From d551d64b4b78c412b6f408bc113e9a699bafff10 Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Sat, 3 Apr 2021 18:30:48 -0400 Subject: Add -t option to trust self-signed certificates Not adding a corresponding -o option like in pounce and catgirl, since litterbox is likely connecting to pounce anyway. --- litterbox.1 | 12 +++++++++++- litterbox.c | 13 +++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/litterbox.1 b/litterbox.1 index 11ee676..f535f9f 100644 --- a/litterbox.1 +++ b/litterbox.1 @@ -1,4 +1,4 @@ -.Dd August 22, 2020 +.Dd April 3, 2021 .Dt LITTERBOX 1 .Os . @@ -19,6 +19,7 @@ .Op Fl l Ar limit .Op Fl n Ar nick .Op Fl p Ar port +.Op Fl t Ar trust .Op Fl u Ar user .Op Fl w Ar pass .Op Ar config ... @@ -213,6 +214,15 @@ The searchable columns are For search query syntax, see .Aq Lk https://www.sqlite.org/fts5.html#full_text_query_syntax . . +.It Fl t Ar path , Cm trust = Ar path +Trust the self-signed certificate loaded from +.Ar path +and disable server name verification. +The +.Ar path +is searched for in the same manner +as configuration files. +. .It Fl u Ar user , Cm user = Ar user Set the username to .Ar user . diff --git a/litterbox.c b/litterbox.c index cd7227b..19bdca6 100644 --- a/litterbox.c +++ b/litterbox.c @@ -757,6 +757,7 @@ int main(int argc, char *argv[]) { bool insecure = false; const char *cert = NULL; const char *priv = NULL; + const char *trust = NULL; const char *defaultNetwork = NULL; const char *nick = "litterbox"; @@ -780,6 +781,7 @@ int main(int argc, char *argv[]) { { .val = 'n', .name = "nick", required_argument }, { .val = 'p', .name = "port", required_argument }, { .val = 'q', .name = "private-query", no_argument }, + { .val = 't', .name = "trust", required_argument }, { .val = 'u', .name = "user", required_argument }, { .val = 'v', .name = "verbose", no_argument }, { .val = 'w', .name = "pass", required_argument }, @@ -809,6 +811,7 @@ int main(int argc, char *argv[]) { break; case 'n': nick = optarg; break; case 'p': port = optarg; break; case 'q': searchQuery = Private; + break; case 't': trust = optarg; break; case 'u': user = optarg; break; case 'v': verbose = true; break; case 'w': pass = optarg; @@ -858,10 +861,20 @@ int main(int argc, char *argv[]) { if (error) { errx(EX_SOFTWARE, "tls_config_set_ciphers: %s", tls_config_error(config)); } + if (insecure) { tls_config_insecure_noverifycert(config); tls_config_insecure_noverifyname(config); } + if (trust) { + tls_config_insecure_noverifyname(config); + const char *dirs = NULL; + while (NULL != (path = configPath(&dirs, trust))) { + error = tls_config_set_ca_file(config, path); + if (!error) break; + } + if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); + } if (cert) { const char *dirs = NULL; -- cgit 1.4.1