diff options
Diffstat (limited to 'xombrero.c')
-rw-r--r-- | xombrero.c | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/xombrero.c b/xombrero.c index 53b68f3..cd24a6d 100644 --- a/xombrero.c +++ b/xombrero.c @@ -2000,6 +2000,51 @@ done: return (rv); } +gnutls_x509_crt_t * +get_local_cert_chain(const char *uri, size_t *ncerts, const char **error_str, + const char *dir) +{ + SoupURI *su; + unsigned char cert_buf[64 * 1024] = {0}; + gnutls_datum_t data; + unsigned int len = UINT_MAX; + int bytes_read; + char file[PATH_MAX]; + FILE *f; + gnutls_x509_crt_t *certs; + + if ((su = soup_uri_new(uri)) == NULL) { + *error_str = "Invalid URI"; + return (NULL); + } + + snprintf(file, sizeof file, "%s" PS "%s", dir, su->host); + if ((f = fopen(file, "r")) == NULL) { + *error_str = "Could not read local cert"; + return (NULL); + } + + bytes_read = fread(cert_buf, sizeof *cert_buf, sizeof cert_buf, f); + if (bytes_read == 0) { + *error_str = "Could not read local cert"; + return (NULL); + } + + data.data = cert_buf; + data.size = bytes_read; + certs = g_malloc(sizeof *certs); + *ncerts = INT_MAX; + if (gnutls_x509_crt_list_import(certs, &len, &data, + GNUTLS_X509_FMT_PEM, 0) < 0) { + *error_str = "Error reading local cert chain"; + return (NULL); + } + + *ncerts = len; + return (certs); +} + + int cert_cmd(struct tab *t, struct karg *args) { @@ -2024,6 +2069,23 @@ cert_cmd(struct tab *t, struct karg *args) return (1); } + /* + * if we're only showing the local certs, don't open a socket and get + * the remote certs + */ + if (args->i & XT_SHOW && args->i & XT_CACHE) { + certs = get_local_cert_chain(uri, &cert_count, &error_str, + certs_cache_dir); + if (error_str == NULL) { + show_certs(t, certs, cert_count, "Certificate Chain"); + free_connection_certs(certs, cert_count); + } else { + show_oops(t, "%s", error_str); + return (1); + } + return (0); + } + if ((s = connect_socket_from_uri(uri, &error_str, domain, sizeof domain)) == -1) { show_oops(t, "%s", error_str); |