diff options
author | C. McEnroe | 2021-01-09 19:11:57 -0500 |
---|---|---|
committer | C. McEnroe | 2021-01-09 19:11:57 -0500 |
commit | e42b3aa08e3706ecb87ca76254fbab51cccf3390 (patch) | |
tree | ab0232c0962f1f7ca6649ff1b0767b5c2f2ee120 /irc.c | |
parent | a324795b8610b7c3e5626ac72d202ce6207066d7 (diff) |
Add -o and -t options to trust self-signed certificates
Diffstat (limited to 'irc.c')
-rw-r--r-- | irc.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/irc.c b/irc.c index 5acc69f..cbe1808 100644 --- a/irc.c +++ b/irc.c @@ -43,7 +43,9 @@ struct tls *client; -void ircConfig(bool insecure, const char *cert, const char *priv) { +void ircConfig( + bool insecure, const char *trust, const char *cert, const char *priv +) { struct tls_config *config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); @@ -59,6 +61,15 @@ void ircConfig(bool insecure, const char *cert, const char *priv) { tls_config_insecure_noverifycert(config); tls_config_insecure_noverifyname(config); } + if (trust) { + tls_config_insecure_noverifyname(config); + const char *dirs = NULL; + for (const char *path; NULL != (path = configPath(&dirs, trust));) { + error = tls_config_set_ca_file(config, path); + if (!error) break; + } + if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); + } if (cert) { const char *dirs = NULL; @@ -149,6 +160,22 @@ int ircConnect(const char *bindHost, const char *host, const char *port) { return sock; } +void ircWriteChain(const char *path) { + FILE *file = fopen(path, "w"); + if (!file) err(EX_CANTCREAT, "%s", path); + + int n = fprintf(file, "subject= %s\n", tls_peer_cert_subject(client)); + if (n < 0) err(EX_IOERR, "%s", path); + + size_t len; + const byte *pem = tls_peer_cert_chain_pem(client, &len); + len = fwrite(pem, len, 1, file); + if (!len) err(EX_IOERR, "%s", path); + + int error = fclose(file); + if (error) err(EX_IOERR, "%s", path); +} + enum { MessageCap = 8191 + 512 }; static void debug(const char *pre, const char *line) { |