summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorFulton Browne <git@fulton.software>2021-05-31 16:56:20 +0000
committerFulton Browne <git@fulton.software>2021-05-31 16:56:20 +0000
commitba3bccbc941088de8778c863a814735a03bedc5b (patch)
tree1a8a001b1cc4e3344bbffc0024990f970ca8c1d9
parente236bb9495b554a6b30bdb01e57340b24c62d140 (diff)
downloadgemini-ba3bccbc941088de8778c863a814735a03bedc5b.tar.gz
post
-rw-r--r--posts/2021-05-31+9front+tls+Part+237
1 files changed, 37 insertions, 0 deletions
diff --git a/posts/2021-05-31+9front+tls+Part+2 b/posts/2021-05-31+9front+tls+Part+2
new file mode 100644
index 0000000..88f0ca4
--- /dev/null
+++ b/posts/2021-05-31+9front+tls+Part+2
@@ -0,0 +1,37 @@
+In my last post I covered  9front server side tls - now we begin the client side.
+
+I found that most of the user space tls stuff is not *that* interesting or it's stuff for another post.
+So, we'll jump right in to C
+
+*Thinks back to earlier today*
+
+orthanc% ./sha1sum -3 256 /amd64/9pc64
+sha1sum 238299: suicide: sys: trap: fault write addr=0x0 pc=0x00006afb
+
+*screams*
+
+Ok, but thats for the next post. Back to tls. This is scary easy stuff.
+
+"dial" your server
+
+int fd = dial("tcp!server!port")
+
+Create a tls connection, this lets you seek for info on your connection (say, certs)
+
+conn = (TLSconn*)mallocz(sizeof *conn, 1);
+
+start the tls "pipe"
+
+fd = tlsClient(fd, conn);
+
+Now you can read and write using that fd like you would on the server side, but you should check those certs
+
+if(!okCertificate(conn->cert, conn->certlen, table))
+	sysfatal("suspect server: %r");
+
+I do know that there is no real CA validation as of now, I may work on fixing that. 
+
+Ok, that's all I have for now, see you next post.
+
+--
+Fulton