From 77426b0f3e2700fba2fb1011c5096c9b0a7916c1 Mon Sep 17 00:00:00 2001 From: Curtis McEnroe Date: Sat, 26 Oct 2019 20:15:29 -0400 Subject: Add undocumented flag to disable verification --- bounce.c | 6 ++++-- bounce.h | 2 +- server.c | 7 ++++++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/bounce.c b/bounce.c index 0c2d1d7..703c566 100644 --- a/bounce.c +++ b/bounce.c @@ -90,6 +90,7 @@ int main(int argc, char *argv[]) { char certPath[PATH_MAX] = ""; char privPath[PATH_MAX] = ""; + bool insecure = false; const char *host = NULL; const char *port = "6697"; const char *pass = NULL; @@ -101,8 +102,9 @@ int main(int argc, char *argv[]) { const char *away = "pounced :3"; int opt; - while (0 < (opt = getopt(argc, argv, "A:C:H:K:NP:W:a:h:j:n:p:r:u:vw:"))) { + while (0 < (opt = getopt(argc, argv, "!A:C:H:K:NP:W:a:h:j:n:p:r:u:vw:"))) { switch (opt) { + break; case '!': insecure = true; break; case 'A': away = optarg; break; case 'C': strlcpy(certPath, optarg, sizeof(certPath)); break; case 'H': localHost = optarg; @@ -143,7 +145,7 @@ int main(int argc, char *argv[]) { int bind[8]; size_t binds = listenBind(bind, 8, localHost, localPort); - int server = serverConnect(host, port); + int server = serverConnect(insecure, host, port); serverLogin(pass, auth, nick, user, real); while (!stateReady()) serverRecv(); if (join) serverFormat("JOIN :%s\r\n", join); diff --git a/bounce.h b/bounce.h index 26e62df..b0d6d18 100644 --- a/bounce.h +++ b/bounce.h @@ -65,7 +65,7 @@ void listenConfig(const char *cert, const char *priv); size_t listenBind(int fds[], size_t cap, const char *host, const char *port); struct tls *listenAccept(int *fd, int bind); -int serverConnect(const char *host, const char *port); +int serverConnect(bool insecure, const char *host, const char *port); void serverLogin( const char *pass, const char *auth, const char *nick, const char *user, const char *real diff --git a/server.c b/server.c index bdeb695..19d5aca 100644 --- a/server.c +++ b/server.c @@ -33,13 +33,18 @@ typedef unsigned char byte; static struct tls *client; -int serverConnect(const char *host, const char *port) { +int serverConnect(bool insecure, const char *host, const char *port) { int error; struct tls_config *config = tls_config_new(); error = tls_config_set_ciphers(config, "compat"); if (error) errx(EX_SOFTWARE, "tls_config"); + if (insecure) { + tls_config_insecure_noverifycert(config); + tls_config_insecure_noverifyname(config); + } + client = tls_client(); if (!client) errx(EX_SOFTWARE, "tls_client"); -- cgit 1.4.1