summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bounce.c18
-rw-r--r--pounce.115
2 files changed, 31 insertions, 2 deletions
diff --git a/bounce.c b/bounce.c
index 4e5c663..71416df 100644
--- a/bounce.c
+++ b/bounce.c
@@ -50,6 +50,21 @@ static void hashPass(void) {
 	printf("%s\n", crypt(pass, salt));
 }
 
+static void genCert(const char *path) {
+	const char *name = strrchr(path, '/');
+	name = (name ? &name[1] : path);
+	char subj[256];
+	snprintf(subj, sizeof(subj), "/CN=%.*s", (int)strcspn(name, "."), name);
+	umask(0066);
+	execlp(
+		"openssl", "openssl", "req",
+		"-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "1000",
+		"-nodes", "-subj", subj, "-out", path, "-keyout", path,
+		NULL
+	);
+	err(EX_UNAVAILABLE, "openssl");
+}
+
 static size_t parseSize(const char *str) {
 	char *rest;
 	size_t size = strtoull(str, &rest, 0);
@@ -216,7 +231,7 @@ int main(int argc, char *argv[]) {
 	const char *away = "pounced :3";
 	const char *quit = "connection reset by purr";
 
-	const char *Opts = "!A:C:H:K:NP:Q:U:W:a:c:ef:h:j:k:n:p:r:s:u:vw:x";
+	const char *Opts = "!A:C:H:K:NP:Q:U:W:a:c:ef:g:h:j:k:n:p:r:s:u:vw:x";
 	const struct option LongOpts[] = {
 		{ "insecure", no_argument, NULL, '!' },
 		{ "away", required_argument, NULL, 'A' },
@@ -262,6 +277,7 @@ int main(int argc, char *argv[]) {
 			break; case 'c': clientCert = optarg;
 			break; case 'e': sasl = true;
 			break; case 'f': savePath = optarg;
+			break; case 'g': genCert(optarg);
 			break; case 'h': host = optarg;
 			break; case 'j': join = optarg;
 			break; case 'k': clientPriv = optarg;
diff --git a/pounce.1 b/pounce.1
index 2058052..4db3535 100644
--- a/pounce.1
+++ b/pounce.1
@@ -30,7 +30,12 @@
 .Op Fl u Ar user
 .Op Fl w Ar pass
 .Op Ar config ...
-.Nm Fl x
+.
+.Nm
+.Fl g Ar cert
+.
+.Nm
+.Fl x
 .
 .Sh DESCRIPTION
 The
@@ -152,6 +157,8 @@ it is loaded with
 With
 .Fl e ,
 authenticate using SASL EXTERNAL.
+Certificates can be generated with
+.Fl g .
 .
 .It Fl e , Cm sasl-external
 Authenticate using SASL EXTERNAL.
@@ -167,6 +174,12 @@ On shutdown,
 save the contents of the buffer to
 .Ar path .
 .
+.It Fl g Ar path
+Generate a TLS client certificate using
+.Xr openssl 1
+and write it to
+.Ar path .
+.
 .It Fl h Ar host , Cm host = Ar host
 Connect to
 .Ar host .
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-17 13:29:07 +0000
class='nohover-highlight'> 2019-10-28Disallow PRIVMSG/NOTICE before registrationJune McEnroe 2019-10-28Move entire login flow to state and reorganize itJune McEnroe 2019-10-27Wait for SASL success before sending CAP ENDJune McEnroe Also refuse to continue logging in if SASL authentication fails. I should really just move all of log in and authentication from server.c to state.c... 2019-10-27Only increment consumer after successful sendJune McEnroe 2019-10-27Set SO_REUSEADDR on bindsJune McEnroe 2019-10-27Output ring info on SIGINFOJune McEnroe 2019-10-27Improve client/server error messagesJune McEnroe 2019-10-27Add reload cmd to rc scriptJune McEnroe Using daemon(8) makes this way more awkward than it should be. 2019-10-27Reload certificate on SIGUSR1June McEnroe 2019-10-27Drop clients on zero-length readsJune McEnroe 2019-10-27Explicitly tls_handshake new clientsJune McEnroe This prevents a client connecting, sending nothing, and getting blocked in tls_read immediately. 2019-10-26Document rationaleJune McEnroe 2019-10-26Handle nick collisionJune McEnroe 2019-10-26Wait for AUTHENTICATE + from serverJune McEnroe 2019-10-26Respond to PING with same parameterJune McEnroe 2019-10-26Add undocumented flag to disable verificationJune McEnroe 2019-10-26Do not require RPL_ISUPPORT for stateReadyJune McEnroe 2019-10-26Implement graceful shutdownJune McEnroe 2019-10-26Require PASS before USERJune McEnroe Prevent creating a ring consumer without authentication. 2019-10-26Track channel topicsJune McEnroe 2019-10-26Set AWAY when no clients are connectedJune McEnroe 2019-10-26Add flags to request TOPIC and NAMES on client connectJune McEnroe 2019-10-26OopsJune McEnroe 2019-10-26Disconnect client on unknown commandJune McEnroe During registration, no other commands should be sent. Afterwards, only intercepted commands will get parsed. 2019-10-26Allow reading sensitive information from filesJune McEnroe 2019-10-26Add rc scriptJune McEnroe 2019-10-25Add install and uninstall targetsJune McEnroe 2019-10-25Expand documentationJune McEnroe 2019-10-25Add AGPLv3 notice on client registrationJune McEnroe OwO 2019-10-25Rename project pounceJune McEnroe