Use TOFU even without a file
This commit is contained in:
parent
15db86f766
commit
fddb209549
|
@ -204,16 +204,24 @@ gemini_open(struct gemini *g, const char *url)
|
|||
warn("Could not load: %s", g->tofufile);
|
||||
goto err;
|
||||
}
|
||||
if (g->tofu != NULL) {
|
||||
if (!check_tofu(g->tofu, g->request, hash))
|
||||
goto err;
|
||||
if ((e = set_tofu(&g->tofu, g->request, hash,
|
||||
tls_peer_cert_notafter(g->tls))) < 0)
|
||||
goto err;
|
||||
if (e > 0)
|
||||
g->tofumod = 1;
|
||||
}
|
||||
}
|
||||
/* The certificate against the current list */
|
||||
if (g->tofu != NULL && !check_tofu(g->tofu, g->request, hash))
|
||||
goto err;
|
||||
/*
|
||||
* Add the host's information to the list.
|
||||
* Even without a file-backing this is still useful for
|
||||
* long-running clients.
|
||||
* open gemini://example.com
|
||||
* redirect gemini://example.com/
|
||||
* input gemini://example.com/?inputdata
|
||||
* redirect gemini://example.com/some/path
|
||||
*/
|
||||
if ((e = set_tofu(&g->tofu, g->request, hash,
|
||||
tls_peer_cert_notafter(g->tls))) < 0)
|
||||
goto err;
|
||||
if (e > 0)
|
||||
g->tofumod = 1;
|
||||
/* Construct the request */
|
||||
(void)memcpy(g->request, url, urllen);
|
||||
g->request[g->reqlen - 2] = '\r';
|
||||
|
|
Loading…
Reference in New Issue