about summary refs log tree commit diff
path: root/irc.c
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2021-06-10 01:32:09 +0000
committerJune McEnroe <june@causal.agency>2021-06-10 14:44:35 -0400
commit171a56ee2dcb18050edbcfaf62c121d35d06d43f (patch)
treed3c98f16a04ad4388c9b268ea5cddf44ba38f3ac /irc.c
parentAvoid creating out-of-bounds pointer when checking for seprintf truncation (diff)
downloadcatgirl-171a56ee2dcb18050edbcfaf62c121d35d06d43f.tar.gz
catgirl-171a56ee2dcb18050edbcfaf62c121d35d06d43f.zip
Hoist loading default root certificates into ircConfig()
tls_connect_socket(3) in ircConnect() does that by default already
unless tls_config_set_ca_file(3) was used.

Loading CA certificates before connecting makes no practical difference
except on OpenBSD where this allows for tighter unveil und pledge setups
now that all required (TLS related) file I/O is finished by the time
ircConnect() gets to do network I/O.

In case of the hidden `-!' insecure flag which is implied by `-o' to
print server certificates and exit, loading root certificates is not
required at all;  likewise, using explicit self signed server
certificates will not involve certificate authorities either, hence load
them only if needed.
Diffstat (limited to '')
-rw-r--r--irc.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/irc.c b/irc.c
index c98193a..720e1ce 100644
--- a/irc.c
+++ b/irc.c
@@ -71,6 +71,12 @@ void ircConfig(
 		if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
 	}
 
+	if (!insecure && !trust) {
+		const char *ca = tls_default_ca_cert_file();
+		error = tls_config_set_ca_file(config, ca);
+		if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config));
+	}
+
 	if (cert) {
 		const char *dirs = NULL;
 		for (const char *path; NULL != (path = configPath(&dirs, cert));) {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-27 17:57:29 +0000
>Fix cwm window cycling, move big by defaultJune McEnroe 2021-02-07Use class names for Foreground, Background, BorderColorJune McEnroe I'm not really sure what difference this makes, but it seems like the right thing to do to be generic? 2021-02-07Add simple battery status and clock to xsessionJune McEnroe I love how simple this is. 2021-02-07Set cursor theme and sizeJune McEnroe 2021-02-07Use scrot for up -s if no screencaptureJune McEnroe Still missing putting the URL in an X selection. 2021-02-07Enable mouse acceleration in XJune McEnroe 2021-02-07Set colours for Xt and cwmJune McEnroe And increase XTerm internalBorder. 2021-02-07Set urgency on bell in xtermJune McEnroe 2021-02-07Add bindings for brightness controlJune McEnroe Weirdly the Fn key doesn't change how the F row registers... I wonder if I can do something about that. 2021-02-07Set X key repeat rateJune McEnroe 2021-02-07Bump font size to 12June McEnroe 11 is what I use on macOS, but I feel like my eyes are working harder here. 2021-02-07Fully configure and rebind cwmJune McEnroe This is sort of a mix of trying to emulate macOS somewhat for my muscle memory and just rebinding some of the cwm defaults to use 4- rather than M-. 2021-02-07Add BintiJune McEnroe 2021-02-07Finish configuring xtermJune McEnroe 2021-02-06Enable tapping, reverse scroll, set scaling in wsconsctlJune McEnroe 2021-02-06Set root window to black on purple snowJune McEnroe 2021-02-06Add xmodmap configurationJune McEnroe 2021-02-06Add initial OpenBSD X configurationJune McEnroe cwm still needs a lot more rebinding, and I need to actually look at its other options. xterm definitely still needs some configuration, but I at least managed to get it to use a decent looking font. Very happy that OpenBSD includes Luxi Mono, which is what my usual font, Go Mono, is based on anyway. Still missing is xmodmap and such. 2021-02-06Add xterm output to schemeJune McEnroe