diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2016-10-04 15:49:43 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2016-10-04 15:49:43 +0000 |
| commit | 77faa4438a0d3b8bf51618086a75aa400011f7f1 (patch) | |
| tree | c79ea8180e44dc763017a173f75254650bfa3a65 /usr.sbin/acme-client/netproc.c | |
| parent | d6c9dbb821acf35f7350e98cc3de8b7653010d5a (diff) | |
Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.
ok benno@ florian@
Diffstat (limited to 'usr.sbin/acme-client/netproc.c')
| -rw-r--r-- | usr.sbin/acme-client/netproc.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index 4a216c05095..24ab4bfea49 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.9 2016/10/04 15:41:07 jsing Exp $ */ +/* $Id: netproc.c,v 1.10 2016/10/04 15:49:42 jsing Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -579,6 +579,16 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, memset(&paths, 0, sizeof(struct capaths)); memset(&c, 0, sizeof(struct conn)); + if (pledge("stdio inet rpath", NULL) == -1) { + warn("pledge"); + goto out; + } + + if (http_init() == -1) { + warn("http_init"); + goto out; + } + if (pledge("stdio inet", NULL) == -1) { warn("pledge"); goto out; |