drwasabi
/
bombadillo
forked from sloum/bombadillo
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request 'Removes support for client certificates in Bombadillo' (#181) from remove-client-certs into release2.3.2 

Reviewed-on: sloum/bombadillo#181
This commit is contained in:
Sloom Sloum Sluom IV 2020-07-10 00:46:48 -04:00
parent a346d78c7b 99fb1ce20b
commit 0e2b80626e
5 changed files with 6 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bombadillo.1
View File

@ -33,7 +33,7 @@ Gopher is the default protocol for \fBbombadillo\fP. Any textual item types will
.TP .TP
.B .B
gemini gemini
Gemini is supported, but as a new protocol with an incomplete specification, features may change over time. At present Bombadillo supports TLS with a trust on first use certificate pinning system (similar to SSH). Client certificates are also supported as a configurable option. Gemini maps and other text types are rendered in the browser and non-text types will be downloaded. Gemini is supported, but as a new protocol with an incomplete specification, features may change over time. At present Bombadillo supports TLS with a trust on first use certificate pinning system (similar to SSH). Gemini maps and other text types are rendered in the browser and non-text types will be downloaded.
.TP .TP
.B .B
finger finger
@ -259,16 +259,6 @@ Can toggle between visual modes. Valid values are \fInormal\fP, \fIcolor\fP, and
.B .B
timeout timeout
The number of seconds after which connections to gopher or gemini servers should time out if the server has not responded. The number of seconds after which connections to gopher or gemini servers should time out if the server has not responded.
.TP
.B
tlscertificate
A path to a tls certificate file on a user's local filesystem. Defaults to NULL. Both \fItlscertificate\fP and \fItlskey\fP must be set for client certificates to work in gemini.
.TP
.B
tlskey
A path to a tls key that pairs with the tlscertificate setting, on a user's local filesystem. Defaults to NULL. Both \fItlskey\fP and \fItlscertificate\fP must be set for client certificates to work in gemini.
.TP
.B
webmode webmode
Controls behavior when following web links. The following values are valid: \fInone\fP will disable following web links, \fIgui\fP will have the browser attempt to open web links in a user's default graphical web browser; \fIlynx\fP, \fIw3m\fP, and \fIelinks\fP will have the browser attempt to use the selected terminal web browser to handle the rendering of web pages and will display the pages directly in Bombadillo. Controls behavior when following web links. The following values are valid: \fInone\fP will disable following web links, \fIgui\fP will have the browser attempt to open web links in a user's default graphical web browser; \fIlynx\fP, \fIw3m\fP, and \fIelinks\fP will have the browser attempt to use the selected terminal web browser to handle the rendering of web pages and will display the pages directly in Bombadillo.

4
client.go
View File

@ -451,9 +451,7 @@ func (c *client) doCommandAs(action string, values []string) {
return return
} }
c.Options[values[0]] = lowerCaseOpt(values[0], val) c.Options[values[0]] = lowerCaseOpt(values[0], val)
if values[0] == "tlskey" || values[0] == "tlscertificate" { if values[0] == "geminiblocks" {
c.Certs.LoadCertificate(c.Options["tlscertificate"], c.Options["tlskey"])
} else if values[0] == "geminiblocks" {
gemini.BlockBehavior = c.Options[values[0]] gemini.BlockBehavior = c.Options[values[0]]
} else if values[0] == "timeout" { } else if values[0] == "timeout" {
updateTimeouts(c.Options[values[0]]) updateTimeouts(c.Options[values[0]])

2
defaults.go
View File

@ -55,8 +55,6 @@ var defaultOptions = map[string]string{
"telnetcommand": "telnet", "telnetcommand": "telnet",
"theme": "normal", // "normal", "inverted", "color" "theme": "normal", // "normal", "inverted", "color"
"timeout": "15", // connection timeout for gopher/gemini in seconds "timeout": "15", // connection timeout for gopher/gemini in seconds
"tlscertificate": "",
"tlskey": "",
"webmode": "none", // "none", "gui", "lynx", "w3m", "elinks" "webmode": "none", // "none", "gui", "lynx", "w3m", "elinks"
} }

20
gemini/gemini.go
View File

@ -23,7 +23,6 @@ type Capsule struct {
type TofuDigest struct { type TofuDigest struct {
certs map[string]string certs map[string]string
ClientCert tls.Certificate
} }
var BlockBehavior string = "block" var BlockBehavior string = "block"
@ -33,15 +32,6 @@ var TlsTimeout time.Duration = time.Duration(15) * time.Second
// + + + R E C E I V E R S + + + \\ // + + + R E C E I V E R S + + + \\
//--------------------------------------------------\\ //--------------------------------------------------\\
func (t *TofuDigest) LoadCertificate(cert, key string) {
certificate, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
t.ClientCert = tls.Certificate{}
return
}
t.ClientCert = certificate
}
func (t *TofuDigest) Purge(host string) error { func (t *TofuDigest) Purge(host string) error {
host = strings.ToLower(host) host = strings.ToLower(host)
if host == "*" { if host == "*" {
@ -187,10 +177,6 @@ func Retrieve(host, port, resource string, td *TofuDigest) (string, error) {
InsecureSkipVerify: true, InsecureSkipVerify: true,
} }
conf.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
return &td.ClientCert, nil
}
conn, err := tls.DialWithDialer(&net.Dialer{Timeout: TlsTimeout}, "tcp", addr, conf) conn, err := tls.DialWithDialer(&net.Dialer{Timeout: TlsTimeout}, "tcp", addr, conf)
if err != nil { if err != nil {
return "", fmt.Errorf("TLS Dial Error: %s", err.Error()) return "", fmt.Errorf("TLS Dial Error: %s", err.Error())
@ -284,7 +270,7 @@ func Fetch(host, port, resource string, td *TofuDigest) ([]byte, error) {
case 5: case 5:
return make([]byte, 0), fmt.Errorf("[5] Permanent Failure.") return make([]byte, 0), fmt.Errorf("[5] Permanent Failure.")
case 6: case 6:
return make([]byte, 0), fmt.Errorf("[6] Client Certificate Required") return make([]byte, 0), fmt.Errorf("[6] Client Certificate Required (Unsupported)")
default: default:
return make([]byte, 0), fmt.Errorf("Invalid response status from server") return make([]byte, 0), fmt.Errorf("Invalid response status from server")
} }
@ -364,7 +350,7 @@ func Visit(host, port, resource string, td *TofuDigest) (Capsule, error) {
case 5: case 5:
return capsule, fmt.Errorf("[5] Permanent Failure. %s", header[1]) return capsule, fmt.Errorf("[5] Permanent Failure. %s", header[1])
case 6: case 6:
return capsule, fmt.Errorf("[6] Client Certificate Required") return capsule, fmt.Errorf("[6] Client Certificate Required (Unsupported)")
default: default:
return capsule, fmt.Errorf("Invalid response status from server") return capsule, fmt.Errorf("Invalid response status from server")
} }
@ -449,5 +435,5 @@ func MakeCapsule() Capsule {
} }
func MakeTofuDigest() TofuDigest { func MakeTofuDigest() TofuDigest {
return TofuDigest{make(map[string]string), tls.Certificate{}} return TofuDigest{make(map[string]string)}
} }

5
main.go
View File

@ -153,8 +153,8 @@ func loadConfig() {
if len(vals) < 2 { if len(vals) < 2 {
continue continue
} }
ts, err := strconv.ParseInt(vals[1], 10, 64)
now := time.Now() now := time.Now()
ts, err := strconv.ParseInt(vals[1], 10, 64)
if err != nil || now.Unix() > ts { if err != nil || now.Unix() > ts {
continue continue
} }
@ -168,9 +168,6 @@ func loadConfig() {
func initClient() { func initClient() {
bombadillo = MakeClient(" ((( Bombadillo ))) ") bombadillo = MakeClient(" ((( Bombadillo ))) ")
loadConfig() loadConfig()
if bombadillo.Options["tlscertificate"] != "" && bombadillo.Options["tlskey"] != "" {
bombadillo.Certs.LoadCertificate(bombadillo.Options["tlscertificate"], bombadillo.Options["tlskey"])
}
} }
// In the event of specific signals, ensure the display is shown correctly. // In the event of specific signals, ensure the display is shown correctly.