]> Cypherpunks.ru repositories - ucspi.git/blobdiff - cmd/tlsc/main.go
projects / ucspi.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Raised copyright years
[ucspi.git] / cmd / tlsc / main.go
diff --git a/cmd/tlsc/main.go b/cmd/tlsc/main.go
index 8d32b827275c3805628f61dd3f00a836207c9c74..2d130b1702684233ad53f29367e179b95eab963c 100644 (file)
--- a/cmd/tlsc/main.go
+++ b/cmd/tlsc/main.go
@@ -1,6 +1,6 @@
 /*
 ucspi/cmd/tlsc -- UCSPI TLS client
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -41,6 +41,7 @@ func main() {
        prvPath := flag.String("key", "", "Path to client PKCS#8 private key")
        casPath := flag.String("ca", "", "Path to CA certificates file")
        hostname := flag.String("name", "example.com", "Expected server's hostname")
+       insecure := flag.Bool("insecure", false, "Insecure mode")
        fpr := flag.String("fpr", "", "Expected SHA256 hash of server certificate's SPKI")
        flag.Usage = func() {
                fmt.Fprintf(os.Stderr, `Usage: tcpclient host port tlsc -name expected.name
@@ -59,9 +60,10 @@ func main() {
        }
 
        cfg := &tls.Config{}
-       if *hostname == "" || *onlyShow {
+       if *hostname == "" || *onlyShow || *insecure {
                cfg.InsecureSkipVerify = true
-       } else {
+       }
+       if *hostname != "" {
                cfg.ServerName = *hostname
        }
        if *crtPath != "" {
@@ -80,7 +82,7 @@ func main() {
        }
        if *casPath != "" {
                var err error
-               cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
+               _, cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
                if err != nil {
                        log.Fatalln(err)
                }
@@ -100,12 +102,9 @@ func main() {
                }
        }
 
-       conn := &ucspi.Conn{R: os.NewFile(6, "R"), W: os.NewFile(7, "W")}
-       if conn.R == nil {
-               log.Fatalln("no 6 file descriptor")
-       }
-       if conn.W == nil {
-               log.Fatalln("no 7 file descriptor")
+       conn, err := ucspi.NewConn(os.NewFile(6, "R"), os.NewFile(7, "W"))
+       if err != nil {
+               log.Fatalln(err)
        }
        tlsConn := tls.Client(conn, cfg)
        if err := tlsConn.Handshake(); err != nil {
@@ -114,8 +113,10 @@ func main() {
        connState := tlsConn.ConnectionState()
        if *onlyShow {
                fmt.Fprintf(
-                       os.Stderr, "Version: %04x\nCipherSuite: %s\n",
-                       connState.Version, tls.CipherSuiteName(connState.CipherSuite),
+                       os.Stderr,
+                       "Version: %s\nCipherSuite: %s\n",
+                       ucspi.TLSVersion(connState.Version),
+                       tls.CipherSuiteName(connState.CipherSuite),
                )
                for _, cert := range connState.PeerCertificates {
                        os.Stderr.WriteString("\n")
@@ -150,17 +151,18 @@ func main() {
        if err = cmd.Start(); err != nil {
                log.Fatalln(err)
        }
-       copiers := make(chan struct{})
+       worker := make(chan struct{})
        go func() {
                io.Copy(rw, tlsConn)
                rw.Close()
-               close(copiers)
+               close(worker)
        }()
        go func() {
                io.Copy(tlsConn, wr)
        }()
        _, err = cmd.Process.Wait()
-       <-copiers
+       <-worker
+       tlsConn.Close()
        if err != nil {
                log.Fatalln(err)
        }
UCSPI-related utilities