commit 1a3110090d7bd1d99c64c85bda63b61161493837
parent a53923305cb3053fd6881c2f593845ba78deb628
Author: Brian Mayer <bleemayer@gmail.com>
Date: Thu, 16 Dec 2021 18:14:27 -0300
Merge pull request #11 from guzzisti/main
implement basic client cert handling
Diffstat:
2 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
@@ -26,6 +26,15 @@ no arguments takes you to *gemini.circumlunar.space*:
`astro`
+### Client certificates
+
+astro can work with client certificates if capsules requires them for authentication.
+
+astro allows a single client certificate per (sub)domain identified by it's name. If a client cert for a specific domain is available astro will send it to the server with every request.
+
+When a resource requires a client cert and astro can't find one it will show you a command to create a client cert for the capsule. The certicates are stored in `~/.config/astro/certs/`.
+
+To remove a certificate simply delete the `<domain>.crt` and `<domain>.key` files in the directory mentioned above.
### Key bindings
@@ -41,7 +50,6 @@ no arguments takes you to *gemini.circumlunar.space*:
More coming.
-
### Configuration
You can setup a config file at `~/.config/astro/astro.conf` to configure *astro* the way you like.
diff --git a/astro b/astro
@@ -105,8 +105,15 @@ fetch() {
echo "$1://$2:$3/$4$5" >> "$histfile"
clear
- echo "$1://$2:$3/$4$5" | openssl s_client \
- -connect "$2:$3" -crlf -quiet \
+ certfile=""
+ if [ -f "$certdir/$2.crt" ] && [ -f "$certdir/$2.key" ]
+ then
+ certfile="-cert \"$certdir/$2.crt\" -key \"$certdir/$2.key\""
+ [ "$debug" ] && echo "using client cert for domain: $certfile" >&2
+ fi
+
+ echo "$1://$2:$3/$4$5" | eval openssl s_client \
+ -connect "$2:$3" $certfile -crlf -quiet \
-ign_eof 2> /dev/null | {
# First line is status and meta information
@@ -168,6 +175,11 @@ fetch() {
return 12
;;
60)
+ echo "client certificate required, to create a client cert use the following command:" >&2
+ echo "openssl req -x509 -newkey rsa:4096 \\" >&2
+ echo " -keyout $certdir/$2.key \\" >&2
+ echo " -out $certdir/$2.crt \\" >&2
+ echo " -days 36500 -nodes" >&2
return 13
;;
61)
@@ -298,10 +310,12 @@ confighome=${XDG_CONFIG_HOME:-$HOME/.config}
mkdir -p "$confighome/astro"
configfile="$confighome/astro/astro.conf"
bookmarkfile="$confighome/astro/bookmarks"
+certdir="$confighome/astro/certs"
+mkdir -p "$certdir"
cachehome=${XDG_CACHE_HOME:-$HOME/.cache}
-mkdir -p "$cachehome/astro"
cachedir="$cachehome/astro"
+mkdir -p "$cachedir"
histfile="$cachedir/history"
# move old bookmark file to new location