ref: 6ff5c10ffb06d10eee06f1d432f9cc4738496c07
dir: /sys/src/cmd/upas/fs/tls.c/
#include "common.h" #include <libsec.h> #include <auth.h> #include "dat.h" int wraptls(int ofd, char *host) { uchar digest[SHA1dlen]; Thumbprint *thumb; TLSconn conn; int fd; memset(&conn, 0, sizeof conn); conn.serverName = host; fd = tlsClient(ofd, &conn); if(fd < 0){ close(ofd); return -1; } thumb = initThumbprints("/sys/lib/tls/mail", "/sys/lib/tls/mail.exclude"); if(thumb != nil){ if(conn.cert == nil || conn.certlen <= 0){ werrstr("server did not provide TLS certificate"); goto Err; } sha1(conn.cert, conn.certlen, digest, nil); if(!okThumbprint(digest, thumb)){ werrstr("server certificate %.*H not recognized", SHA1dlen, digest); Err: close(fd); fd = -1; } freeThumbprints(thumb); } free(conn.cert); free(conn.sessionID); return fd; }