post
This commit is contained in:
parent
e236bb9495
commit
ba3bccbc94
|
@ -0,0 +1,37 @@
|
|||
In my last post I covered 9front server side tls - now we begin the client side.
|
||||
|
||||
I found that most of the user space tls stuff is not *that* interesting or it's stuff for another post.
|
||||
So, we'll jump right in to C
|
||||
|
||||
*Thinks back to earlier today*
|
||||
|
||||
orthanc% ./sha1sum -3 256 /amd64/9pc64
|
||||
sha1sum 238299: suicide: sys: trap: fault write addr=0x0 pc=0x00006afb
|
||||
|
||||
*screams*
|
||||
|
||||
Ok, but thats for the next post. Back to tls. This is scary easy stuff.
|
||||
|
||||
"dial" your server
|
||||
|
||||
int fd = dial("tcp!server!port")
|
||||
|
||||
Create a tls connection, this lets you seek for info on your connection (say, certs)
|
||||
|
||||
conn = (TLSconn*)mallocz(sizeof *conn, 1);
|
||||
|
||||
start the tls "pipe"
|
||||
|
||||
fd = tlsClient(fd, conn);
|
||||
|
||||
Now you can read and write using that fd like you would on the server side, but you should check those certs
|
||||
|
||||
if(!okCertificate(conn->cert, conn->certlen, table))
|
||||
sysfatal("suspect server: %r");
|
||||
|
||||
I do know that there is no real CA validation as of now, I may work on fixing that.
|
||||
|
||||
Ok, that's all I have for now, see you next post.
|
||||
|
||||
--
|
||||
Fulton
|
Loading…
Reference in New Issue