diff options
author | Fulton Browne <git@fulton.software> | 2021-05-31 16:56:20 +0000 |
---|---|---|
committer | Fulton Browne <git@fulton.software> | 2021-05-31 16:56:20 +0000 |
commit | ba3bccbc941088de8778c863a814735a03bedc5b (patch) | |
tree | 1a8a001b1cc4e3344bbffc0024990f970ca8c1d9 | |
parent | e236bb9495b554a6b30bdb01e57340b24c62d140 (diff) | |
download | gemini-ba3bccbc941088de8778c863a814735a03bedc5b.tar.gz |
post
-rw-r--r-- | posts/2021-05-31+9front+tls+Part+2 | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/posts/2021-05-31+9front+tls+Part+2 b/posts/2021-05-31+9front+tls+Part+2 new file mode 100644 index 0000000..88f0ca4 --- /dev/null +++ b/posts/2021-05-31+9front+tls+Part+2 @@ -0,0 +1,37 @@ +In my last post I covered 9front server side tls - now we begin the client side. + +I found that most of the user space tls stuff is not *that* interesting or it's stuff for another post. +So, we'll jump right in to C + +*Thinks back to earlier today* + +orthanc% ./sha1sum -3 256 /amd64/9pc64 +sha1sum 238299: suicide: sys: trap: fault write addr=0x0 pc=0x00006afb + +*screams* + +Ok, but thats for the next post. Back to tls. This is scary easy stuff. + +"dial" your server + +int fd = dial("tcp!server!port") + +Create a tls connection, this lets you seek for info on your connection (say, certs) + +conn = (TLSconn*)mallocz(sizeof *conn, 1); + +start the tls "pipe" + +fd = tlsClient(fd, conn); + +Now you can read and write using that fd like you would on the server side, but you should check those certs + +if(!okCertificate(conn->cert, conn->certlen, table)) + sysfatal("suspect server: %r"); + +I do know that there is no real CA validation as of now, I may work on fixing that. + +Ok, that's all I have for now, see you next post. + +-- +Fulton |