the individual flags is scheme-dependent, and is detailed in the appropriate section below.

fetchStatURL() attempts to obtain the requested document's metadata and fill in the structure pointed to by its second argument. The url_stat structure is defined as follows in < fetch.h>:

struct url_stat { 
    off_t  size; 
    time_t  atime; 
    time_t  mtime; 

If the size could not be obtained from the server, the size field is set to -1. If the modification time could not be obtained from the server, the mtime field is set to the epoch. If the access time could not be obtained from the server, the atime field is set to the modification time.

fetchListURL() attempts to list the contents of the directory pointed to by the URL provided. If successful, it returns a malloced array of url_ent structures. The url_ent structure is defined as follows in < fetch.h>:

struct url_ent { 
    char         name[PATH_MAX]; 
    struct url_stat stat; 

The list is terminated by an entry with an empty name.

The pointer returned by fetchListURL() should be freed using free().

fetchXGet(), fetchGet(), fetchPut() and fetchStat() are similar to fetchXGetURL(), fetchGetURL(), fetchPutURL() and fetchStatURL(), except that they expect a pre-parsed URL in the form of a pointer to a struct url rather than a string.

All of the fetchXGetXXX(), fetchGetXXX() and fetchPutXXX() functions return a pointer to a stream which can be used to read or write data from or to the requested document, respectively. Note that although the implementation details of the individual access methods vary, it can generally be assumed that a stream returned by one of the fetchXGetXXX() or fetchGetXXX() functions is read-only, and that a stream returned by one of the fetchPutXXX() functions is write-only.


fetchXGetFile(), fetchGetFile() and fetchPutFile() provide access to documents which are files in a locally mounted file system. Only the <document> component of the URL is used.

fetchXGetFile() and fetchGetFile() do not accept any flags.

fetchPutFile() accepts the ‘ a’ (append to file) flag. If that flag is specified, the data written to the stream returned by fetchPutFile() will be appended to the previous contents of the file, instead of replacing them.


fetchXGetFTP(), fetchGetFTP() and fetchPutFTP() implement the FTP protocol as described in RFC959.

If the ‘ P’ (not passive) flag is specified, an active (rather than passive) connection will be attempted.

The ‘ p’ flag is supported for compatibility with earlier versions where active connections were the default. It has precedence over the ‘ P’ flag, so if both are specified, fetchMakeURL will use a passive connection.

If the ‘ l’ (low) flag is specified, data sockets will be allocated in the low (or default) port range instead of the high port range (see ip(4)).

If the ‘ d’ (direct) flag is specified, fetchXGetFTP(), fetchGetFTP() and fetchPutFTP() will use a direct connection even if a proxy server is defined.

If no user name or password is given, the fetch library will attempt an anonymous login, with user name "anonymous" and password "anonymous@<hostname>".


The fetchXGetHTTP(), fetchGetHTTP() and fetchPutHTTP() functions implement the HTTP/1.1 protocol. With a little luck, there is even a chance that they comply with RFC2616 and RFC2617.

If the ‘ d’ (direct) flag is specified, fetchXGetHTTP(), fetchGetHTTP() and fetchPutHTTP() will use a direct connection even if a proxy server is defined.

If the ‘ i’ (if-modified-since) flag is specified, and the ims_time field is set in struct url, then fetchXGetHTTP() and fetchGetHTTP() will send a conditional If-Modified-Since HTTP header to only fetch the content if it is newer than ims_time.

Since there seems to be no good way of implementing the HTTP PUT method in a manner consistent with the rest of the fetch library, fetchPutHTTP() is currently unimplemented.


Based on HTTP SCHEME. By default the peer is verified using the CA bundle located in /etc/ssl/cert.pem. The file may contain multiple CA certificates. A common source of a current CA bundle is security/ca_root_nss.

The CA bundle used for peer verification can be changed by setting the environment variables SSL_CA_CERT_FILE to point to a concatenated bundle of trusted certificates and SSL_CA_CERT_PATH to point to a directory containing hashes of trusted CAs (see verify(1)).

A certificate revocation list (CRL) can be used by setting the environment variable SSL_CRL_FILE (see crl(1)).

Peer verification can be disabled by setting the environment variable SSL_NO_VERIFY_PEER. Note that this also disables CRL checking.

By default the service identity is verified according to the rules detailed in RFC6125 (also known as hostname verification). This feature can be disabled by setting the environment variable SSL_NO_VERIFY_HOSTNAME.

Client certificate based authentication is supported. The environment variable SSL_CLIENT_CERT_FILE should be set to point to a file containing key and client certificate to be used in PEM format. In case the key is stored in a separate file, the environment variable SSL_CLIENT_KEY_FILE can be set to point to the key in PEM format. In case the key uses a password, the user will be prompted on standard input (see PEM(3)).

By default libfetch allows SSLv3 and TLSv1 when negotiating the connecting with the remote peer. You can change this behavior by setting the environment variable SSL_ALLOW_SSL2 to allow SSLv2 (not recommended) and SSL_NO_SSL3 or SSL_NO_TLS1 to disable the respective methods.


Apart from setting the appropriate environment variables and specifying the user name and password in the URL or the struct url, the calling program has the option of defining an authentication function with the following prototype:

int myAuthMethod( struct url *u)

The callback function should fill in the user and pwd fields in the provided struct url and return 0 on success, or any other value to indicate failure.

To register the authentication callback, simply set fetchAuthMethod to point at it. The callback will be used whenever a site requires authentication and the appropriate environment variables are not set.

This interface is experimental and may be subject to change.


fetchParseURL() returns a pointer to a struct url containing the individual components of the URL. If it is unable to allocate memory, or the URL is syntactically incorrect, fetchParseURL() returns a NULL pointer.

The fetchStat() functions return 0 on success and -1 on failure.

All other functions return a stream pointer which may be used to access the requested document, or NULL if an error occurred.

The following error codes are defined in < fetch.h>:

Operation aborted
Authentication failed
Service unavailable
File exists
File system full
Informational response
Insufficient memory
File has moved
Network error
No error
Protocol error
Resolver error
Server error
Temporary error
Operation timed out
File is not available
Unknown error
Invalid URL

The accompanying error message includes a protocol-specific error code and message, e.g. "File is not available (404 Not Found)"


Specifies a hostname or IP address to which sockets used for outgoing connections will be bound.
Default FTP login if none was provided in the URL.
If set to ‘ no’, forces the FTP code to use active mode. If set to any other value, forces passive mode even if the application requested active mode.
Default FTP password if the remote server requests one and none was provided in the URL.
URL of the proxy to use for FTP requests. The document part is ignored. FTP and HTTP proxies are supported; if no scheme is specified, FTP is assumed. If the proxy is an FTP proxy, libfetch will send ‘ user@host’ as user name to the proxy, where ‘ user’ is the real user name, and ‘ host’ is the name of the FTP server.

If this variable is set to an empty string, no proxy will be used for FTP requests, even if the HTTP_PROXY variable is set.

Same as FTP_PROXY, for compatibility.
Specifies the value of the Accept header for HTTP requests. If empty, no Accept header is sent. The default is “*/*”.
Specifies HTTP authorization parameters as a colon-separated list of items. The first and second item are the authorization scheme and realm respectively; further items are scheme-dependent. Currently, the “basic” and “digest” authorization methods are supported.

Both methods require two parameters: the user name and password, in that order.

This variable is only used if the server requires authorization and no user name or password was specified in the URL.

URL of the proxy to use for HTTP requests. The document part is ignored. Only HTTP proxies are supported for HTTP requests. If no port number is specified, the default is 3128.

Note that this proxy will also be used for FTP documents, unless the FTP_PROXY variable is set.

Same as HTTP_PROXY, for compatibility.
Specifies authorization parameters for the HTTP proxy in the same format as the HTTP_AUTH variable.

This variable is used if and only if connected to an HTTP proxy, and is ignored if a user and/or a password were specified in the proxy URL.

Specifies the referrer URL to use for HTTP requests. If set to “auto”, the document URL will be used as referrer URL.
Specifies the User-Agent string to use for HTTP requests. This can be useful when working with HTTP origin or proxy servers that differentiate between user agents. If defined but empty, no User-Agent header is sent.
Specifies a file to use instead of ~/.netrc to look up login names and passwords for FTP sites. See ftp(1) for a description of the file format. This feature is experimental.
Either a single asterisk, which disables the use of proxies altogether, or a comma- or whitespace-separated list of hosts for which proxies should not be used.
Same as NO_PROXY, for compatibility.
Allow SSL version 2 when negotiating the connection (not recommended).
CA certificate bundle containing trusted CA certificates. Default value: /etc/ssl/cert.pem.
Path containing trusted CA hashes.
PEM encoded client certificate/key which will be used in client certificate authentication.
PEM encoded client key in case key and client certificate are stored separately.
File containing certificate revocation list.
Don't allow SSL version 3 when negotiating the connection.
Don't allow TLV version 1 when negotiating the connection.
If set, do not verify that the hostname matches the subject of the certificate presented by the server.
If set, do not verify the peer certificate against trusted CAs.


To access a proxy server on proxy.example.com port 8080, set the HTTP_PROXY environment variable in a manner similar to this:


If the proxy server requires authentication, there are two options available for passing the authentication data. The first method is by using the proxy URL:


The second method is by using the HTTP_PROXY_AUTH environment variable:


To disable the use of a proxy for an HTTP server running on the local host, define NO_PROXY as follows:


Access HTTPS website without any certificate verification whatsoever:


Access HTTPS website using client certificate based authentication and a private CA:



fetch(1), ftpio(3), ip(4)

J. Postel and J. K. Reynolds, File Transfer Protocol, October 1985, RFC959.

P. Deutsch, A. Emtage, and A. Marine., How to Use Anonymous FTP, May 1994, RFC1635.

T. Berners-Lee, L. Masinter, and M. McCahill, Uniform Resource Locators (URL), December 1994, RFC1738.

R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, Hypertext Transfer Protocol -- HTTP/1.1, January 1999, RFC2616.

J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart, HTTP Authentication: Basic and Digest Access Authentication, June 1999, RFC2617.


The fetch library first appeared in FreeBSD 3.0.


The fetch library was mostly written by Dag-Erling Smørgrav <des@FreeBSD.org> with numerous suggestions and contributions from Jordan K. Hubbard <jkh@FreeBSD.org>, Eugene Skepner <eu@qub.com>, Hajimu Umemoto <ume@FreeBSD.org>, Henry Whincup <henry@techiebod.com>, Jukka A. Ukkonen <jau@iki.fi>, Jean-François Dockes <jf@dockes.org>, Michael Gmelin <freebsd@grem.de> and others. It replaces the older ftpio library written by Poul-Henning Kamp <phk@FreeBSD.org> and Jordan K. Hubbard <jkh@FreeBSD.org>.

This manual page was written by Dag-Erling Smørgrav <des@FreeBSD.org> and Michael Gmelin <freebsd@grem.de>.


Some parts of the library are not yet implemented. The most notable examples of this are fetchPutHTTP(), fetchListHTTP(), fetchListFTP() and FTP proxy support.

There is no way to select a proxy at run-time other than setting the HTTP_PROXY or FTP_PROXY environment variables as appropriate.

libfetch does not understand or obey 305 (Use Proxy) replies.

Error numbers are unique only within a certain context; the error codes used for FTP and HTTP overlap, as do those used for resolver and system errors. For instance, error code 202 means "Command not implemented, superfluous at this site" in an FTP context and "Accepted" in an HTTP context.

fetchStatFTP() does not check that the result of an MDTM command is a valid date.

In case password protected keys are used for client certificate based authentication the user is prompted for the password on each and every fetch operation.

The man page is incomplete, poorly written and produces badly formatted text.

The error reporting mechanism is unsatisfactory.

Some parts of the code are not fully reentrant.

July 30, 2013 FreeBSD