From e42b3aa08e3706ecb87ca76254fbab51cccf3390 Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Sat, 9 Jan 2021 19:11:57 -0500 Subject: Add -o and -t options to trust self-signed certificates --- irc.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'irc.c') diff --git a/irc.c b/irc.c index 5acc69f..cbe1808 100644 --- a/irc.c +++ b/irc.c @@ -43,7 +43,9 @@ struct tls *client; -void ircConfig(bool insecure, const char *cert, const char *priv) { +void ircConfig( + bool insecure, const char *trust, const char *cert, const char *priv +) { struct tls_config *config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); @@ -59,6 +61,15 @@ void ircConfig(bool insecure, const char *cert, const char *priv) { tls_config_insecure_noverifycert(config); tls_config_insecure_noverifyname(config); } + if (trust) { + tls_config_insecure_noverifyname(config); + const char *dirs = NULL; + for (const char *path; NULL != (path = configPath(&dirs, trust));) { + error = tls_config_set_ca_file(config, path); + if (!error) break; + } + if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); + } if (cert) { const char *dirs = NULL; @@ -149,6 +160,22 @@ int ircConnect(const char *bindHost, const char *host, const char *port) { return sock; } +void ircWriteChain(const char *path) { + FILE *file = fopen(path, "w"); + if (!file) err(EX_CANTCREAT, "%s", path); + + int n = fprintf(file, "subject= %s\n", tls_peer_cert_subject(client)); + if (n < 0) err(EX_IOERR, "%s", path); + + size_t len; + const byte *pem = tls_peer_cert_chain_pem(client, &len); + len = fwrite(pem, len, 1, file); + if (!len) err(EX_IOERR, "%s", path); + + int error = fclose(file); + if (error) err(EX_IOERR, "%s", path); +} + enum { MessageCap = 8191 + 512 }; static void debug(const char *pre, const char *line) { -- cgit 1.4.1