1 files changed, 28 insertions, 1 deletions

diff --git a/irc.c b/irc.c
index 5acc69f..cbe1808 100644
--- a/irc.c
+++ b/irc.c
@@ -43,7 +43,9 @@
 
 struct tls *client;
 
-void ircConfig(bool insecure, const char *cert, const char *priv) {
+void ircConfig(
+	bool insecure, const char *trust, const char *cert, const char *priv
+) {
 	struct tls_config *config = tls_config_new();
 	if (!config) errx(EX_SOFTWARE, "tls_config_new");
 
@@ -59,6 +61,15 @@ void ircConfig(bool insecure, const char *cert, const char *priv) {
 		tls_config_insecure_noverifycert(config);
 		tls_config_insecure_noverifyname(config);
 	}
+	if (trust) {
+		tls_config_insecure_noverifyname(config);
+		const char *dirs = NULL;
+		for (const char *path; NULL != (path = configPath(&dirs, trust));) {
+			error = tls_config_set_ca_file(config, path);
+			if (!error) break;
+		}
+		if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
+	}
 
 	if (cert) {
 		const char *dirs = NULL;
@@ -149,6 +160,22 @@ int ircConnect(const char *bindHost, const char *host, const char *port) {
 	return sock;
 }
 
+void ircWriteChain(const char *path) {
+	FILE *file = fopen(path, "w");
+	if (!file) err(EX_CANTCREAT, "%s", path);
+
+	int n = fprintf(file, "subject= %s\n", tls_peer_cert_subject(client));
+	if (n < 0) err(EX_IOERR, "%s", path);
+
+	size_t len;
+	const byte *pem = tls_peer_cert_chain_pem(client, &len);
+	len = fwrite(pem, len, 1, file);
+	if (!len) err(EX_IOERR, "%s", path);
+
+	int error = fclose(file);
+	if (error) err(EX_IOERR, "%s", path);
+}
+
 enum { MessageCap = 8191 + 512 };
 
 static void debug(const char *pre, const char *line) {