Add -g for generating certificates

Copied from pounce.
weechat-hashes
C. McEnroe 2020-02-13 01:39:25 -05:00
parent 0a772ff139
commit fcfbe8a14c
3 changed files with 69 additions and 1 deletions

View File

@ -27,6 +27,9 @@
.Op Fl w Ar pass
.Op Ar config ...
.
.Nm
.Fl g Ar cert
.
.Sh DESCRIPTION
The
.Nm
@ -122,12 +125,22 @@ it is loaded with
With
.Fl e ,
authenticate using SASL EXTERNAL.
Certificates can be generated with
.Fl g .
.
.It Fl e , Cm sasl-external
Authenticate using SASL EXTERNAL,
also known as CertFP.
The TLS client certificate is loaded with
.Fl c .
For more information, see
.Sx Configuring CertFP .
.
.It Fl g Ar path
Generate a TLS client certificate using
.Xr openssl 1
and write it to
.Ar path .
.
.It Fl h Ar host , Cm host = Ar host
Connect to
@ -185,6 +198,38 @@ Log in with the server password
.Ar pass .
.El
.
.Ss Configuring CertFP
.Bl -enum
.It
Generate a new TLS client certificate:
.Bd -literal -offset indent
catgirl -g ~/.config/catgirl/example.pem
.Ed
.It
Connect to the server using the certificate:
.Bd -literal -offset indent
cert = example.pem
# or: catgirl -c example.pem
.Ed
.It
Identify with services or use
.Cm sasl-plain ,
then add the certificate fingerprint
to your account:
.Bd -literal -offset indent
/msg NickServ CERT ADD
.Ed
.It
Enable SASL EXTERNAL
to require successful authentication
when connecting:
.Bd -literal -offset indent
cert = example.pem
sasl-external
# or: catgirl -e -c example.pem
.Ed
.El
.
.Sh COMMANDS
Any unique prefix can be used to abbreviate a command.
For example,

23
chat.c
View File

@ -25,12 +25,32 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sysexits.h>
#include <unistd.h>
#include "chat.h"
#ifndef OPENSSL_BIN
#define OPENSSL_BIN "openssl"
#endif
static void genCert(const char *path) {
const char *name = strrchr(path, '/');
name = (name ? &name[1] : path);
char subj[256];
snprintf(subj, sizeof(subj), "/CN=%.*s", (int)strcspn(name, "."), name);
umask(0066);
execlp(
OPENSSL_BIN, "openssl", "req",
"-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "3650",
"-nodes", "-subj", subj, "-out", path, "-keyout", path,
NULL
);
err(EX_UNAVAILABLE, "openssl");
}
char *idNames[IDCap] = {
[None] = "<none>",
[Debug] = "<debug>",
@ -94,7 +114,7 @@ int main(int argc, char *argv[]) {
const char *user = NULL;
const char *real = NULL;
const char *Opts = "!C:H:N:O:RS:a:c:eh:j:k:n:p:r:s:u:vw:";
const char *Opts = "!C:H:N:O:RS:a:c:eg:h:j:k:n:p:r:s:u:vw:";
const struct option LongOpts[] = {
{ "insecure", no_argument, NULL, '!' },
{ "copy", required_argument, NULL, 'C' },
@ -132,6 +152,7 @@ int main(int argc, char *argv[]) {
break; case 'a': sasl = true; self.plain = optarg;
break; case 'c': cert = optarg;
break; case 'e': sasl = true;
break; case 'g': genCert(optarg);
break; case 'h': host = optarg;
break; case 'j': self.join = optarg;
break; case 'k': priv = optarg;

2
configure vendored
View File

@ -10,6 +10,7 @@ case "$(uname)" in
prefix=$(pkg query '%p' libressl)
cat >config.mk <<-EOF
CFLAGS += -I${prefix}/include
CFLAGS += -D'OPENSSL_BIN="${prefix}/bin/openssl"'
LDFLAGS += -L${prefix}/lib
EOF
exit
@ -21,6 +22,7 @@ pkg-config --print-errors $libs
cat >config.mk <<EOF
CFLAGS += $(pkg-config --cflags $libs)
CFLAGS += -D'OPENSSL_BIN="$(pkg-config --variable=prefix openssl)/bin/openssl"'
LDFLAGS += $(pkg-config --libs-only-L $libs)
LDLIBS = $(pkg-config --libs-only-l $libs)
EOF