X-Git-Url: http://www.git.cypherpunks.ru/?p=ucspi.git;a=blobdiff_plain;f=cmd%2Ftlsc%2Fmain.go;h=2d130b1702684233ad53f29367e179b95eab963c;hp=4f432cf7e0f1d2863e182bcbf6b4fd7aea568bf2;hb=f519c4e470d63240c045c27951df3ed9de0471e9;hpb=32dd5994ea99710340a8845140d5cc4b10fec0fd

diff --git a/cmd/tlsc/main.go b/cmd/tlsc/main.go
index 4f432cf..2d130b1 100644
--- a/cmd/tlsc/main.go
+++ b/cmd/tlsc/main.go
@@ -1,6 +1,6 @@
 /*
 ucspi/cmd/tlsc -- UCSPI TLS client
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -41,6 +41,7 @@ func main() {
 	prvPath := flag.String("key", "", "Path to client PKCS#8 private key")
 	casPath := flag.String("ca", "", "Path to CA certificates file")
 	hostname := flag.String("name", "example.com", "Expected server's hostname")
+	insecure := flag.Bool("insecure", false, "Insecure mode")
 	fpr := flag.String("fpr", "", "Expected SHA256 hash of server certificate's SPKI")
 	flag.Usage = func() {
 		fmt.Fprintf(os.Stderr, `Usage: tcpclient host port tlsc -name expected.name
@@ -59,7 +60,7 @@ func main() {
 	}
 
 	cfg := &tls.Config{}
-	if *hostname == "" || *onlyShow {
+	if *hostname == "" || *onlyShow || *insecure {
 		cfg.InsecureSkipVerify = true
 	}
 	if *hostname != "" {
@@ -81,7 +82,7 @@ func main() {
 	}
 	if *casPath != "" {
 		var err error
-		cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
+		_, cfg.RootCAs, err = ucspi.CertPoolFromFile(*casPath)
 		if err != nil {
 			log.Fatalln(err)
 		}
@@ -101,12 +102,9 @@ func main() {
 		}
 	}
 
-	conn := &ucspi.Conn{R: os.NewFile(6, "R"), W: os.NewFile(7, "W")}
-	if conn.R == nil {
-		log.Fatalln("no 6 file descriptor")
-	}
-	if conn.W == nil {
-		log.Fatalln("no 7 file descriptor")
+	conn, err := ucspi.NewConn(os.NewFile(6, "R"), os.NewFile(7, "W"))
+	if err != nil {
+		log.Fatalln(err)
 	}
 	tlsConn := tls.Client(conn, cfg)
 	if err := tlsConn.Handshake(); err != nil {
@@ -115,8 +113,10 @@ func main() {
 	connState := tlsConn.ConnectionState()
 	if *onlyShow {
 		fmt.Fprintf(
-			os.Stderr, "Version: %04x\nCipherSuite: %s\n",
-			connState.Version, tls.CipherSuiteName(connState.CipherSuite),
+			os.Stderr,
+			"Version: %s\nCipherSuite: %s\n",
+			ucspi.TLSVersion(connState.Version),
+			tls.CipherSuiteName(connState.CipherSuite),
 		)
 		for _, cert := range connState.PeerCertificates {
 			os.Stderr.WriteString("\n")
@@ -151,17 +151,18 @@ func main() {
 	if err = cmd.Start(); err != nil {
 		log.Fatalln(err)
 	}
-	copiers := make(chan struct{})
+	worker := make(chan struct{})
 	go func() {
 		io.Copy(rw, tlsConn)
 		rw.Close()
-		close(copiers)
+		close(worker)
 	}()
 	go func() {
 		io.Copy(tlsConn, wr)
 	}()
 	_, err = cmd.Process.Wait()
-	<-copiers
+	<-worker
+	tlsConn.Close()
 	if err != nil {
 		log.Fatalln(err)
 	}