Browse Source

Plan 9 from Bell Labs 2007-08-16

David du Colombier 14 years ago
parent
commit
cd44a65df4
10 changed files with 160 additions and 93 deletions
  1. 12 0
      cfg/example/cpurc
  2. 16 12
      dist/replica/_plan9.db
  3. 13 12
      dist/replica/plan9.db
  4. 17 0
      dist/replica/plan9.log
  5. 1 7
      rc/bin/cpurc
  6. 15 3
      sys/lib/dist/mkfile
  7. 2 6
      sys/man/2/des
  8. 76 45
      sys/man/2/pushtls
  9. 2 2
      sys/man/8/cpurc
  10. 6 6
      sys/src/libsec/port/readcert.c

+ 12 - 0
cfg/example/cpurc

@@ -0,0 +1,12 @@
+#!/bin/rc
+# cpu-specific startup
+
+# Since booting from venti could have started loopback,
+# don't test for existing interfaces, just use ipconfig.
+# ip/ipconfig -g your-gateway ether /net/ether0 your-ip-address your-subnet-mask
+
+# ndb/dns -s
+
+# ip/dhcpd
+# ip/tftpd
+

+ 16 - 12
dist/replica/_plan9.db

@@ -236,9 +236,9 @@
 386/bin/fortune - 775 sys sys 1168402308 67356
 386/bin/fossil - 20000000775 sys sys 1042005470 0
 386/bin/fossil/conf - 775 sys sys 1085077052 1506
-386/bin/fossil/flchk - 775 sys sys 1180209225 237116
-386/bin/fossil/flfmt - 775 sys sys 1180209226 245137
-386/bin/fossil/fossil - 775 sys sys 1181851033 363780
+386/bin/fossil/flchk - 775 sys sys 1187147720 237381
+386/bin/fossil/flfmt - 775 sys sys 1187147721 245386
+386/bin/fossil/fossil - 775 sys sys 1187147721 364045
 386/bin/fossil/last - 775 sys sys 1168402310 63550
 386/bin/freq - 775 sys sys 1168402310 62040
 386/bin/fs - 20000000775 sys sys 954380769 0
@@ -876,6 +876,7 @@ arm/lib/ape - 20000000775 sys sys 1020896375 0
 arm/mkfile - 664 sys sys 948141303 46
 cfg - 20000000775 sys sys 1177628278 0
 cfg/example - 20000000775 sys sys 1177628283 0
+cfg/example/cpurc - 775 sys sys 1187226177 266
 cfg/example/termrc - 775 sys sys 1177628544 195
 cron - 20000000777 sys sys 1039727915 0
 cron/upas - 20000000775 upas sys 1039727915 0
@@ -5487,7 +5488,7 @@ rc/bin/b: - 775 sys sys 1015089510 204
 rc/bin/broke - 775 sys sys 1143389260 142
 rc/bin/bundle - 775 sys sys 945617206 173
 rc/bin/c: - 775 sys sys 1015089511 86
-rc/bin/cpurc - 775 sys sys 1179769494 2009
+rc/bin/cpurc - 775 sys sys 1187226871 1901
 rc/bin/cpurc.local - 775 sys sys 1176827268 367
 rc/bin/delkey - 775 sys sys 1109429137 643
 rc/bin/dial - 20000000775 sys sys 1059180057 0
@@ -6196,7 +6197,7 @@ sys/lib/dist/cmd/touchfs.c - 664 sys sys 1018469727 1120
 sys/lib/dist/cmd/unbflz.c - 664 sys sys 1018469727 1688
 sys/lib/dist/logcompress.awk - 664 sys sys 1068558028 298
 sys/lib/dist/logtime.awk - 664 sys sys 1019526213 38
-sys/lib/dist/mkfile - 664 sys sys 1173736647 5154
+sys/lib/dist/mkfile - 664 sys sys 1187231219 5377
 sys/lib/dist/pc - 20000000775 sys sys 1147022870 0
 sys/lib/dist/pc/cd0.proto - 664 sys sys 1114358485 7
 sys/lib/dist/pc/empty - 20000000775 sys sys 1020895854 0
@@ -7518,7 +7519,7 @@ sys/man/2/cputime - 664 sys sys 1015091518 713
 sys/man/2/ctime - 664 sys sys 954378853 2547
 sys/man/2/ctype - 664 sys sys 1079535676 2611
 sys/man/2/debugger - 664 sys sys 944959696 8629
-sys/man/2/des - 664 sys sys 1032058673 3517
+sys/man/2/des - 664 sys sys 1187231239 3505
 sys/man/2/dial - 664 sys sys 1175725019 6594
 sys/man/2/dirread - 664 sys sys 1015091519 1901
 sys/man/2/disk - 664 sys sys 1015091519 3188
@@ -7591,7 +7592,7 @@ sys/man/2/print - 664 sys sys 1115941566 8852
 sys/man/2/privalloc - 664 sys sys 984709633 651
 sys/man/2/proto - 664 sys sys 969499889 2948
 sys/man/2/pushssl - 664 sys sys 958249503 1032
-sys/man/2/pushtls - 664 sys sys 1124711123 5618
+sys/man/2/pushtls - 664 sys sys 1187210621 6020
 sys/man/2/qball - 664 sys sys 1162102671 1996
 sys/man/2/qsort - 664 sys sys 944959694 763
 sys/man/2/quaternion - 664 sys sys 1162102619 3417
@@ -7786,7 +7787,7 @@ sys/man/8/apm - 664 sys sys 1017679308 1811
 sys/man/8/auth - 664 sys sys 1183580530 4981
 sys/man/8/boot - 664 sys sys 1165623055 8357
 sys/man/8/booting - 664 sys sys 1015024984 4136
-sys/man/8/cpurc - 664 sys sys 1174792133 1541
+sys/man/8/cpurc - 664 sys sys 1187227584 1522
 sys/man/8/cron - 664 sys sys 1063858596 1867
 sys/man/8/dhcpd - 664 sys sys 1172959497 5572
 sys/man/8/disksim - 664 sys sys 1144150487 1476
@@ -15678,7 +15679,7 @@ sys/src/libsec/port/primetest.c - 664 sys sys 984710523 2486
 sys/src/libsec/port/prng.c - 664 sys sys 984710523 187
 sys/src/libsec/port/probably_prime.c - 664 sys sys 984710523 1567
 sys/src/libsec/port/rc4.c - 664 sys sys 1015013580 1415
-sys/src/libsec/port/readcert.c - 664 sys sys 1084318870 1026
+sys/src/libsec/port/readcert.c - 664 sys sys 1187210612 1024
 sys/src/libsec/port/reduce - 664 sys sys 984710524 306
 sys/src/libsec/port/rsaalloc.c - 664 sys sys 984710524 657
 sys/src/libsec/port/rsadecrypt.c - 664 sys sys 984710524 749
@@ -15853,6 +15854,9 @@ usr/glenda/lib/profile - 664 glenda glenda 1105128663 890
 usr/glenda/readme.acme - 664 glenda glenda 1019860628 4753
 usr/glenda/readme.rio - 664 glenda glenda 1019860628 6370
 usr/glenda/tmp - 20000000775 glenda glenda 1018802620 0
-386/bin/fossil/flchk - 775 sys sys 1187147720 237381
-386/bin/fossil/flfmt - 775 sys sys 1187147721 245386
-386/bin/fossil/fossil - 775 sys sys 1187147721 364045
+386/bin/vncs - 775 sys sys 1187234324 471489
+386/bin/ip/httpd/httpd - 775 sys sys 1187234320 294990
+386/bin/tlssrv - 775 sys sys 1187234321 197791
+386/bin/upas/pop3 - 775 sys sys 1187234321 261635
+386/bin/upas/smtpd - 775 sys sys 1187234322 331907
+386/lib/libsec.a - 664 sys sys 1187234325 646784

+ 13 - 12
dist/replica/plan9.db

@@ -293,7 +293,7 @@
 386/bin/ip/gping - 775 sys sys 1179372093 182147
 386/bin/ip/hogports - 775 sys sys 1148500655 42914
 386/bin/ip/httpd - 20000000775 sys sys 1068385801 0
-386/bin/ip/httpd/httpd - 775 sys sys 1179372094 294970
+386/bin/ip/httpd/httpd - 775 sys sys 1187234320 294990
 386/bin/ip/httpd/imagemap - 775 sys sys 1178568284 115949
 386/bin/ip/httpd/man2html - 775 sys sys 1178568284 124503
 386/bin/ip/httpd/netlib_find - 775 sys sys 1178568285 116797
@@ -432,7 +432,7 @@
 386/bin/test - 775 sys sys 1178568306 68701
 386/bin/time - 775 sys sys 1168402352 61618
 386/bin/tlsclient - 775 sys sys 1178568306 197411
-386/bin/tlssrv - 775 sys sys 1178568307 197771
+386/bin/tlssrv - 775 sys sys 1187234321 197791
 386/bin/togif - 775 sys sys 1179372106 190268
 386/bin/toico - 775 sys sys 1179372107 124047
 386/bin/topng - 775 sys sys 1178568307 137219
@@ -466,14 +466,14 @@
 386/bin/upas/msgcat - 775 sys sys 1064598353 38
 386/bin/upas/msgtok - 775 sys sys 1176520508 76758
 386/bin/upas/nedmail - 775 sys sys 1181507271 156007
-386/bin/upas/pop3 - 775 sys sys 1179372109 261615
+386/bin/upas/pop3 - 775 sys sys 1187234321 261635
 386/bin/upas/qer - 775 sys sys 1178568313 99195
 386/bin/upas/ratfs - 775 sys sys 1178568314 110177
 386/bin/upas/runq - 775 sys sys 1178568314 112842
 386/bin/upas/scanmail - 775 sys sys 1181507271 128207
 386/bin/upas/send - 775 sys sys 1181507272 192174
 386/bin/upas/smtp - 775 sys sys 1185566684 275107
-386/bin/upas/smtpd - 775 sys sys 1181540422 331887
+386/bin/upas/smtpd - 775 sys sys 1187234322 331907
 386/bin/upas/spam - 775 sys sys 1064598366 36
 386/bin/upas/testscan - 775 sys sys 1181507272 83858
 386/bin/upas/token - 775 sys sys 1178568317 76393
@@ -507,7 +507,7 @@
 386/bin/venti/verifyarena - 775 sys sys 1178568325 102747
 386/bin/venti/wrarena - 775 sys sys 1178568325 174848
 386/bin/venti/write - 775 sys sys 1176520521 102825
-386/bin/vncs - 775 sys sys 1179372111 471469
+386/bin/vncs - 775 sys sys 1187234324 471489
 386/bin/vncv - 775 sys sys 1179372113 518914
 386/bin/vt - 775 sys sys 1186716661 176851
 386/bin/vtdump - 775 sys sys 1178568328 160252
@@ -572,7 +572,7 @@
 386/lib/libplumb.a - 664 sys sys 1168402370 19408
 386/lib/libregexp.a - 664 sys sys 1181507273 37290
 386/lib/libscribble.a - 664 sys sys 1175972562 107238
-386/lib/libsec.a - 664 sys sys 1181332908 646724
+386/lib/libsec.a - 664 sys sys 1187234325 646784
 386/lib/libstdio.a - 664 sys sys 1176432133 126062
 386/lib/libsunrpc.a - 664 sys sys 1187061209 353148
 386/lib/libthread.a - 664 sys sys 1184731247 71918
@@ -876,6 +876,7 @@ arm/lib/ape - 20000000775 sys sys 1020896375 0
 arm/mkfile - 664 sys sys 948141303 46
 cfg - 20000000775 sys sys 1177628278 0
 cfg/example - 20000000775 sys sys 1177628283 0
+cfg/example/cpurc - 775 sys sys 1187226177 266
 cfg/example/termrc - 775 sys sys 1177628544 195
 cron - 20000000777 sys sys 1039727915 0
 cron/upas - 20000000775 upas sys 1039727915 0
@@ -5487,7 +5488,7 @@ rc/bin/b: - 775 sys sys 1015089510 204
 rc/bin/broke - 775 sys sys 1143389260 142
 rc/bin/bundle - 775 sys sys 945617206 173
 rc/bin/c: - 775 sys sys 1015089511 86
-rc/bin/cpurc - 775 sys sys 1179769494 2009
+rc/bin/cpurc - 775 sys sys 1187226871 1901
 rc/bin/cpurc.local - 775 sys sys 1176827268 367
 rc/bin/delkey - 775 sys sys 1109429137 643
 rc/bin/dial - 20000000775 sys sys 1059180057 0
@@ -6196,7 +6197,7 @@ sys/lib/dist/cmd/touchfs.c - 664 sys sys 1018469727 1120
 sys/lib/dist/cmd/unbflz.c - 664 sys sys 1018469727 1688
 sys/lib/dist/logcompress.awk - 664 sys sys 1068558028 298
 sys/lib/dist/logtime.awk - 664 sys sys 1019526213 38
-sys/lib/dist/mkfile - 664 sys sys 1173736647 5154
+sys/lib/dist/mkfile - 664 sys sys 1187231219 5377
 sys/lib/dist/pc - 20000000775 sys sys 1147022870 0
 sys/lib/dist/pc/cd0.proto - 664 sys sys 1114358485 7
 sys/lib/dist/pc/empty - 20000000775 sys sys 1020895854 0
@@ -7518,7 +7519,7 @@ sys/man/2/cputime - 664 sys sys 1015091518 713
 sys/man/2/ctime - 664 sys sys 954378853 2547
 sys/man/2/ctype - 664 sys sys 1079535676 2611
 sys/man/2/debugger - 664 sys sys 944959696 8629
-sys/man/2/des - 664 sys sys 1032058673 3517
+sys/man/2/des - 664 sys sys 1187231239 3505
 sys/man/2/dial - 664 sys sys 1175725019 6594
 sys/man/2/dirread - 664 sys sys 1015091519 1901
 sys/man/2/disk - 664 sys sys 1015091519 3188
@@ -7591,7 +7592,7 @@ sys/man/2/print - 664 sys sys 1115941566 8852
 sys/man/2/privalloc - 664 sys sys 984709633 651
 sys/man/2/proto - 664 sys sys 969499889 2948
 sys/man/2/pushssl - 664 sys sys 958249503 1032
-sys/man/2/pushtls - 664 sys sys 1124711123 5618
+sys/man/2/pushtls - 664 sys sys 1187210621 6020
 sys/man/2/qball - 664 sys sys 1162102671 1996
 sys/man/2/qsort - 664 sys sys 944959694 763
 sys/man/2/quaternion - 664 sys sys 1162102619 3417
@@ -7786,7 +7787,7 @@ sys/man/8/apm - 664 sys sys 1017679308 1811
 sys/man/8/auth - 664 sys sys 1183580530 4981
 sys/man/8/boot - 664 sys sys 1165623055 8357
 sys/man/8/booting - 664 sys sys 1015024984 4136
-sys/man/8/cpurc - 664 sys sys 1174792133 1541
+sys/man/8/cpurc - 664 sys sys 1187227584 1522
 sys/man/8/cron - 664 sys sys 1063858596 1867
 sys/man/8/dhcpd - 664 sys sys 1172959497 5572
 sys/man/8/disksim - 664 sys sys 1144150487 1476
@@ -15678,7 +15679,7 @@ sys/src/libsec/port/primetest.c - 664 sys sys 984710523 2486
 sys/src/libsec/port/prng.c - 664 sys sys 984710523 187
 sys/src/libsec/port/probably_prime.c - 664 sys sys 984710523 1567
 sys/src/libsec/port/rc4.c - 664 sys sys 1015013580 1415
-sys/src/libsec/port/readcert.c - 664 sys sys 1084318870 1026
+sys/src/libsec/port/readcert.c - 664 sys sys 1187210612 1024
 sys/src/libsec/port/reduce - 664 sys sys 984710524 306
 sys/src/libsec/port/rsaalloc.c - 664 sys sys 984710524 657
 sys/src/libsec/port/rsadecrypt.c - 664 sys sys 984710524 749

+ 17 - 0
dist/replica/plan9.log

@@ -49982,3 +49982,20 @@
 1187148603 0 c 386/bin/fossil/flchk - 775 sys sys 1187147720 237381
 1187148603 1 c 386/bin/fossil/flfmt - 775 sys sys 1187147721 245386
 1187148603 2 c 386/bin/fossil/fossil - 775 sys sys 1187147721 364045
+1187206204 0 c sys/man/2/pushtls - 664 sys sys 1187206256 5578
+1187208004 0 c sys/man/2/pushtls - 664 sys sys 1187206381 5583
+1187209804 0 c sys/man/2/pushtls - 664 sys sys 1187209706 6020
+1187211604 0 c sys/man/2/pushtls - 664 sys sys 1187210621 6020
+1187211604 1 c sys/src/libsec/port/readcert.c - 664 sys sys 1187210612 1024
+1187226004 0 a cfg/example/cpurc - 775 sys sys 1187225912 195
+1187227804 0 c cfg/example/cpurc - 775 sys sys 1187226177 266
+1187227804 1 c rc/bin/cpurc - 775 sys sys 1187226871 1901
+1187227804 2 c sys/man/8/cpurc - 664 sys sys 1187227584 1522
+1187231404 0 c sys/lib/dist/mkfile - 664 sys sys 1187231219 5377
+1187231404 1 c sys/man/2/des - 664 sys sys 1187231239 3505
+1187235003 0 c 386/bin/vncs - 775 sys sys 1187234324 471489
+1187235003 1 c 386/bin/ip/httpd/httpd - 775 sys sys 1187234320 294990
+1187235003 2 c 386/bin/tlssrv - 775 sys sys 1187234321 197791
+1187235003 3 c 386/bin/upas/pop3 - 775 sys sys 1187234321 261635
+1187235003 4 c 386/bin/upas/smtpd - 775 sys sys 1187234322 331907
+1187235003 5 c 386/lib/libsec.a - 664 sys sys 1187234325 646784

+ 1 - 7
rc/bin/cpurc

@@ -16,12 +16,6 @@ NPROC = `{wc -l </dev/sysstat}
 if(test -e /rc/bin/cpurc.local)
 	. /rc/bin/cpurc.local
 
-# cpu-specific startup such as
-# ip/ipconfig ether /dev/ether0 ip gw ...
-# ndb/dns -s
-# ip/dhcpd
-# ip/tftpd
-
 if (~ $#sysname 0 || ~ $sysname '') {
 	sysname = helix			# default
 	echo -n $sysname >/dev/sysname
@@ -49,7 +43,7 @@ if(! grep -s 127.0.0.1 /net/ipselftab)
 #
 # also rename some files:
 #
-# if(! test -e /rc/bin/service.auth/il566){
+# if(! test -e /rc/bin/service.auth/tcp567){
 #	mv /rc/bin/service.auth/authsrv.il566 /rc/bin/service.auth/il566
 #	mv /rc/bin/service.auth/authsrv.tcp567 /rc/bin/service.auth/tcp567
 #	mv /rc/bin/service/il566 /rc/bin/service/_il566

+ 15 - 3
sys/lib/dist/mkfile

@@ -1,6 +1,7 @@
 # /sys/lib/dist/mkfile
 d=/n/sources/plan9
 dist=/sys/lib/dist
+# import /sys/lib/dist/web.protect from outside
 x=`{9fs sources; 9fs fsother; import -c tcp!204.178.31.2!666 $dist/web.protect}
 
 cd:V: /n/fsother/dist/plan9.iso
@@ -26,8 +27,13 @@ contrib-cd:V:	/n/fsother/dist/contrib.iso.bz2
 	echo 'CD:' $title
 	disk/mk9660 -9cj -v $title -s $d -b bootdisk.img $target
 
+# try not to clobber downloads in progress
 $dist/web.protect/%.iso.bz2:	/n/fsother/dist/%.iso.bz2
-	cp $prereq $target
+	cp $prereq $target.new
+	chmod +t $target.new		# don't waste venti on it
+	if (test -e $target)
+		mv $target $target.old
+	mv $target.new $target
 
 scan:V:
 	test -d /n/fsother/dist		# make sure fsother was mounted above
@@ -54,7 +60,10 @@ odump:V:
 		-p /sys/lib/sysconfig/proto/allproto /n/fsother/dist/distdump.iso
 
 cd.install:V:
-	if(~ $sysname achille){ echo; echo; echo '*** run this on a real machine, like olive.'; exit bad }
+	if(~ $sysname achille){
+		echo; echo; echo '*** run this on a real machine, like olive.'
+		exit bad
+	}
 	bzip2 -9 < /n/fsother/dist/plan9.iso >web.protect/nplan9.iso.bz2
 
 D.install:V:
@@ -65,7 +74,10 @@ D.install:V:
 	cp $D$dist/pc/9loaddebug $dist/web.protect/n9loaddebug
 
 reallyinstall:V:
-	if(! ~ $sysname achille){ echo; echo; echo '*** this needs to run on achille.'; exit bad }
+	if(! ~ $sysname achille){
+		echo; echo; echo '*** this needs to run on achille.'
+		exit bad
+	}
 	cd web.protect
 	for (i in plan9.iso.bz2 disk 9loaddebug vmware.zip)
 		if(test -f n$i){

+ 2 - 6
sys/man/2/des

@@ -14,9 +14,7 @@ setupDESstate, des_key_setup, block_cipher, desCBCencrypt, desCBCdecrypt, desECB
 void	des_key_setup(uchar key[8], ulong schedule[32])
 .PP
 .B
-void	block_cipher(ulong *schedule, uchar *data,
-.B
-		int decrypting)
+void	block_cipher(ulong *schedule, uchar *data, int decrypting)
 .PP
 .B
 void	setupDESstate(DESstate *s, uchar key[8], uchar *ivec)
@@ -37,9 +35,7 @@ void	desECBdecrypt(uchar*, int, DESstate*)
 void	triple_block_cipher(ulong keys[3][32], uchar*, int)
 .PP
 .B
-void	setupDES3state(DES3state *s, uchar key[3][8],
-.B
-			 uchar *ivec)
+void	setupDES3state(DES3state *s, uchar key[3][8], uchar *ivec)
 .PP
 .B
 void	des3CBCencrypt(uchar*, int, DES3state*)

+ 76 - 45
sys/man/2/pushtls

@@ -6,36 +6,36 @@ pushtls, tlsClient, tlsServer, initThumbprints, freeThumbprints, okThumbprint, r
 .br
 .B #include <libc.h>
 .PP
+.nf
 .B
-int			pushtls(int fd, char *hashalg, char *encalg,
-.br
+int	pushtls(int fd, char *hashalg, char *encalg,
 .B
-				int isclient, char *secret, char *dir)
+		int isclient, char *secret, char *dir)
 .PP
+.nf
 .B #include <mp.h>
-.br
 .B #include <libsec.h>
 .PP
 .B
-int			tlsClient(int fd, TLSconn *conn)
+int	tlsClient(int fd, TLSconn *conn)
 .PP
 .B
-int			tlsServer(int fd, TLSconn *conn)
+int	tlsServer(int fd, TLSconn *conn)
 .PP
 .B
-uchar		*readcert(char *filename, int *pcertlen)
+uchar *readcert(char *filename, int *pcertlen)
 .PP
 .B
-PEMchain	*readcertchain(char *filename)
+PEMchain *readcertchain(char *filename)
 .PP
 .B
-Thumbprint*	initThumbprints(char *ok, char *crl)
+Thumbprint *initThumbprints(char *ok, char *crl)
 .PP
 .B
-void			freeThumbprints(Thumbprint *table)
+void	freeThumbprints(Thumbprint *table)
 .PP
 .B
-int			okThumbprint(uchar *hash, Thumbprint *table)
+int	okThumbprint(uchar *hash, Thumbprint *table)
 .SH DESCRIPTION
 Transport Layer Security (TLS) comprises a record layer protocol,
 doing message digesting and encrypting in the kernel,
@@ -80,28 +80,31 @@ If
 is non-zero, the path name of the connection directory is copied into
 .IR dir .
 This path name is guaranteed to be less than 40 bytes long.
-.PP
+.SS Certificates
+.\" and other horseshit
 Alternatively, call
 .I tlsClient
 to speak the full handshake protocol,
 negotiate the algorithms and secrets,
 and return a new data file descriptor for the data channel.
 .I Conn
-points to a (caller-allocated) struct
+points to a (caller-allocated) struct:
+.IP
 .EX
-   typedef struct TLSconn{
-      char dir[40];     // OUT    connection directory
-      uchar *cert;      // IN/OUT certificate
-      uchar *sessionID; // IN/OUT session ID
-      int certlen, sessionIDlen;
-      void (*trace)(char*fmt, ...);
-      PEMChain *chain;
-      char *sessionType;  // opt IN  session type
-      uchar *sessionKey;  // opt IN/OUT session key
-      int sessionKeylen;  // opt IN  session key length
-      char *sessionConst; // opt IN  session constant
-   } TLSconn;
+typedef struct TLSconn {
+	char	dir[40];		/* OUT    connection directory */
+	uchar *cert;		/* IN/OUT certificate */
+	uchar *sessionID;	/* IN/OUT session ID */
+	int	certlen, sessionIDlen;
+	void	(*trace)(char*fmt, ...);
+	PEMChain *chain;
+	char	*sessionType;	/* opt IN  session type */
+	uchar *sessionKey;	/* opt IN/OUT session key */
+	int	sessionKeylen;	/* opt IN  session key length */
+	char	*sessionConst;	/* opt IN  session constant */
+} TLSconn;
 .EE
+.PP
 defined in
 .IR tls.h .
 On input, the caller can provide options such as
@@ -153,18 +156,44 @@ The caller must initialize
 .IB conn ->cert \fR,
 usually by calling
 .I readcert
-to read the certificate out of a file.
+to read and decode the PEM-encoded certificate from
+.IR filename ,
+return a pointer to
+.IR malloc ed
+storage containing the certificate,
+and store its length through
+.IR pcertlen .
 The private key corresponding to
 .I cert.pem
 should have been previously loaded into factotum.
 (See
 .IR rsa (8)
 for more about key generation.)
-
+.PP
+.I Readcertchain
+will read a PEM-encoded chain of certificates from
+.I filename
+and return a pointer to a linked list of
+.IR malloc ed
+.B PEMChain
+structures, defined in
+.IR tls.h :
+.IP
+.EX
+typedef struct PEMChain PEMChain;
+struct PEMChain {
+	PEMChain*next;
+	uchar *pem;
+	int	pemlen;
+};
+.EE
+.LP
 By setting
+.IP
 .EX
-   conn->chain = readcertchain("intermediate-certs.pem");
+conn->chain = readcertchain("intermediate-certs.pem");
 .EE
+.LP
 the server can present extra certificate evidence
 to establish the chain of trust to a root authority
 known to the client.
@@ -174,27 +203,29 @@ is not required for the ongoing conversation and may
 be freed by the application whenever convenient.
 .SH EXAMPLES
 Start the client half of TLS and check the remote certificate:
-.PP
+.IP
 .EX
-    uchar hash[SHA1dlen];
-    conn = (TLSconn*)mallocz(sizeof *conn, 1);
-    fd = tlsClient(fd, conn);
-    sha1(conn->cert, conn->certlen, hash, nil);
-    if(!okThumbprint(hash,table))
-        exits("suspect server");
-    \fI...application begins...\fP
+uchar hash[SHA1dlen];
+
+conn = (TLSconn*)mallocz(sizeof *conn, 1);
+fd = tlsClient(fd, conn);
+sha1(conn->cert, conn->certlen, hash, nil);
+if(!okThumbprint(hash,table))
+	exits("suspect server");
+\fI...application begins...\fP
 .EE
 .PP
 Run the server side:
-.PP
+.IP
 .EX
-    fd = accept(lcfd, ldir);
-    conn = (TLSconn*)mallocz(sizeof *conn, 1);
-    conn->cert = readcert("cert.pem", &conn->certlen);
-    fd = tlsServer(fd, conn);
-    \fI...application begins...\fP
+fd = accept(lcfd, ldir);
+conn = (TLSconn*)mallocz(sizeof *conn, 1);
+conn->cert = readcert("cert.pem", &conn->certlen);
+fd = tlsServer(fd, conn);
+\fI...application begins...\fP
 .EE
 .SH FILES
+.TF /sys/lib/tls
 .TP 
 .B /sys/lib/tls
 thumbprints of trusted services
@@ -211,13 +242,13 @@ PEM certificate files
 .IR factotum (4),
 .IR thumbprint (6)
 .SH DIAGNOSTICS
-return \-1 on failure.
+Return \-1 on failure.
 .SH BUGS
-.PP
 Client certificates and client sessionIDs are not yet
 implemented.
 .PP
 Note that in the TLS protocol
 .I sessionID
 itself is public;  it is used as a pointer to
-secrets stored in factotum.
+secrets stored in
+.IR factotum .

+ 2 - 2
sys/man/8/cpurc

@@ -54,8 +54,8 @@ exists for the machine named
 .BR $sysname ,
 .I termrc
 will execute it next.
-This action is suppressed, as is automatic initialization of the mouse and
-VGA on a PC, if the user is
+Automatic initialization of the mouse and
+VGA on a PC is suppressed, if the user is
 .BR none .
 These files should be edited by local installations
 to reflect the configuration of their systems.

+ 6 - 6
sys/src/libsec/port/readcert.c

@@ -14,8 +14,10 @@ readfile(char *name)
 	fd = open(name, OREAD);
 	if(fd < 0)
 		return nil;
-	if((d = dirfstat(fd)) == nil)
+	if((d = dirfstat(fd)) == nil) {
+		close(fd);
 		return nil;
+	}
 	s = malloc(d->length + 1);
 	if(s == nil || readn(fd, s, d->length) != d->length){
 		free(s);
@@ -37,7 +39,7 @@ readcert(char *filename, int *pcertlen)
 
 	pem = readfile(filename);
 	if(pem == nil){
-		werrstr("can't read %s", filename);
+		werrstr("can't read %s: %r", filename);
 		return nil;
 	}
 	binary = decodePEM(pem, "CERTIFICATE", pcertlen, nil);
@@ -53,14 +55,12 @@ PEMChain *
 readcertchain(char *filename)
 {
 	char *chfile;
-	PEMChain *chp;
 
 	chfile = readfile(filename);
 	if (chfile == nil) {
-		werrstr("can't read %s", filename);
+		werrstr("can't read %s: %r", filename);
 		return nil;
 	}
-	chp = decodepemchain(chfile, "CERTIFICATE");
-	return chp;
+	return decodepemchain(chfile, "CERTIFICATE");
 }