shithub: riscv

--- a/sys/man/8/tlssrv

+++ b/sys/man/8/tlssrv

@@ -45,9 +45,13 @@

 .B -c

-.I cert.pem

+.I clientcert.pem

+.B -d

+.I servercert

+]

+[

 .B -t

 .I trustedkeys

@@ -128,6 +132,13 @@

 flag, causes the client to submit this certificate upon

 server's request. A corresponding key has to be present in

 .IR factotum (4).

+The

+.B -d

+flag writes the server's certificate to the file

+.I servercert

+in binary ASN.1 encoding.

+If the server doesnt provide a certificate, an empty

+file is created.

 If the

 .B -t

 flag

--- a/sys/src/cmd/tlsclient.c

+++ b/sys/src/cmd/tlsclient.c

@@ -6,12 +6,12 @@

 int debug, auth, dialfile;

 char *keyspec = "";

-char *servername, *file, *filex, *ccert;

+char *servername, *file, *filex, *ccert, *dumpcert;

 void

 usage(void)

-	fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");

+	fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c clientcert.pem] [-d servercert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");

 	exits("usage");

@@ -43,13 +43,12 @@

 void

 main(int argc, char **argv)

-	int fd;

+	int fd, dfd;

 	char *addr;

 	TLSconn *conn;

 	Thumbprint *thumb;

 	AuthInfo *ai = nil;

-	fmtinstall('B', mpfmt);

 	fmtinstall('[', encodefmt);

 	fmtinstall('H', encodefmt);

@@ -72,6 +71,9 @@

 	case 'c':

 		ccert = EARGF(usage());

 		break;

+	case 'd':

+		dumpcert = EARGF(usage());

+		break;

 	case 'n':

 		servername = EARGF(usage());

 		break;

@@ -123,6 +125,15 @@

 	fd = tlsClient(fd, conn);

 	if(fd < 0)

 		sysfatal("tlsclient: %r");

+	if(dumpcert){

+		if((dfd = create(dumpcert, OWRITE, 0666)) < 0)

+			sysfatal("create: %r");

+		if(conn->cert != nil)

+			write(dfd, conn->cert, conn->certlen);

+		write(dfd, "", 0);

+		close(dfd);

+	}

 	if(thumb){

 		if(!okCertificate(conn->cert, conn->certlen, thumb))