7 int debug, auth, dialfile;
9 char *servername, *file, *filex, *ccert, *dumpcert;
14 fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c clientcert.pem] [-d servercert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
19 xfer(int from, int to)
24 while((n = read(from, buf, sizeof buf)) > 0)
25 if(write(to, buf, n) < 0)
30 reporter(char *fmt, ...)
35 fprint(2, "%s: tls reports ", argv0);
44 main(int argc, char **argv)
52 fmtinstall('[', encodefmt);
53 fmtinstall('H', encodefmt);
63 keyspec = EARGF(usage());
66 file = EARGF(usage());
69 filex = EARGF(usage());
72 ccert = EARGF(usage());
75 dumpcert = EARGF(usage());
78 servername = EARGF(usage());
91 sysfatal("specifying -x without -t is useless");
94 thumb = initThumbprints(file, filex, "x509");
96 sysfatal("initThumbprints: %r");
101 if((fd = dialfile? open(addr, ORDWR): dial(addr, 0, 0, 0)) < 0)
102 sysfatal("dial %s: %r", addr);
104 conn = (TLSconn*)mallocz(sizeof *conn, 1);
105 conn->serverName = servername;
107 conn->cert = readcert(ccert, &conn->certlen);
108 if(conn->cert == nil)
109 sysfatal("readcert: %r");
113 ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec);
115 sysfatal("auth_proxy: %r");
117 conn->pskID = "p9secret";
118 conn->psk = ai->secret;
119 conn->psklen = ai->nsecret;
123 conn->trace = reporter;
125 fd = tlsClient(fd, conn);
127 sysfatal("tlsclient: %r");
130 if((dfd = create(dumpcert, OWRITE, 0666)) < 0)
131 sysfatal("create: %r");
132 if(conn->cert != nil)
133 write(dfd, conn->cert, conn->certlen);
139 if(!okCertificate(conn->cert, conn->certlen, thumb))
140 sysfatal("cert for %s not recognized: %r", servername ? servername : addr);
141 freeThumbprints(thumb);
145 free(conn->sessionID);
156 sysfatal("exec: %r");
162 sysfatal("fork: %r");
170 postnote(PNGROUP, getpid(), "die yankee pig dog");