From 21e87706aab34a2853d8db13007db9c2a8cc96a0 Mon Sep 17 00:00:00 2001 From: sloum Date: Thu, 2 Jul 2020 11:51:07 -0700 Subject: [PATCH] Removes gemini client certificate support from Bombadillo --- bombadillo.1 | 10 +--------- client.go | 4 +--- gemini/gemini.go | 16 +--------------- main.go | 5 +---- 4 files changed, 4 insertions(+), 31 deletions(-) diff --git a/bombadillo.1 b/bombadillo.1 index c8b19a0..8de8859 100644 --- a/bombadillo.1 +++ b/bombadillo.1 @@ -33,7 +33,7 @@ Gopher is the default protocol for \fBbombadillo\fP. Any textual item types will .TP .B gemini -Gemini is supported, but as a new protocol with an incomplete specification, features may change over time. At present Bombadillo supports TLS with a trust on first use certificate pinning system (similar to SSH). Client certificates are also supported as a configurable option. Gemini maps and other text types are rendered in the browser and non-text types will be downloaded. +Gemini is supported, but as a new protocol with an incomplete specification, features may change over time. At present Bombadillo supports TLS with a trust on first use certificate pinning system (similar to SSH). Gemini maps and other text types are rendered in the browser and non-text types will be downloaded. .TP .B finger @@ -257,14 +257,6 @@ theme Can toggle between visual modes. Valid values are \fInormal\fP, \fIcolor\fP, and \fIinverse\fP. When set to inverse, the normal mode colors are inverted. Both normal and inverse modes filter out terminal escape sequences. When set to color, Bombadillo will render terminal escape sequences representing colors when it finds them in documents. .TP .B -tlscertificate -A path to a tls certificate file on a user's local filesystem. Defaults to NULL. Both \fItlscertificate\fP and \fItlskey\fP must be set for client certificates to work in gemini. -.TP -.B -tlskey -A path to a tls key that pairs with the tlscertificate setting, on a user's local filesystem. Defaults to NULL. Both \fItlskey\fP and \fItlscertificate\fP must be set for client certificates to work in gemini. -.TP -.B webmode Controls behavior when following web links. The following values are valid: \fInone\fP will disable following web links, \fIgui\fP will have the browser attempt to open web links in a user's default graphical web browser; \fIlynx\fP, \fIw3m\fP, and \fIelinks\fP will have the browser attempt to use the selected terminal web browser to handle the rendering of web pages and will display the pages directly in Bombadillo. diff --git a/client.go b/client.go index 25d7723..53f50fa 100644 --- a/client.go +++ b/client.go @@ -451,9 +451,7 @@ func (c *client) doCommandAs(action string, values []string) { return } c.Options[values[0]] = lowerCaseOpt(values[0], val) - if values[0] == "tlskey" || values[0] == "tlscertificate" { - c.Certs.LoadCertificate(c.Options["tlscertificate"], c.Options["tlskey"]) - } else if values[0] == "geminiblocks" { + if values[0] == "geminiblocks" { gemini.BlockBehavior = c.Options[values[0]] } else if values[0] == "configlocation" { c.SetMessage("Cannot set READ ONLY setting 'configlocation'", true) diff --git a/gemini/gemini.go b/gemini/gemini.go index 44c8545..40e07d7 100644 --- a/gemini/gemini.go +++ b/gemini/gemini.go @@ -22,7 +22,6 @@ type Capsule struct { type TofuDigest struct { certs map[string]string - ClientCert tls.Certificate } var BlockBehavior = "block" @@ -31,15 +30,6 @@ var BlockBehavior = "block" // + + + R E C E I V E R S + + + \\ //--------------------------------------------------\\ -func (t *TofuDigest) LoadCertificate(cert, key string) { - certificate, err := tls.LoadX509KeyPair(cert, key) - if err != nil { - t.ClientCert = tls.Certificate{} - return - } - t.ClientCert = certificate -} - func (t *TofuDigest) Purge(host string) error { host = strings.ToLower(host) if host == "*" { @@ -185,10 +175,6 @@ func Retrieve(host, port, resource string, td *TofuDigest) (string, error) { InsecureSkipVerify: true, } - conf.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) { - return &td.ClientCert, nil - } - conn, err := tls.Dial("tcp", addr, conf) if err != nil { return "", fmt.Errorf("TLS Dial Error: %s", err.Error()) @@ -444,5 +430,5 @@ func MakeCapsule() Capsule { } func MakeTofuDigest() TofuDigest { - return TofuDigest{make(map[string]string), tls.Certificate{}} + return TofuDigest{make(map[string]string)} } diff --git a/main.go b/main.go index 28fcf36..9a35d84 100644 --- a/main.go +++ b/main.go @@ -143,8 +143,8 @@ func loadConfig() { if len(vals) < 2 { continue } - ts, err := strconv.ParseInt(vals[1], 10, 64) now := time.Now() + ts, err := strconv.ParseInt(vals[1], 10, 64) if err != nil || now.Unix() > ts { continue } @@ -158,9 +158,6 @@ func loadConfig() { func initClient() { bombadillo = MakeClient(" ((( Bombadillo ))) ") loadConfig() - if bombadillo.Options["tlscertificate"] != "" && bombadillo.Options["tlskey"] != "" { - bombadillo.Certs.LoadCertificate(bombadillo.Options["tlscertificate"], bombadillo.Options["tlskey"]) - } } // In the event of specific signals, ensure the display is shown correctly.