sys/src/cmd/upas/fs/tls.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#include "common.h"
#include <libsec.h>
#include <auth.h>
#include "dat.h"

int
wraptls(int ofd, char *host)
{
	Thumbprint *thumb;
	TLSconn conn;
	int fd;

	memset(&conn, 0, sizeof conn);
	conn.serverName = host;
	fd = tlsClient(ofd, &conn);
	if(fd < 0){
		close(ofd);
		return -1;
	}
	thumb = initThumbprints("/sys/lib/tls/mail", "/sys/lib/tls/mail.exclude", "x509");
	if(thumb != nil){
		if(!okCertificate(conn.cert, conn.certlen, thumb)){
			werrstr("cert for %s not recognized: %r", host);
		Err:
			close(fd);
			fd = -1;
		}
		freeThumbprints(thumb);
	}
	free(conn.cert);
	free(conn.sessionID);
	return fd;
}