diff options
author | Klemens Nanni | 2021-06-30 02:24:30 +0000 |
---|---|---|
committer | C. McEnroe | 2021-07-13 15:16:22 -0400 |
commit | 9559fe9d23351f0952f47a83ddae9d18b45b8406 (patch) | |
tree | 0c41298db14ba635025c22e83822391455c9a80d /chat.c | |
parent | 320aeaf4354f25264646c866226755732a968cca (diff) |
Make -o/printCert not load any files, pledge even earlier
No point in trying to load a self-signed server certificate which we are about to get from the server in the first place. No need to read client certificate/key files when all we want is the server certificate: in TLS the server always sends its certificate before the client replies with any key material, i.e. catgirl sending client data is useless. catgirl(1) synopsis also notes how these options are irrelevant in the -o/printCert case. As a result, ircConfig() no longer requires any filesystem I/O in this case, so hoist the purely network I/O related pledge() call to enforce this -- more secure, self-documenting code!
Diffstat (limited to 'chat.c')
-rw-r--r-- | chat.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/chat.c b/chat.c index ab0678a..7bd68e0 100644 --- a/chat.c +++ b/chat.c @@ -220,7 +220,7 @@ int main(int argc, char *argv[]) { break; case 'l': log = true; logOpen(); break; case 'm': self.mode = optarg; break; case 'n': nick = optarg; - break; case 'o': insecure = true; printCert = true; + break; case 'o': printCert = true; break; case 'p': port = optarg; break; case 'r': real = optarg; break; case 's': save = optarg; @@ -234,11 +234,11 @@ int main(int argc, char *argv[]) { if (!host) errx(EX_USAGE, "host required"); if (printCert) { - ircConfig(insecure, trust, cert, priv); #ifdef __OpenBSD__ int error = pledge("stdio inet dns", NULL); if (error) err(EX_OSERR, "pledge"); #endif + ircConfig(true, NULL, NULL, NULL); ircConnect(bind, host, port); ircPrintCert(); ircClose(); |