~garritfra/public-inbox

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH taurus] Do not hardcode password

Details
Message ID
<20201109074826.5724-1-yerinalexey98fd@gmail.com>
DKIM signature
pass
Download raw message
Patch: +6 -1
Password was hardcoded as "qqqq", I moved it into an environment
variable.

---
 README.md   | 2 ++
 src/main.rs | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c280c09..8f1ad5b 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,8 @@ cp target/release/taurus /usr/bin/taurus

At the current state of the project, you need to generate a server certificate by hand. Take a look at `contrib/generate_cert.sh`, and run it.

Before running, set `CERT_PASSWORD` environment variable to export password (the last prompted).

## Testing

There is a diagnostics script at `contrib/diagnostics.py` that can be used to test the functionality of taurus.
diff --git a/src/main.rs b/src/main.rs
index d3557b1..b11a814 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -13,12 +13,15 @@ use std::sync::Arc;
use std::thread;

fn main() {
    let password =
        std::env::var("CERT_PASSWORD").expect("No CERT_PASSWORD environment variable set");

    let mut file =
        File::open("identity.pfx").expect("File identity.pfx not found in current directory");
    let mut identity = vec![];
    file.read_to_end(&mut identity)
        .expect("Cannot read identity.pfx");
    let identity = Identity::from_pkcs12(&identity, "qqqq").unwrap();
    let identity = Identity::from_pkcs12(&identity, &password).unwrap();

    // 1965 is the standard port for gemini
    let port = "1965";
-- 
2.29.2
Details
Message ID
<CAD16O85iL+ptwqJp7X9a5ebhYd=e-Ow-9Joa5Tg=OT8xE4jqsA@mail.gmail.com>
In-Reply-To
<20201109074826.5724-1-yerinalexey98fd@gmail.com> (view parent)
DKIM signature
pass
Download raw message
Thanks for your patch!

> +    let password =
> +        std::env::var("CERT_PASSWORD").expect("No CERT_PASSWORD environment variable set");

Could you add a CLI flag like "--cert-passphrase" and "-p" to simplify
setting the passphrase? I am planning to add a TOML config soon, where
these sorts of things can be addressed alternatively.
Reply to thread Export thread (mbox)