From 715c21e9e471f32106e59025c0e4c1b05a57290f Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Thu, 2 Sep 2021 18:08:36 -0400 Subject: OpenBSD: pledge(2) printCert code path separately Ported from catgirl. --- bounce.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/bounce.c b/bounce.c index ba5ec1d..2fe6589 100644 --- a/bounce.c +++ b/bounce.c @@ -341,6 +341,17 @@ int main(int argc, char *argv[]) { errx(EX_CONFIG, "password must be hashed with -x"); } + if (printCert) { +#ifdef __OpenBSD__ + error = pledge("stdio inet dns", NULL); + if (error) err(EX_OSERR, "pledge"); +#endif + serverConfig(true, NULL, NULL, NULL); + serverConnect(serverBindHost, host, port); + serverPrintCert(); + return EX_OK; + } + #ifdef __OpenBSD__ unveilConfig(certPath); unveilConfig(privPath); @@ -358,13 +369,6 @@ int main(int argc, char *argv[]) { if (error) err(EX_OSERR, "pledge"); #endif - if (printCert) { - serverConfig(true, NULL, NULL, NULL); - serverConnect(serverBindHost, host, port); - serverPrintCert(); - return EX_OK; - } - // Either exit with cleanup or ignore signals until entering the main loop. signal(SIGINT, justExit); signal(SIGTERM, justExit); -- cgit 1.4.1