commit 0719a64b8ee4c8cfac1aaf133ca8c73c56719777

Author: Julien Blanchard <julien@sideburns.eu>

Date: Mon Apr 20 09:41:40 2020 +0200

Read client certificates

diff --git a/Cargo.lock b/Cargo.lock

index 79e60df..4d89443 100644

--- a/Cargo.lock

+++ b/Cargo.lock

@@ -149,6 +149,7 @@ dependencies = [

"lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",

"native-tls 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",

"open 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)",

+ "openssl 0.10.26 (registry+https://github.com/rust-lang/crates.io-index)",

"pango 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",

"percent-encoding 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)",

"regex 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",

diff --git a/Cargo.toml b/Cargo.toml

index 411c2f6..3262b65 100644

--- a/Cargo.toml

+++ b/Cargo.toml

@@ -16,6 +16,7 @@ pango = "*"

open = "*"

regex = "*"

native-tls = "*"

+openssl = "*"

url = "*"

tempfile = "*"

dirs = "*"

diff --git a/src/gemini/certificate.rs b/src/gemini/certificate.rs

new file mode 100644

index 0000000..ce06257

--- /dev/null

+++ b/src/gemini/certificate.rs

@@ -0,0 +1,30 @@

+extern crate dirs;

+use std::fs;

+use openssl::pkcs12::Pkcs12;

+

+pub fn get_certificate(host: &str) -> Option<Pkcs12> {

+ let mut key_path = dirs::home_dir().unwrap();

+ let mut cert_path = dirs::home_dir().unwrap();

+ let key_name = format!("{}.key", host);

+ let cert_name = format!("{}.crt", host);

+

+ key_path.push(key_name);

+ cert_path.push(cert_name);

+

+ let key = match fs::read(key_path.to_str().unwrap()) {

+ Ok(file) => file,

+ Err(_) => return None

+ };

+

+ let cert = match fs::read(cert_path.to_str().unwrap()) {

+ Ok(file) => file,

+ Err(_) => return None

+ };

+

+ let rsa_key = openssl::rsa::Rsa::private_key_from_pem(&key).expect("Invalid RSA key");

+ let pkey = openssl::pkey::PKey::from_rsa(rsa_key).expect("Invalid PKey");

+ let cert = openssl::x509::X509::from_pem(&cert).expect("Invalid certificate");

+

+ let pkcs_cert = Pkcs12::builder().build("", "", &pkey, &cert).expect("Can't build PKCS12");

+ Some(pkcs_cert)

+}

diff --git a/src/gemini/client.rs b/src/gemini/client.rs

index 0658ff0..42501c4 100644

--- a/src/gemini/client.rs

+++ b/src/gemini/client.rs

@@ -13,6 +13,16 @@ pub fn get_data<T: Protocol>(url: T) -> Result<(Option<Vec<u8>>, Vec<u8>), Strin

let mut builder = TlsConnector::builder();

builder.danger_accept_invalid_hostnames(true);

builder.danger_accept_invalid_certs(true);

+

+ match crate::gemini::certificate::get_certificate(host) {

+ Some(cert) => {

+ let der = cert.to_der().unwrap();

+ let identity = native_tls::Identity::from_pkcs12(&der, "").unwrap();

+ builder.identity(identity);

+ },

+ None => ()

+ };

+

let connector = builder.build().unwrap();

match urlf.to_socket_addrs() {

diff --git a/src/gemini/mod.rs b/src/gemini/mod.rs

index b6c0233..927a04b 100644

--- a/src/gemini/mod.rs

+++ b/src/gemini/mod.rs

@@ -1,3 +1,4 @@

+pub mod certificate;

pub mod client;

pub mod link;

pub mod parser;

diff --git a/src/main.rs b/src/main.rs

index 456da9c..33c81b6 100644

--- a/src/main.rs

+++ b/src/main.rs

@@ -180,6 +180,7 @@ fn visit_url<T: AbsoluteUrl + Protocol>(gui: &Arc<Gui>, url: T) {

Ok(absolute_url) => match gemini::client::get_data(url) {

Ok((meta, new_content)) => {

let meta_str = String::from_utf8_lossy(&meta.unwrap()).to_string();

+ println!("{:?}", meta_str);

if let Ok(status) = Status::from_str(&meta_str) {

match status {

Status::Success(meta) => {

---

Served by Pollux Gemini Server.