X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=cmd%2Ftlsc%2Fmain.go;h=7f1651a9301f5d2a4d7eca353d958098a37509ca;hb=57c1e9924fef3fe07dfa9b3d5b996b50d0c08f17;hp=8d32b827275c3805628f61dd3f00a836207c9c74;hpb=c39958cb57c7a598f668a15a3d793a2ab708b193;p=ucspi.git

diff --git a/cmd/tlsc/main.go b/cmd/tlsc/main.go
index 8d32b82..7f1651a 100644
--- a/cmd/tlsc/main.go
+++ b/cmd/tlsc/main.go
@@ -41,6 +41,7 @@ func main() {
 	prvPath := flag.String("key", "", "Path to client PKCS#8 private key")
 	casPath := flag.String("ca", "", "Path to CA certificates file")
 	hostname := flag.String("name", "example.com", "Expected server's hostname")
+	insecure := flag.Bool("insecure", false, "Insecure mode")
 	fpr := flag.String("fpr", "", "Expected SHA256 hash of server certificate's SPKI")
 	flag.Usage = func() {
 		fmt.Fprintf(os.Stderr, `Usage: tcpclient host port tlsc -name expected.name
@@ -59,9 +60,10 @@ func main() {
 	}
 
 	cfg := &tls.Config{}
-	if *hostname == "" || *onlyShow {
+	if *hostname == "" || *onlyShow || *insecure {
 		cfg.InsecureSkipVerify = true
-	} else {
+	}
+	if *hostname != "" {
 		cfg.ServerName = *hostname
 	}
 	if *crtPath != "" {
@@ -80,7 +82,7 @@ func main() {
 	}
 	if *casPath != "" {
 		var err error
-		cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
+		_, cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
 		if err != nil {
 			log.Fatalln(err)
 		}
@@ -114,8 +116,10 @@ func main() {
 	connState := tlsConn.ConnectionState()
 	if *onlyShow {
 		fmt.Fprintf(
-			os.Stderr, "Version: %04x\nCipherSuite: %s\n",
-			connState.Version, tls.CipherSuiteName(connState.CipherSuite),
+			os.Stderr,
+			"Version: %s\nCipherSuite: %s\n",
+			ucspi.TLSVersion(connState.Version),
+			tls.CipherSuiteName(connState.CipherSuite),
 		)
 		for _, cert := range connState.PeerCertificates {
 			os.Stderr.WriteString("\n")