notify, palaver: Add -t to trust self-signed certificates

4 files changed, 29 insertions, 4 deletions

diff --git a/extra/notify/notify.c b/extra/notify/notify.c
index 7257f4b..935ba26 100644
--- a/extra/notify/notify.c
+++ b/extra/notify/notify.c
@@ -258,14 +258,16 @@ int main(int argc, char *argv[]) {
 	const char *host = NULL;
 	const char *port = "6697";
 	const char *pass = NULL;
+	const char *trust = NULL;
 	const char *user = "pounce-notify";
 
-	for (int opt; 0 < (opt = getopt(argc, argv, "!c:k:p:u:vw:"));) {
+	for (int opt; 0 < (opt = getopt(argc, argv, "!c:k:p:t:u:vw:"));) {
 		switch (opt) {
 			break; case '!': insecure = true;
 			break; case 'c': cert = optarg;
 			break; case 'k': priv = optarg;
 			break; case 'p': port = optarg;
+			break; case 't': trust = optarg;
 			break; case 'u': user = optarg;
 			break; case 'v': verbose = true;
 			break; case 'w': pass = optarg;
@@ -292,6 +294,11 @@ int main(int argc, char *argv[]) {
 	}
 
 	int error;
+	if (trust) {
+		tls_config_insecure_noverifyname(config);
+		error = tls_config_set_ca_file(config, trust);
+		if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
+	}
 	if (cert) {
 		error = tls_config_set_keypair_file(config, cert, (priv ? priv : cert));
 		if (error) {
diff --git a/extra/notify/pounce-notify.1 b/extra/notify/pounce-notify.1
index 60320c6..628bc25 100644
--- a/extra/notify/pounce-notify.1
+++ b/extra/notify/pounce-notify.1
@@ -1,4 +1,4 @@
-.Dd May  4, 2021
+.Dd November 28, 2021
 .Dt POUNCE-NOTIFY 1
 .Os
 .
@@ -12,6 +12,7 @@
 .Op Fl c Ar cert
 .Op Fl k Ar priv
 .Op Fl p Ar port
+.Op Fl t Ar trust
 .Op Fl u Ar user
 .Op Fl w Ar pass
 .Ar host
@@ -51,6 +52,11 @@ Load the TLS client private key from
 Connect to
 .Ar port .
 The default port is 6697.
+.It Fl t Ar path
+Trust the self-signed certificate loaded
+from
+.Ar path
+and disable server name verification.
 .It Fl u Ar user
 Set the username to
 .Ar user .
diff --git a/extra/palaver/notify.c b/extra/palaver/notify.c
index c6a745c..36e4ae1 100644
--- a/extra/palaver/notify.c
+++ b/extra/palaver/notify.c
@@ -693,9 +693,10 @@ int main(int argc, char *argv[]) {
 	const char *host = NULL;
 	const char *port = "6697";
 	const char *pass = NULL;
+	const char *trust = NULL;
 	const char *user = "pounce-palaver";
 
-	for (int opt; 0 < (opt = getopt(argc, argv, "!NPc:d:k:p:su:vw:"));) {
+	for (int opt; 0 < (opt = getopt(argc, argv, "!NPc:d:k:p:st:u:vw:"));) {
 		switch (opt) {
 			break; case '!': insecure = true;
 			break; case 'N': noPreview = true;
@@ -705,6 +706,7 @@ int main(int argc, char *argv[]) {
 			break; case 'k': priv = optarg;
 			break; case 'p': port = optarg;
 			break; case 's': sensitive = true;
+			break; case 't': trust = optarg;
 			break; case 'u': user = optarg;
 			break; case 'v': verbose = true;
 			break; case 'w': pass = optarg;
@@ -757,6 +759,11 @@ int main(int argc, char *argv[]) {
 	}
 
 	int error;
+	if (trust) {
+		tls_config_insecure_noverifyname(config);
+		error = tls_config_set_ca_file(config, trust);
+		if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
+	}
 	if (cert) {
 		error = tls_config_set_keypair_file(config, cert, (priv ? priv : cert));
 		if (error) {
diff --git a/extra/palaver/pounce-palaver.1 b/extra/palaver/pounce-palaver.1
index 59daefa..da3937a 100644
--- a/extra/palaver/pounce-palaver.1
+++ b/extra/palaver/pounce-palaver.1
@@ -1,4 +1,4 @@
-.Dd April 30, 2021
+.Dd November 28, 2021
 .Dt POUNCE-PALAVER 1
 .Os
 .
@@ -13,6 +13,7 @@
 .Op Fl d Ar path
 .Op Fl k Ar priv
 .Op Fl p Ar port
+.Op Fl t Ar trust
 .Op Fl u Ar user
 .Op Fl w Ar pass
 .Ar host
@@ -59,6 +60,10 @@ The default port is 6697.
 .It Fl s
 Match nick and keywords case-sensitively,
 despite the specification.
+.It Fl t Ar path
+Trust the self-signed certificate loaded from
+.Ar path
+and disable server name verification.
 .It Fl u Ar user
 Set the username to
 .Ar user .