9 char *servername, *file, *filex, *ccert;
14 fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] dialstring [cmd [args...]]\n");
19 xfer(int from, int to)
24 while((n = read(from, buf, sizeof buf)) > 0)
25 if(write(to, buf, n) < 0)
30 reporter(char *fmt, ...)
35 fprint(2, "%s: tls reports ", argv0);
44 main(int argc, char **argv)
51 fmtinstall('H', encodefmt);
61 keyspec = EARGF(usage());
64 file = EARGF(usage());
67 filex = EARGF(usage());
70 ccert = EARGF(usage());
73 servername = EARGF(usage());
83 sysfatal("specifying -x without -t is useless");
86 thumb = initThumbprints(file, filex);
88 sysfatal("initThumbprints: %r");
93 if((fd = dial(addr, 0, 0, 0)) < 0)
94 sysfatal("dial %s: %r", addr);
96 conn = (TLSconn*)mallocz(sizeof *conn, 1);
97 conn->serverName = servername;
99 conn->cert = readcert(ccert, &conn->certlen);
100 if(conn->cert == nil)
101 sysfatal("readcert: %r");
107 ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec);
109 sysfatal("auth_proxy: %r");
111 conn->pskID = "p9secret";
112 conn->psk = ai->secret;
113 conn->psklen = ai->nsecret;
117 conn->trace = reporter;
119 fd = tlsClient(fd, conn);
121 sysfatal("tlsclient: %r");
126 if(conn->cert==nil || conn->certlen<=0)
127 sysfatal("server did not provide TLS certificate");
128 sha1(conn->cert, conn->certlen, digest, nil);
129 if(!okThumbprint(digest, thumb))
130 sysfatal("server certificate %.*H not recognized", SHA1dlen, digest);
139 sysfatal("exec: %r");
145 sysfatal("fork: %r");
153 postnote(PNGROUP, getpid(), "die yankee pig dog");