shithub: fork

ref: 8f211091301af3a465be701bfdfecf049733dc20
dir: /sys/src/cmd/upas/fs/tls.c/

View raw version
#include "common.h"
#include <libsec.h>
#include <auth.h>
#include "dat.h"

int
wraptls(int ofd, char *host)
{
	Thumbprint *thumb;
	TLSconn conn;
	int fd;

	memset(&conn, 0, sizeof conn);
	conn.serverName = host;
	fd = tlsClient(ofd, &conn);
	if(fd < 0){
		close(ofd);
		return -1;
	}
	if(nocertcheck){
		syslog(Sflag, logf, "ignoring cert for %s", host);
		goto skip;
	}
	thumb = initThumbprints("/sys/lib/tls/mail", "/sys/lib/tls/mail.exclude", "x509");
	if(thumb != nil){
		if(!okCertificate(conn.cert, conn.certlen, thumb)){
			werrstr("cert for %s not recognized: %r", host);
			close(fd);
			fd = -1;
		}
		freeThumbprints(thumb);
	}
skip:
	free(conn.cert);
	free(conn.sessionID);
	return fd;
}