Merge pull request 'Removes support for client certificates in Bombadillo' (#181) from remove-client-certs into release2.3.2

Reviewed-on: sloum/bombadillo#181

bombadillo.1

@@ -33,7 +33,7 @@ Gopher is the default protocol for \fBbombadillo\fP. Any textual item types will
 .TP
 .B
 gemini
-Gemini is supported, but as a new protocol with an incomplete specification, features may change over time. At present Bombadillo supports TLS with a trust on first use certificate pinning system (similar to SSH). Client certificates are also supported as a configurable option. Gemini maps and other text types are rendered in the browser and non-text types will be downloaded.
+Gemini is supported, but as a new protocol with an incomplete specification, features may change over time. At present Bombadillo supports TLS with a trust on first use certificate pinning system (similar to SSH). Gemini maps and other text types are rendered in the browser and non-text types will be downloaded.
 .TP
 .B
 finger
@@ -259,16 +259,6 @@ Can toggle between visual modes. Valid values are \fInormal\fP, \fIcolor\fP, and
 .B
 timeout
 The number of seconds after which connections to gopher or gemini servers should time out if the server has not responded.
-.TP
-.B
-tlscertificate
-A path to a tls certificate file on a user's local filesystem. Defaults to NULL. Both \fItlscertificate\fP and \fItlskey\fP must be set for client certificates to work in gemini.
-.TP
-.B
-tlskey
-A path to a tls key that pairs with the tlscertificate setting, on a user's local filesystem. Defaults to NULL. Both \fItlskey\fP and \fItlscertificate\fP must be set for client certificates to work in gemini.
-.TP
-.B
 webmode
 Controls behavior when following web links. The following values are valid: \fInone\fP will disable following web links, \fIgui\fP will have the browser attempt to open web links in a user's default graphical web browser; \fIlynx\fP, \fIw3m\fP, and \fIelinks\fP will have the browser attempt to use the selected terminal web browser to handle the rendering of web pages and will display the pages directly in Bombadillo.
 

client.go

@@ -451,9 +451,7 @@ func (c *client) doCommandAs(action string, values []string) {
 				return
 			}
 			c.Options[values[0]] = lowerCaseOpt(values[0], val)
-			if values[0] == "tlskey" || values[0] == "tlscertificate" {
-				c.Certs.LoadCertificate(c.Options["tlscertificate"], c.Options["tlskey"])
-			} else if values[0] == "geminiblocks" {
+			if values[0] == "geminiblocks" {
 				gemini.BlockBehavior = c.Options[values[0]]
 			} else if values[0] == "timeout" {
 				updateTimeouts(c.Options[values[0]])

defaults.go

@@ -55,8 +55,6 @@ var defaultOptions = map[string]string{
 	"telnetcommand":  "telnet",
 	"theme":          "normal", // "normal", "inverted", "color"
 	"timeout":        "15",     // connection timeout for gopher/gemini in seconds
-	"tlscertificate": "",
-	"tlskey":         "",
 	"webmode":        "none",   // "none", "gui", "lynx", "w3m", "elinks"
 }
 

gemini/gemini.go

@@ -23,7 +23,6 @@ type Capsule struct {
 
 type TofuDigest struct {
 	certs      map[string]string
-	ClientCert tls.Certificate
 }
 
 var BlockBehavior string = "block"
@@ -33,15 +32,6 @@ var TlsTimeout time.Duration = time.Duration(15) * time.Second
 // + + +          R E C E I V E R S          + + + \\
 //--------------------------------------------------\\
 
-func (t *TofuDigest) LoadCertificate(cert, key string) {
-	certificate, err := tls.LoadX509KeyPair(cert, key)
-	if err != nil {
-		t.ClientCert = tls.Certificate{}
-		return
-	}
-	t.ClientCert = certificate
-}
-
 func (t *TofuDigest) Purge(host string) error {
 	host = strings.ToLower(host)
 	if host == "*" {
@@ -187,10 +177,6 @@ func Retrieve(host, port, resource string, td *TofuDigest) (string, error) {
 		InsecureSkipVerify: true,
 	}
 
-	conf.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
-		return &td.ClientCert, nil
-	}
-
 	conn, err := tls.DialWithDialer(&net.Dialer{Timeout: TlsTimeout}, "tcp", addr, conf)
 	if err != nil {
 		return "", fmt.Errorf("TLS Dial Error: %s", err.Error())
@@ -284,7 +270,7 @@ func Fetch(host, port, resource string, td *TofuDigest) ([]byte, error) {
 		case 5:
 			return make([]byte, 0), fmt.Errorf("[5] Permanent Failure.")
 		case 6:
-			return make([]byte, 0), fmt.Errorf("[6] Client Certificate Required")
+			return make([]byte, 0), fmt.Errorf("[6] Client Certificate Required (Unsupported)")
 		default:
 			return make([]byte, 0), fmt.Errorf("Invalid response status from server")
 		}
@@ -364,7 +350,7 @@ func Visit(host, port, resource string, td *TofuDigest) (Capsule, error) {
 	case 5:
 		return capsule, fmt.Errorf("[5] Permanent Failure. %s", header[1])
 	case 6:
-		return capsule, fmt.Errorf("[6] Client Certificate Required")
+		return capsule, fmt.Errorf("[6] Client Certificate Required (Unsupported)")
 	default:
 		return capsule, fmt.Errorf("Invalid response status from server")
 	}
@@ -449,5 +435,5 @@ func MakeCapsule() Capsule {
 }
 
 func MakeTofuDigest() TofuDigest {
-	return TofuDigest{make(map[string]string), tls.Certificate{}}
+	return TofuDigest{make(map[string]string)}
 }

main.go

@@ -153,8 +153,8 @@ func loadConfig() {
 		if len(vals) < 2 {
 			continue
 		}
-		ts, err := strconv.ParseInt(vals[1], 10, 64)
 		now := time.Now()
+		ts, err := strconv.ParseInt(vals[1], 10, 64)
 		if err != nil || now.Unix() > ts {
 			continue
 		}
@@ -168,9 +168,6 @@ func loadConfig() {
 func initClient() {
 	bombadillo = MakeClient("  ((( Bombadillo )))  ")
 	loadConfig()
-	if bombadillo.Options["tlscertificate"] != "" && bombadillo.Options["tlskey"] != "" {
-		bombadillo.Certs.LoadCertificate(bombadillo.Options["tlscertificate"], bombadillo.Options["tlskey"])
-	}
 }
 
 // In the event of specific signals, ensure the display is shown correctly.