7 int debug, auth, dialfile;
9 char *servername, *file, *filex, *ccert;
14 fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
19 xfer(int from, int to)
24 while((n = read(from, buf, sizeof buf)) > 0)
25 if(write(to, buf, n) < 0)
30 reporter(char *fmt, ...)
35 fprint(2, "%s: tls reports ", argv0);
44 main(int argc, char **argv)
52 fmtinstall('H', encodefmt);
62 keyspec = EARGF(usage());
65 file = EARGF(usage());
68 filex = EARGF(usage());
71 ccert = EARGF(usage());
74 servername = EARGF(usage());
87 sysfatal("specifying -x without -t is useless");
90 thumb = initThumbprints(file, filex, "x509");
92 sysfatal("initThumbprints: %r");
97 if((fd = dialfile? open(addr, ORDWR): dial(addr, 0, 0, 0)) < 0)
98 sysfatal("dial %s: %r", addr);
100 conn = (TLSconn*)mallocz(sizeof *conn, 1);
101 conn->serverName = servername;
103 conn->cert = readcert(ccert, &conn->certlen);
104 if(conn->cert == nil)
105 sysfatal("readcert: %r");
109 ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec);
111 sysfatal("auth_proxy: %r");
113 conn->pskID = "p9secret";
114 conn->psk = ai->secret;
115 conn->psklen = ai->nsecret;
119 conn->trace = reporter;
121 fd = tlsClient(fd, conn);
123 sysfatal("tlsclient: %r");
126 if(!okCertificate(conn->cert, conn->certlen, thumb))
127 sysfatal("cert for %s not recognized: %r", servername ? servername : addr);
128 freeThumbprints(thumb);
132 free(conn->sessionID);
143 sysfatal("exec: %r");
149 sysfatal("fork: %r");
157 postnote(PNGROUP, getpid(), "die yankee pig dog");