mirror of https://github.com/omar-polo/gmid.git
gg: add support for client certs
This commit is contained in:
parent
57ec3e776e
commit
31b3662c54
5
gg.1
5
gg.1
|
@ -21,6 +21,7 @@
|
|||
.Nm
|
||||
.Bk -words
|
||||
.Op Fl 23bchNVv
|
||||
.Op Fl C Pa cert.pem Fl K Pa key.pem
|
||||
.Op Fl H Ar hostname
|
||||
.Ar IRI
|
||||
.Ek
|
||||
|
@ -37,6 +38,8 @@ Use only TLSv1.2.
|
|||
Use only TLSv1.3.
|
||||
.It Fl b
|
||||
Print only the body of the response.
|
||||
.It Fl C Pa cert.pem
|
||||
Load the client certificate, must be in PEM format.
|
||||
.It Fl c
|
||||
Print only the response code.
|
||||
.It Fl H Ar hostname
|
||||
|
@ -46,6 +49,8 @@ for SNI, instead of the one extracted from the IRI.
|
|||
The IRI hostname will still be used for the DNS resolution.
|
||||
.It Fl h
|
||||
Print only the response header.
|
||||
.It Fl K Pa key.pem
|
||||
Load the client certificate key, must be in PEM format.
|
||||
.It Fl N
|
||||
Don't check whether the peer certificate name matches the requested
|
||||
hostname.
|
||||
|
|
15
gg.c
15
gg.c
|
@ -19,6 +19,7 @@
|
|||
#include "gmid.h"
|
||||
|
||||
int flag2, flag3, bflag, cflag, hflag, Nflag, Vflag, vflag;
|
||||
const char *cert, *key;
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
|
@ -35,7 +36,7 @@ main(int argc, char **argv)
|
|||
ssize_t len;
|
||||
|
||||
hostname = NULL;
|
||||
while ((ch = getopt(argc, argv, "23cbH:hNVv")) != -1) {
|
||||
while ((ch = getopt(argc, argv, "23C:cbH:hK:NVv")) != -1) {
|
||||
switch (ch) {
|
||||
case '2':
|
||||
flag2 = 1;
|
||||
|
@ -46,6 +47,9 @@ main(int argc, char **argv)
|
|||
case 'b':
|
||||
bflag = 1;
|
||||
break;
|
||||
case 'C':
|
||||
cert = optarg;
|
||||
break;
|
||||
case 'c':
|
||||
cflag = 1;
|
||||
break;
|
||||
|
@ -55,6 +59,9 @@ main(int argc, char **argv)
|
|||
case 'h':
|
||||
hflag = 1;
|
||||
break;
|
||||
case 'K':
|
||||
key = optarg;
|
||||
break;
|
||||
case 'N':
|
||||
Nflag = 1;
|
||||
break;
|
||||
|
@ -79,6 +86,9 @@ main(int argc, char **argv)
|
|||
if (flag2 + flag3 > 1)
|
||||
errx(1, "only -2 or -3 can be specified at the same time.");
|
||||
|
||||
if ((cert != NULL && key == NULL) || (cert == NULL && key != NULL))
|
||||
errx(1, "missing certificate or key");
|
||||
|
||||
if (argc != 1)
|
||||
errx(1, "missing IRI");
|
||||
|
||||
|
@ -107,6 +117,9 @@ main(int argc, char **argv)
|
|||
if (flag3 && tls_config_set_protocols(conf, TLS_PROTOCOL_TLSv1_3) == -1)
|
||||
errx(1, "cannot set TLSv1.3");
|
||||
|
||||
if (cert != NULL && tls_config_set_keypair_file(conf, cert, key))
|
||||
errx(1, "couldn't load cert: %s", cert);
|
||||
|
||||
if ((ctx = tls_client()) == NULL)
|
||||
errx(1, "tls_client creation failed");
|
||||
|
||||
|
|
Loading…
Reference in New Issue