tlsclient: allow dumping the server's certificate with new -d flag
usefull for debugging, like: ./8.tlsclient -d /fd/3 tcp!code.9front.org!https |[0=3] auth/asn1dumpfront
cinap_lenrek
parent
e548a86575
commit
d4a830e2e1
|
|
@ -45,7 +45,11 @@ logfile
|
|||
]
|
||||
[
|
||||
.B -c
|
||||
.I cert.pem
|
||||
.I clientcert.pem
|
||||
]
|
||||
[
|
||||
.B -d
|
||||
.I servercert
|
||||
]
|
||||
[
|
||||
.B -t
|
||||
|
|
@ -128,6 +132,13 @@ Specifying a certificate in pem(8) format with the
|
|||
flag, causes the client to submit this certificate upon
|
||||
server's request. A corresponding key has to be present in
|
||||
.IR factotum (4).
|
||||
The
|
||||
.B -d
|
||||
flag writes the server's certificate to the file
|
||||
.I servercert
|
||||
in binary ASN.1 encoding.
|
||||
If the server doesnt provide a certificate, an empty
|
||||
file is created.
|
||||
If the
|
||||
.B -t
|
||||
flag
|
||||
|
|
|
|||
|
|
@ -6,12 +6,12 @@
|
|||
|
||||
int debug, auth, dialfile;
|
||||
char *keyspec = "";
|
||||
char *servername, *file, *filex, *ccert;
|
||||
char *servername, *file, *filex, *ccert, *dumpcert;
|
||||
|
||||
void
|
||||
usage(void)
|
||||
{
|
||||
fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
|
||||
fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c clientcert.pem] [-d servercert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
|
||||
exits("usage");
|
||||
}
|
||||
|
||||
|
|
@ -43,13 +43,12 @@ reporter(char *fmt, ...)
|
|||
void
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
int fd;
|
||||
int fd, dfd;
|
||||
char *addr;
|
||||
TLSconn *conn;
|
||||
Thumbprint *thumb;
|
||||
AuthInfo *ai = nil;
|
||||
|
||||
fmtinstall('B', mpfmt);
|
||||
fmtinstall('[', encodefmt);
|
||||
fmtinstall('H', encodefmt);
|
||||
|
||||
|
|
@ -72,6 +71,9 @@ main(int argc, char **argv)
|
|||
case 'c':
|
||||
ccert = EARGF(usage());
|
||||
break;
|
||||
case 'd':
|
||||
dumpcert = EARGF(usage());
|
||||
break;
|
||||
case 'n':
|
||||
servername = EARGF(usage());
|
||||
break;
|
||||
|
|
@ -124,6 +126,15 @@ main(int argc, char **argv)
|
|||
if(fd < 0)
|
||||
sysfatal("tlsclient: %r");
|
||||
|
||||
if(dumpcert){
|
||||
if((dfd = create(dumpcert, OWRITE, 0666)) < 0)
|
||||
sysfatal("create: %r");
|
||||
if(conn->cert != nil)
|
||||
write(dfd, conn->cert, conn->certlen);
|
||||
write(dfd, "", 0);
|
||||
close(dfd);
|
||||
}
|
||||
|
||||
if(thumb){
|
||||
if(!okCertificate(conn->cert, conn->certlen, thumb))
|
||||
sysfatal("cert for %s not recognized: %r", servername ? servername : addr);
|
||||
|
|
|
|||
Loading…
Reference in New Issue