From e99216c7b3472b18f27d5350459afbc302537eda Mon Sep 17 00:00:00 2001 From: Omar Polo Date: Sun, 28 Nov 2021 09:15:34 +0000 Subject: [PATCH] add -t to trust self-signed certificates --- extra/notify/notify.c | 9 ++++++++- extra/notify/pounce-notify.1 | 6 ++++++ extra/palaver/notify.c | 9 ++++++++- extra/palaver/pounce-palaver.1 | 5 +++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/extra/notify/notify.c b/extra/notify/notify.c index 7257f4b..935ba26 100644 --- a/extra/notify/notify.c +++ b/extra/notify/notify.c @@ -258,14 +258,16 @@ int main(int argc, char *argv[]) { const char *host = NULL; const char *port = "6697"; const char *pass = NULL; + const char *trust = NULL; const char *user = "pounce-notify"; - for (int opt; 0 < (opt = getopt(argc, argv, "!c:k:p:u:vw:"));) { + for (int opt; 0 < (opt = getopt(argc, argv, "!c:k:p:t:u:vw:"));) { switch (opt) { break; case '!': insecure = true; break; case 'c': cert = optarg; break; case 'k': priv = optarg; break; case 'p': port = optarg; + break; case 't': trust = optarg; break; case 'u': user = optarg; break; case 'v': verbose = true; break; case 'w': pass = optarg; @@ -292,6 +294,11 @@ int main(int argc, char *argv[]) { } int error; + if (trust) { + tls_config_insecure_noverifyname(config); + error = tls_config_set_ca_file(config, trust); + if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); + } if (cert) { error = tls_config_set_keypair_file(config, cert, (priv ? priv : cert)); if (error) { diff --git a/extra/notify/pounce-notify.1 b/extra/notify/pounce-notify.1 index 60320c6..fb8de80 100644 --- a/extra/notify/pounce-notify.1 +++ b/extra/notify/pounce-notify.1 @@ -12,6 +12,7 @@ .Op Fl c Ar cert .Op Fl k Ar priv .Op Fl p Ar port +.Op Fl t Ar trust .Op Fl u Ar user .Op Fl w Ar pass .Ar host @@ -51,6 +52,11 @@ Load the TLS client private key from Connect to .Ar port . The default port is 6697. +.It Fl t Ar path +Trust the self-signed certificate loaded +from +.Ar path +and disable server name verification. .It Fl u Ar user Set the username to .Ar user . diff --git a/extra/palaver/notify.c b/extra/palaver/notify.c index c6a745c..36e4ae1 100644 --- a/extra/palaver/notify.c +++ b/extra/palaver/notify.c @@ -693,9 +693,10 @@ int main(int argc, char *argv[]) { const char *host = NULL; const char *port = "6697"; const char *pass = NULL; + const char *trust = NULL; const char *user = "pounce-palaver"; - for (int opt; 0 < (opt = getopt(argc, argv, "!NPc:d:k:p:su:vw:"));) { + for (int opt; 0 < (opt = getopt(argc, argv, "!NPc:d:k:p:st:u:vw:"));) { switch (opt) { break; case '!': insecure = true; break; case 'N': noPreview = true; @@ -705,6 +706,7 @@ int main(int argc, char *argv[]) { break; case 'k': priv = optarg; break; case 'p': port = optarg; break; case 's': sensitive = true; + break; case 't': trust = optarg; break; case 'u': user = optarg; break; case 'v': verbose = true; break; case 'w': pass = optarg; @@ -757,6 +759,11 @@ int main(int argc, char *argv[]) { } int error; + if (trust) { + tls_config_insecure_noverifyname(config); + error = tls_config_set_ca_file(config, trust); + if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); + } if (cert) { error = tls_config_set_keypair_file(config, cert, (priv ? priv : cert)); if (error) { diff --git a/extra/palaver/pounce-palaver.1 b/extra/palaver/pounce-palaver.1 index 59daefa..1f1370f 100644 --- a/extra/palaver/pounce-palaver.1 +++ b/extra/palaver/pounce-palaver.1 @@ -13,6 +13,7 @@ .Op Fl d Ar path .Op Fl k Ar priv .Op Fl p Ar port +.Op Fl t Ar trust .Op Fl u Ar user .Op Fl w Ar pass .Ar host @@ -59,6 +60,10 @@ The default port is 6697. .It Fl s Match nick and keywords case-sensitively, despite the specification. +.It Fl t Ar path +Trust the self-signed certificate loaded from +.Ar path +and disable server name verification. .It Fl u Ar user Set the username to .Ar user . -- 2.34.0