tlsclient: allow dumping the server's certificate with new -d flag
usefull for debugging, like: ./8.tlsclient -d /fd/3 tcp!code.9front.org!https |[0=3] auth/asn1dump
This commit is contained in:
cinap_lenrek
parent
e548a86575
commit
d4a830e2e1
2 changed files with 27 additions and 5 deletions
|
|
@ -45,7 +45,11 @@ logfile
|
||||||
]
|
]
|
||||||
[
|
[
|
||||||
.B -c
|
.B -c
|
||||||
.I cert.pem
|
.I clientcert.pem
|
||||||
|
]
|
||||||
|
[
|
||||||
|
.B -d
|
||||||
|
.I servercert
|
||||||
]
|
]
|
||||||
[
|
[
|
||||||
.B -t
|
.B -t
|
||||||
|
|
@ -128,6 +132,13 @@ Specifying a certificate in pem(8) format with the
|
||||||
flag, causes the client to submit this certificate upon
|
flag, causes the client to submit this certificate upon
|
||||||
server's request. A corresponding key has to be present in
|
server's request. A corresponding key has to be present in
|
||||||
.IR factotum (4).
|
.IR factotum (4).
|
||||||
|
The
|
||||||
|
.B -d
|
||||||
|
flag writes the server's certificate to the file
|
||||||
|
.I servercert
|
||||||
|
in binary ASN.1 encoding.
|
||||||
|
If the server doesnt provide a certificate, an empty
|
||||||
|
file is created.
|
||||||
If the
|
If the
|
||||||
.B -t
|
.B -t
|
||||||
flag
|
flag
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,12 @@
|
||||||
|
|
||||||
int debug, auth, dialfile;
|
int debug, auth, dialfile;
|
||||||
char *keyspec = "";
|
char *keyspec = "";
|
||||||
char *servername, *file, *filex, *ccert;
|
char *servername, *file, *filex, *ccert, *dumpcert;
|
||||||
|
|
||||||
void
|
void
|
||||||
usage(void)
|
usage(void)
|
||||||
{
|
{
|
||||||
fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
|
fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c clientcert.pem] [-d servercert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
|
||||||
exits("usage");
|
exits("usage");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -43,13 +43,12 @@ reporter(char *fmt, ...)
|
||||||
void
|
void
|
||||||
main(int argc, char **argv)
|
main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
int fd;
|
int fd, dfd;
|
||||||
char *addr;
|
char *addr;
|
||||||
TLSconn *conn;
|
TLSconn *conn;
|
||||||
Thumbprint *thumb;
|
Thumbprint *thumb;
|
||||||
AuthInfo *ai = nil;
|
AuthInfo *ai = nil;
|
||||||
|
|
||||||
fmtinstall('B', mpfmt);
|
|
||||||
fmtinstall('[', encodefmt);
|
fmtinstall('[', encodefmt);
|
||||||
fmtinstall('H', encodefmt);
|
fmtinstall('H', encodefmt);
|
||||||
|
|
||||||
|
|
@ -72,6 +71,9 @@ main(int argc, char **argv)
|
||||||
case 'c':
|
case 'c':
|
||||||
ccert = EARGF(usage());
|
ccert = EARGF(usage());
|
||||||
break;
|
break;
|
||||||
|
case 'd':
|
||||||
|
dumpcert = EARGF(usage());
|
||||||
|
break;
|
||||||
case 'n':
|
case 'n':
|
||||||
servername = EARGF(usage());
|
servername = EARGF(usage());
|
||||||
break;
|
break;
|
||||||
|
|
@ -124,6 +126,15 @@ main(int argc, char **argv)
|
||||||
if(fd < 0)
|
if(fd < 0)
|
||||||
sysfatal("tlsclient: %r");
|
sysfatal("tlsclient: %r");
|
||||||
|
|
||||||
|
if(dumpcert){
|
||||||
|
if((dfd = create(dumpcert, OWRITE, 0666)) < 0)
|
||||||
|
sysfatal("create: %r");
|
||||||
|
if(conn->cert != nil)
|
||||||
|
write(dfd, conn->cert, conn->certlen);
|
||||||
|
write(dfd, "", 0);
|
||||||
|
close(dfd);
|
||||||
|
}
|
||||||
|
|
||||||
if(thumb){
|
if(thumb){
|
||||||
if(!okCertificate(conn->cert, conn->certlen, thumb))
|
if(!okCertificate(conn->cert, conn->certlen, thumb))
|
||||||
sysfatal("cert for %s not recognized: %r", servername ? servername : addr);
|
sysfatal("cert for %s not recognized: %r", servername ? servername : addr);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue