7 int debug, auth, dialfile;
9 char *servername, *file, *filex, *ccert;
14 fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
19 xfer(int from, int to)
24 while((n = read(from, buf, sizeof buf)) > 0)
25 if(write(to, buf, n) < 0)
30 reporter(char *fmt, ...)
35 fprint(2, "%s: tls reports ", argv0);
44 main(int argc, char **argv)
52 fmtinstall('B', mpfmt);
53 fmtinstall('[', encodefmt);
54 fmtinstall('H', encodefmt);
64 keyspec = EARGF(usage());
67 file = EARGF(usage());
70 filex = EARGF(usage());
73 ccert = EARGF(usage());
76 servername = EARGF(usage());
89 sysfatal("specifying -x without -t is useless");
92 thumb = initThumbprints(file, filex, "x509");
94 sysfatal("initThumbprints: %r");
99 if((fd = dialfile? open(addr, ORDWR): dial(addr, 0, 0, 0)) < 0)
100 sysfatal("dial %s: %r", addr);
102 conn = (TLSconn*)mallocz(sizeof *conn, 1);
103 conn->serverName = servername;
105 conn->cert = readcert(ccert, &conn->certlen);
106 if(conn->cert == nil)
107 sysfatal("readcert: %r");
111 ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec);
113 sysfatal("auth_proxy: %r");
115 conn->pskID = "p9secret";
116 conn->psk = ai->secret;
117 conn->psklen = ai->nsecret;
121 conn->trace = reporter;
123 fd = tlsClient(fd, conn);
125 sysfatal("tlsclient: %r");
128 X509dump(conn->cert, conn->certlen);
131 if(!okCertificate(conn->cert, conn->certlen, thumb))
132 sysfatal("cert for %s not recognized: %r", servername ? servername : addr);
133 freeThumbprints(thumb);
137 free(conn->sessionID);
148 sysfatal("exec: %r");
154 sysfatal("fork: %r");
162 postnote(PNGROUP, getpid(), "die yankee pig dog");