summary refs log tree commit diff
path: root/local.c
diff options
context:
space:
mode:
Diffstat (limited to 'local.c')
-rw-r--r--local.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/local.c b/local.c
index c147259..a4de1bc 100644
--- a/local.c
+++ b/local.c
@@ -47,13 +47,14 @@ static byte *readFile(size_t *len, FILE *file) {
 	byte *buf = malloc(stat.st_size);
 	if (!buf) err(EX_OSERR, "malloc");
 
+	rewind(file);
 	*len = fread(buf, 1, stat.st_size, file);
 	if (ferror(file)) err(EX_IOERR, "fread");
 
 	return buf;
 }
 
-void localConfig(FILE *cert, FILE *priv) {
+void localConfig(FILE *cert, FILE *priv, FILE *ca, bool require) {
 	tls_free(server);
 	server = tls_server();
 	if (!server) errx(EX_SOFTWARE, "tls_server");
@@ -76,6 +77,23 @@ void localConfig(FILE *cert, FILE *priv) {
 	}
 	free(buf);
 
+	if (ca) {
+		buf = readFile(&len, ca);
+		error = tls_config_set_ca_mem(config, buf, len);
+		if (error) {
+			errx(
+				EX_CONFIG, "tls_config_set_ca_mem: %s",
+				tls_config_error(config)
+			);
+		}
+		free(buf);
+		if (require) {
+			tls_config_verify_client(config);
+		} else {
+			tls_config_verify_client_optional(config);
+		}
+	}
+
 	error = tls_configure(server, config);
 	if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(server));
 	tls_config_free(config);