astro

Unnamed repository; edit this file 'description' to name the repository.
git clone git://git.clttr.info/astro.git
Log (Feed) | Files | Refs (Tags) | README | LICENSE

commit 1a3110090d7bd1d99c64c85bda63b61161493837
parent a53923305cb3053fd6881c2f593845ba78deb628
Author: Brian Mayer <bleemayer@gmail.com>
Date:   Thu, 16 Dec 2021 18:14:27 -0300

Merge pull request #11 from guzzisti/main

implement basic client cert handling
Diffstat:
MREADME.md | 10+++++++++-
Mastro | 20+++++++++++++++++---
2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md @@ -26,6 +26,15 @@ no arguments takes you to *gemini.circumlunar.space*: `astro` +### Client certificates + +astro can work with client certificates if capsules requires them for authentication. + +astro allows a single client certificate per (sub)domain identified by it's name. If a client cert for a specific domain is available astro will send it to the server with every request. + +When a resource requires a client cert and astro can't find one it will show you a command to create a client cert for the capsule. The certicates are stored in `~/.config/astro/certs/`. + +To remove a certificate simply delete the `<domain>.crt` and `<domain>.key` files in the directory mentioned above. ### Key bindings @@ -41,7 +50,6 @@ no arguments takes you to *gemini.circumlunar.space*: More coming. - ### Configuration You can setup a config file at `~/.config/astro/astro.conf` to configure *astro* the way you like. diff --git a/astro b/astro @@ -105,8 +105,15 @@ fetch() { echo "$1://$2:$3/$4$5" >> "$histfile" clear - echo "$1://$2:$3/$4$5" | openssl s_client \ - -connect "$2:$3" -crlf -quiet \ + certfile="" + if [ -f "$certdir/$2.crt" ] && [ -f "$certdir/$2.key" ] + then + certfile="-cert \"$certdir/$2.crt\" -key \"$certdir/$2.key\"" + [ "$debug" ] && echo "using client cert for domain: $certfile" >&2 + fi + + echo "$1://$2:$3/$4$5" | eval openssl s_client \ + -connect "$2:$3" $certfile -crlf -quiet \ -ign_eof 2> /dev/null | { # First line is status and meta information @@ -168,6 +175,11 @@ fetch() { return 12 ;; 60) + echo "client certificate required, to create a client cert use the following command:" >&2 + echo "openssl req -x509 -newkey rsa:4096 \\" >&2 + echo " -keyout $certdir/$2.key \\" >&2 + echo " -out $certdir/$2.crt \\" >&2 + echo " -days 36500 -nodes" >&2 return 13 ;; 61) @@ -298,10 +310,12 @@ confighome=${XDG_CONFIG_HOME:-$HOME/.config} mkdir -p "$confighome/astro" configfile="$confighome/astro/astro.conf" bookmarkfile="$confighome/astro/bookmarks" +certdir="$confighome/astro/certs" +mkdir -p "$certdir" cachehome=${XDG_CACHE_HOME:-$HOME/.cache} -mkdir -p "$cachehome/astro" cachedir="$cachehome/astro" +mkdir -p "$cachedir" histfile="$cachedir/history" # move old bookmark file to new location