diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2018-01-06 07:43:08 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2018-01-06 07:43:08 +0100 |
| commit | d4a830e2e1d333c9bdbf5c17475f89efdf43be89 (patch) | |
| tree | d7f206a3cc87203d2a29251c2d38df7b37432215 | |
| parent | e548a86575fb1cde326f995c86d5ce04da7cd48c (diff) | |
tlsclient: allow dumping the server's certificate with new -d flag
usefull for debugging, like:
./8.tlsclient -d /fd/3 tcp!code.9front.org!https |[0=3] auth/asn1dump
| -rw-r--r-- | sys/man/8/tlssrv | 13 | ||||
| -rw-r--r-- | sys/src/cmd/tlsclient.c | 19 |
2 files changed, 27 insertions, 5 deletions
diff --git a/sys/man/8/tlssrv b/sys/man/8/tlssrv index 9ebaa0104..983251ad2 100644 --- a/sys/man/8/tlssrv +++ b/sys/man/8/tlssrv @@ -45,7 +45,11 @@ logfile ] [ .B -c -.I cert.pem +.I clientcert.pem +] +[ +.B -d +.I servercert ] [ .B -t @@ -128,6 +132,13 @@ Specifying a certificate in pem(8) format with the flag, causes the client to submit this certificate upon server's request. A corresponding key has to be present in .IR factotum (4). +The +.B -d +flag writes the server's certificate to the file +.I servercert +in binary ASN.1 encoding. +If the server doesnt provide a certificate, an empty +file is created. If the .B -t flag diff --git a/sys/src/cmd/tlsclient.c b/sys/src/cmd/tlsclient.c index f8d2e7a96..06d34a320 100644 --- a/sys/src/cmd/tlsclient.c +++ b/sys/src/cmd/tlsclient.c @@ -6,12 +6,12 @@ int debug, auth, dialfile; char *keyspec = ""; -char *servername, *file, *filex, *ccert; +char *servername, *file, *filex, *ccert, *dumpcert; void usage(void) { - fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n"); + fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c clientcert.pem] [-d servercert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n"); exits("usage"); } @@ -43,13 +43,12 @@ reporter(char *fmt, ...) void main(int argc, char **argv) { - int fd; + int fd, dfd; char *addr; TLSconn *conn; Thumbprint *thumb; AuthInfo *ai = nil; - fmtinstall('B', mpfmt); fmtinstall('[', encodefmt); fmtinstall('H', encodefmt); @@ -72,6 +71,9 @@ main(int argc, char **argv) case 'c': ccert = EARGF(usage()); break; + case 'd': + dumpcert = EARGF(usage()); + break; case 'n': servername = EARGF(usage()); break; @@ -124,6 +126,15 @@ main(int argc, char **argv) if(fd < 0) sysfatal("tlsclient: %r"); + if(dumpcert){ + if((dfd = create(dumpcert, OWRITE, 0666)) < 0) + sysfatal("create: %r"); + if(conn->cert != nil) + write(dfd, conn->cert, conn->certlen); + write(dfd, "", 0); + close(dfd); + } + if(thumb){ if(!okCertificate(conn->cert, conn->certlen, thumb)) sysfatal("cert for %s not recognized: %r", servername ? servername : addr); |