* Download Options::
* Directory Options::
* HTTP Options::
+* HTTPS (SSL/TLS) Options::
* FTP Options::
* Recursive Retrieval Options::
* Recursive Accept/Reject Options::
@samp{--inet6-only} and @samp{--inet4-only} may be specified in the
same command. Neither option is available in Wget compiled without
IPv6 support.
+
+@item --prefer-family=IPv4/IPv6/none
+When given a choice of several addresses, connect to the addresses
+with specified address family first. IPv4 addresses are preferred by
+default.
+
+This avoids spurious errors and correct attempts when accessing hosts
+that resolve to both IPv6 and IPv4 addresses from IPv4 networks. For
+example, @samp{www.kame.net} resolves to
+@samp{2001:200:0:8002:203:47ff:fea5:3085} and to
+@samp{203.178.141.194}. When the preferred family is @code{IPv4}, the
+IPv4 address is used first; when the preferred family is @code{IPv6},
+the IPv6 address is used first; if the specified value is @code{none},
+the address order returned by DNS is used without change.
+
+Unlike @samp{-4} and @samp{-6}, this option doesn't forbid access to
+any address family, it only changes the @emph{order} in which the
+addresses are accessed. Also note that the reordering performed by
+this option is @dfn{stable}---it doesn't affect order of addresses of
+the same family. That is, the relative order of all IPv4 addresses
+and of all IPv6 addresses remains intact in all cases.
@end table
@node Directory Options
@end example
@end table
+@node HTTPS (SSL/TLS) Options
+@section HTTPS (SSL/TLS) Options
+
+@cindex SSL
+To support SSL-based HTTP (HTTPS) downloads, Wget must be compiled
+with an external SSL library, currently OpenSSL. If Wget is compiled
+without SSL support, none of these options are available.
+
+@table @samp
+@item --sslcertfile=@var{file}
+Use the client certificate stored in @var{file}. This is needed for
+servers that are configured to require certificates from the clients
+that connect to them. Normally a certificate is not required and this
+switch is optional.
+
+@cindex SSL certificate
+@item --sslcertkey=@var{keyfile}
+Read the certificate key from @var{keyfile}.
+
+@cindex SSL certificate authority
+@item --sslcadir=@var{directory}
+Specifies directory used for certificate authorities (``CA'').
+
+@item --sslcafile=@var{file}
+Use @var{file} as the file with the bundle of certificate authorities.
+
+@cindex SSL certificate type, specify
+@item --sslcerttype=0/1
+Specify the type of the client certificate: 0 means @code{PEM}
+(default), 1 means @code{ASN1} (@code{DER}).
+
+@cindex SSL certificate, check
+@item --sslcheckcert=0/1
+If set to 1, check the server certificate against the specified client
+authorities. If this is 0 (the default), Wget will break the SSL
+handshake if the server certificate is not valid.
+
+@cindex SSL protocol, choose
+@item --sslprotocol=0-3
+Choose the SSL protocol to be used. If 0 is specified (the default),
+the OpenSSL library chooses the appropriate protocol automatically.
+Specifying 1 forces the use of SSLv2, specifying 2 forces SSLv3, and
+specifying 3 forces TLSv1.
+
+In most cases the OpenSSL library is capable of making an intelligent
+choice of the protocol, but there have been reports of sites that use
+old (and presumably buggy) server libraries with which a protocol has
+to be specified manually.
+
+@cindex EGD
+@item --egd-file=@var{file}
+Use @var{file} as the EGD socket. EGD stands for @dfn{Entropy
+Gathering Daemon}, a user-space program that collects data from
+various unpredictable system sources and makes it available to other
+programs that might need it. Encryption software, such as the SSL
+library, needs sources of non-repeating randomness to seed the random
+number generator used to produce cryptographically strong keys.
+
+OpenSSL allows the user to specify his own source of entropy using the
+@code{RAND_FILE} environment variable. If this variable is unset, or
+if the specified file does not produce enough randomness, OpenSSL will
+read random data from EGD socket specified using this option.
+
+If this option is not specified (and the equivalent startup command is
+not used), EGD is never contacted. EGD is not needed on modern Unix
+systems that support @file{/dev/random}.
+@end table
+
@node FTP Options
@section FTP Options
@table @samp
+@cindex password, FTP
+@item --ftp-passwd=@var{string}
+Set the default FTP password to @var{string}. Without this, or the
+corresponding startup option, the password defaults to @samp{-wget@@},
+normally used for anonymous FTP.
+
@cindex .listing files, removing
@item --no-remove-listing
Don't remove the temporary @file{.listing} files generated by @sc{ftp}
@item dot_spacing = @var{n}
Specify the number of dots in a single cluster (10 by default).
+@item egd_file = @var{string}
+Use @var{string} as the EGD socket file name. The same as
+@samp{--egd-file}.
+
@item exclude_directories = @var{string}
Specify a comma-separated list of directories you wish to exclude from
download---the same as @samp{-X} (@pxref{Directory-Based Limits}).
If set to on, force the input filename to be regarded as an @sc{html}
document---the same as @samp{-F}.
+@item ftp_passwd = @var{string}
+Set your @sc{ftp} password to @var{string}. Without this setting, the
+password defaults to @samp{-wget@@}, which is a useful default for
+anonymous @sc{ftp} access.
+
+This command used to be named @code{passwd} prior to Wget 1.10.
+
@item ftp_proxy = @var{string}
Use @var{string} as @sc{ftp} proxy, instead of the one specified in
environment.
firewall does not allow this, you can set @samp{passive_ftp = never}
to override the command-line.
-@item passwd = @var{string}
-Set your @sc{ftp} password to @var{password}. Without this setting, the
-password defaults to @samp{username@@hostname.domainname}.
-
@item post_data = @var{string}
Use POST as the method for all HTTP requests and send @var{string} in
the request body. The same as @samp{--post-data}.
Use POST as the method for all HTTP requests and send the contents of
@var{file} in the request body. The same as @samp{--post-file}.
+@item prefer_family = IPv4/IPv6/none
+When given a choice of several addresses, connect to the addresses
+with specified address family first. IPv4 addresses are preferred by
+default. The same as @samp{--prefer-family}, which see for a detailed
+discussion of why this is useful.
+
@item progress = @var{string}
Set the type of the progress indicator. Legal types are ``dot'' and
``bar''.
@item proxy_passwd = @var{string}
Set proxy authentication password to @var{string}, like @samp{--proxy-passwd}.
-@item referer = @var{string}
-Set HTTP @samp{Referer:} header just like @samp{--referer}. (Note it
-was the folks who wrote the @sc{http} spec who got the spelling of
-``referrer'' wrong.)
-
@item quiet = on/off
Quiet mode---the same as @samp{-q}.
@item recursive = on/off
Recursive on/off---the same as @samp{-r}.
+@item referer = @var{string}
+Set HTTP @samp{Referer:} header just like @samp{--referer}. (Note it
+was the folks who wrote the @sc{http} spec who got the spelling of
+``referrer'' wrong.)
+
@item relative_only = on/off
Follow only relative links---the same as @samp{-L} (@pxref{Relative
Links}).
@item span_hosts = on/off
Same as @samp{-H}.
+@item ssl_cert_file = @var{string}
+Set the client certificate file name to @var{string}. The same as
+@samp{--sslcertfile}.
+
+@item ssl_cert_key = @var{string}
+Set the certificate key file to @var{string}. The same as
+@samp{--sslcertkey}.
+
+@item ssl_ca_dir = @var{string}
+Set the directory used for certificate authorities. The same as
+@samp{--sslcadir}.
+
+@item ssl_ca_file = @var{string}
+Set the certificate authority bundle file to @var{string}. The same
+as @samp{--sslcafile}.
+
+@item ssl_cert_type = 0/1
+Specify the type of the client certificate: 0 means @code{PEM}
+(default), 1 means @code{ASN1} (@code{DER}). The same as
+@samp{--sslcerttype}.
+
+@item ssl_check_cert = 0/1
+If this is set to 1, the server certificate is checked against the
+specified client authorities. The same as @samp{--sslcheckcert}.
+
+@item ssl_protocol = 0-3
+Choose the SSL protocol to be used. 0 means choose automatically, 1
+means force SSLv2, 2 means force SSLv3, and 3 means force TLSv1. The
+same as @samp{--sslprotocol}.
+
@item strict_comments = on/off
Same as @samp{--strict-comments}.
Damir Dzeko,
@end ifnottex
Alan Eldridge,
+Hans-Andreas Engel,
@iftex
Aleksandar Erkalovi@'{c},
@end iftex
Andy Eskilsson,
Christian Fraenkel,
David Fritz,
+FUJISHIMA Satsuki,
Masashi Fujita,
Howard Gayle,
Marcel Gerrits,
Jochen Hein,
Karl Heuer,
HIROSE Masaaki,
+Ulf Harnhammar,
Gregor Hoffleit,
Erik Magnus Hulthen,
Richard Huveneers,
Jonas Jensen,
+Larry Jones,
Simon Josefsson,
@iftex
Mario Juri@'{c},
Aurelien Marchand,
Jordan Mendelson,
Lin Zhe Min,
+Jan Minar,
Tim Mooney,
Simon Munton,
Charlie Negyesi,
R. K. Owen,
+Leonid Petrov,
+Simone Piunno,
Andrew Pollock,
Steve Pothier,
@iftex
Dave Turner,
Gisle Vanem,
Russell Vincent,
+@iftex
+@v{Z}eljko Vrba,
+@end iftex
+@ifnottex
+Zeljko Vrba,
+@end ifnottex
Charles G Waldman,
Douglas E. Wegscheid,
+YAMAZAKI Makoto,
Jasmin Zainul,
@iftex
Bojan @v{Z}drnja,
@ifnottex
Bojan Zdrnja,
@end ifnottex
-Kristijan Zimmer,
-YAMAZAKI Makoto,
-Leonid Petrov,
-Hans-Andreas Engel,
-Ulf Harnhammar,
-Jan Minar,
-Simone Piunno.
+Kristijan Zimmer.
Apologies to all who I accidentally left out, and many thanks to all the
subscribers of the Wget mailing list.