--destionation (-d) HOST/PORT

The destionation host and address, where CryWrap should connect to. Both arguments are required.

--anon (-a)

Enables Anon-DH mode. If enabled, no certificate will be sent to the client, and only anonymous sessions will be enabled.

Default is off.

--pem (-p) cert=PATH,key=PATH

--pem (-p) PATH

The public certificate to send to clients, and the private server key. If one of cert or key is omitted, the value of the other will be used for the missing one too. If no cert= or key= tag is given, PATH will be used for both.

Default is /etc/crywrap/server.pem, unless --anon is also specified, in which case no certificate will be used.

--verify (-v) [LEVEL]

Set the level of client certificate verification. Level one simply logs the result, level two and above abort if the certificate could not be verified.

Default is 0.

--inetd (-i)

Enable inetd-mode. Use this if you want to run CryWrap from inetd. If this option is not enabled, then --listen is a required option.

Default is off.

--listen (-l) HOST/PORT

The host and port CryWrap should listen on. HOST can be an IPv4 or IPv6 address, or a hostname, and is optional - if unspecified, CryWrap will listen on all available addresses. PORT is mandatory.

This option is required, unless CryWrap was put into inetd mode.

--pidfile (-P) PIDFILE

Write the pid thy runs with to PIDFILE.

Default is /var/run/crywrap.pid.

--user (-u) UID

UID is the numerical user id of the user thy should run as.

Default is 65534.

--version (-V)

Print the version number and exit.

--help (-?)

Print a verbose help screen and exit.

--usage

Print a short summary of options.

crywrap --listen /995 --destination localhost/110

crywrap --listen /993 --destination localhost/143 \
	--pem /etc/ssl/certs/imap.pem