summaryrefslogtreecommitdiff
path: root/sys/src/cmd/tlsclient.c
AgeCommit message (Collapse)Author
2023-01-03tlsclient: try /bin/$cmd for execcinap_lenrek
2023-01-03tlsclient: keep stderrcinap_lenrek
2018-01-06tlsclient: allow dumping the server's certificate with new -d flagcinap_lenrek
usefull for debugging, like: ./8.tlsclient -d /fd/3 tcp!code.9front.org!https |[0=3] auth/asn1dump
2018-01-06tlsclient: remove X509dump() call, writes to fd 1cinap_lenrek
2017-12-30libsec: implement SPKI fingerprinting for okCertificate()cinap_lenrek
Instead of only using a hash over the whole certificate for white/black-listing, now we can also use a hash over the Subject Public Key Info (SPKI) field of the certificate which contians the public key algorithm and the public key itself. This allows certificates to be renewed independendtly of the public key. X509dump() now prints the public key thumbprint in addition to the certificate thumbprint. tlsclient will print the certificate when run with -D flag. okCertificate() will print the public key thumbprint in its error string when no match has been found.
2017-04-23libsec: sha256 support for thumbprint files, use it in ssh as wellcinap_lenrek
initThumbprints() now takes an application tag argument so x509 and ssh can coexist. the thumbprint entries can now hold both sha1 and sha256 hashes. okThumbprint() now takes a len argument for the hash length used. the new function okCertificate() hashes the certificate with both and checks for any matches. on failure, okCertificate() returns 0 and sets error string. we also check for include loops now in thumbfiles, limiting the number of includes to 8.
2016-02-14tlsclient: add -o option to establish connection over a file, free the ↵cinap_lenrek
AuthInfo structure to avoid leaking secrets
2016-02-01tlssrv: p9any authentication support using TLS-PSK cipher suitscinap_lenrek
2013-09-14tls: fix various tlsClient()/tlsServer() related bugscinap_lenrek
- TLSconn structure on stack but not initialized (zeroed) - original filedescriptor double closed in error case - original filedescriptor leaked in success case - leaked TLSconn.sessionID and TLSconn.cert - clarify in pushtls(2) and pushssl(2)
2012-11-15add C-Keens tls-client-authcinap_lenrek
This patch adds client TLS authentication to libsec in compliance with rfc 4346. A new -c flag has been introduced for tlsclient allowing the user to specify a certificate in pem(8) format which will be provided to the server upon request. A -D debug flag has been introduced to enable debugging output. The patch has been tested against OpenSSL 0.9.7j 04 May 2006. It exists today because of the great (debugging) help and insight provided by Matthias Bauer. TODOs: - specification of a certain client key in factotum is not possible at the moment - tlssrv should support this too These will get added in another patch. The first try to submit this patch failed due to a network error. Sorry for the duplication! Kind regards, Christian
2011-03-30Import sources from 2011-03-30 iso image - libTaru Karttunen
2011-03-30Import sources from 2011-03-30 iso imageTaru Karttunen
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 18:22:30 +0000