From 41a41808e321aee9601273d533d21af7a4b49d2a Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Mon, 4 Nov 2019 21:31:53 -0500
Subject: Add options for TLS client certificate

---
 server.c | 39 +++++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

(limited to 'server.c')

diff --git a/server.c b/server.c
index e23dc9a..5ca517c 100644
--- a/server.c
+++ b/server.c
@@ -31,24 +31,51 @@
 
 static struct tls *client;
 
-int serverConnect(bool insecure, const char *host, const char *port) {
-	int error;
-
+void serverConfig(bool insecure, const char *cert, const char *priv) {
 	struct tls_config *config = tls_config_new();
-	error = tls_config_set_ciphers(config, "compat");
-	if (error) errx(EX_SOFTWARE, "tls_config");
+	if (!config) errx(EX_SOFTWARE, "tls_config_new");
+
+	int error = tls_config_set_ciphers(config, "compat");
+	if (error) {
+		errx(EX_SOFTWARE, "tls_config_set_ciphers: %s", tls_config_error(config));
+	}
 
 	if (insecure) {
 		tls_config_insecure_noverifycert(config);
 		tls_config_insecure_noverifyname(config);
 	}
 
+	if (cert) {
+		error = tls_config_set_cert_file(config, cert);
+		if (error) {
+			errx(
+				EX_SOFTWARE, "tls_config_set_cert_file: %s",
+				tls_config_error(config)
+			);
+		}
+	}
+
+	if (cert && !priv) priv = cert;
+	if (priv) {
+		error = tls_config_set_key_file(config, priv);
+		if (error) {
+			errx(
+				EX_SOFTWARE, "tls_config_set_key_file: %s",
+				tls_config_error(config)
+			);
+		}
+	}
+
 	client = tls_client();
 	if (!client) errx(EX_SOFTWARE, "tls_client");
 
 	error = tls_configure(client, config);
 	if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(client));
 	tls_config_free(config);
+}
+
+int serverConnect(const char *host, const char *port) {
+	assert(client);
 
 	struct addrinfo *head;
 	struct addrinfo hints = {
@@ -56,7 +83,7 @@ int serverConnect(bool insecure, const char *host, const char *port) {
 		.ai_socktype = SOCK_STREAM,
 		.ai_protocol = IPPROTO_TCP,
 	};
-	error = getaddrinfo(host, port, &hints, &head);
+	int error = getaddrinfo(host, port, &hints, &head);
 	if (error) errx(EX_NOHOST, "%s:%s: %s", host, port, gai_strerror(error));
 
 	int sock = -1;
-- 
cgit 1.4.1