Subversion Repositories planix.SVN

#include <u.h>

#include <libc.h>

#include <mp.h>

#include <libsec.h>

void

usage(void)

{

	fprint(2, "usage: tlsclient [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] dialstring\n");

	exits("usage");

}

void

xfer(int from, int to)

{

	char buf[12*1024];

	int n;

	while((n = read(from, buf, sizeof buf)) > 0)

		if(write(to, buf, n) < 0)

			break;

}

void

main(int argc, char **argv)

{

	int fd, netfd;

	uchar digest[20];

	TLSconn conn;

	char *addr, *file, *filex;

	Thumbprint *thumb;

	file = nil;

	filex = nil;

	thumb = nil;

	ARGBEGIN{

	case 't':

		file = EARGF(usage());

		break;

	case 'x':

		filex = EARGF(usage());

		break;

	default:

		usage();

	}ARGEND

	if(argc != 1)

		usage();

	if(filex && !file)	

		sysfatal("specifying -x without -t is useless");

	if(file){

		thumb = initThumbprints(file, filex);

		if(thumb == nil)

			sysfatal("initThumbprints: %r");

	}

	addr = argv[0];

	if((netfd = dial(addr, 0, 0, 0)) < 0)

		sysfatal("dial %s: %r", addr);

	memset(&conn, 0, sizeof conn);

	fd = tlsClient(netfd, &conn);

	if(fd < 0)

		sysfatal("tlsclient: %r");

	if(thumb){

		if(conn.cert==nil || conn.certlen<=0)

			sysfatal("server did not provide TLS certificate");

		sha1(conn.cert, conn.certlen, digest, nil);

		if(!okThumbprint(digest, thumb)){

			fmtinstall('H', encodefmt);

			sysfatal("server certificate %.*H not recognized", SHA1dlen, digest);

		}

	}

	free(conn.cert);

	close(netfd);

	rfork(RFNOTEG);

	switch(fork()){

	case -1:

		fprint(2, "%s: fork: %r\n", argv0);

		exits("dial");

	case 0:

		xfer(0, fd);

		break;

	default:

		xfer(fd, 1);

		break;

	}

	postnote(PNGROUP, getpid(), "die yankee pig dog");

	exits(0);

}