about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--bounce.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/bounce.c b/bounce.c
index ba5ec1d..2fe6589 100644
--- a/bounce.c
+++ b/bounce.c
@@ -341,6 +341,17 @@ int main(int argc, char *argv[]) {
 		errx(EX_CONFIG, "password must be hashed with -x");
 	}
 
+	if (printCert) {
+#ifdef __OpenBSD__
+		error = pledge("stdio inet dns", NULL);
+		if (error) err(EX_OSERR, "pledge");
+#endif
+		serverConfig(true, NULL, NULL, NULL);
+		serverConnect(serverBindHost, host, port);
+		serverPrintCert();
+		return EX_OK;
+	}
+
 #ifdef __OpenBSD__
 	unveilConfig(certPath);
 	unveilConfig(privPath);
@@ -358,13 +369,6 @@ int main(int argc, char *argv[]) {
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
-	if (printCert) {
-		serverConfig(true, NULL, NULL, NULL);
-		serverConnect(serverBindHost, host, port);
-		serverPrintCert();
-		return EX_OK;
-	}
-
 	// Either exit with cleanup or ignore signals until entering the main loop.
 	signal(SIGINT, justExit);
 	signal(SIGTERM, justExit);