diff options
Diffstat (limited to 'server.c')
-rw-r--r-- | server.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/server.c b/server.c index 89e3e36..636d911 100644 --- a/server.c +++ b/server.c @@ -42,7 +42,9 @@ static struct tls *client; -void serverConfig(bool insecure, const char *cert, const char *priv) { +void serverConfig( + bool insecure, const char *trust, const char *cert, const char *priv +) { struct tls_config *config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); @@ -55,6 +57,15 @@ void serverConfig(bool insecure, const char *cert, const char *priv) { tls_config_insecure_noverifycert(config); tls_config_insecure_noverifyname(config); } + if (trust) { + tls_config_insecure_noverifyname(config); + const char *dirs = NULL; + for (const char *path; NULL != (path = configPath(&dirs, trust));) { + error = tls_config_set_ca_file(config, path); + if (!error) break; + } + if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); + } if (cert) { const char *dirs = NULL; @@ -145,6 +156,13 @@ int serverConnect(const char *bindHost, const char *host, const char *port) { return sock; } +void serverPrintCert(void) { + size_t len; + const byte *pem = tls_peer_cert_chain_pem(client, &len); + printf("subject= %s\n", tls_peer_cert_subject(client)); + fwrite(pem, len, 1, stdout); +} + void serverSend(const char *ptr, size_t len) { if (verbose) fprintf(stderr, "\x1B[31m%.*s\x1B[m", (int)len, ptr); while (len) { |