shithub: riscv

ref: fe1eb39db7ae6904924f3ab1f6f9b34416f2eb1b
dir: /sys/src/cmd/upas/fs/tls.c/

View raw version
#include "common.h"
#include <libsec.h>
#include <auth.h>
#include "dat.h"

int
wraptls(int ofd, char *host)
{
	Thumbprint *thumb;
	TLSconn conn;
	int fd;

	memset(&conn, 0, sizeof conn);
	conn.serverName = host;
	fd = tlsClient(ofd, &conn);
	if(fd < 0){
		close(ofd);
		return -1;
	}
	thumb = initThumbprints("/sys/lib/tls/mail", "/sys/lib/tls/mail.exclude", "x509");
	if(thumb != nil){
		if(!okCertificate(conn.cert, conn.certlen, thumb)){
			werrstr("cert for %s not recognized: %r", host);
			close(fd);
			fd = -1;
		}
		freeThumbprints(thumb);
	}
	free(conn.cert);
	free(conn.sessionID);
	return fd;
}