A solution for exercise 1b

ex1/Makefile

@@ -1,8 +1,13 @@
 CFLAGS += -Wall -Werror
 LDLIBS += -ltls -lssl -lcrypto
 
-
 all: client server
 
+client: client.o report_tls.o
+	$(CC) $(CFLAGS) -o client client.o report_tls.o $(LDLIBS)
+
+server: server.o report_tls.o
+	$(CC) $(CFLAGS) -o server server.o report_tls.o $(LDLIBS)
+
 clean:
 	/bin/rm -f client server *.o

ex1/client.c

@@ -33,6 +33,7 @@
 #include <tls.h>
 
 
+extern void report_tls(struct tls * tls_ctx, char * host);
 
 static void usage()
 {
@@ -91,6 +92,10 @@ int main(int argc, char *argv[])
 		errx(1, "unable to allocate TLS config");
 	if (tls_config_set_ca_file(tls_cfg, "../CA/root.pem") == -1)
 		errx(1, "unable to set root CA file");
+	if (tls_config_set_cert_file(tls_cfg, "../CA/client.crt") == -1)
+		errx(1, "unable to set TLS certificate file");
+	if (tls_config_set_key_file(tls_cfg, "../CA/client.key") == -1)
+		errx(1, "unable to set TLS key file");
 
 	/* ok now get a socket. we don't care where... */
 	if ((sd=socket(AF_INET,SOCK_STREAM,0)) == -1)
@@ -115,6 +120,8 @@ int main(int argc, char *argv[])
 			    tls_error(tls_ctx));
 	} while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
 
+	report_tls(tls_ctx, "localhost");
+
 	/*
 	 * finally, we are connected. find out what magnificent wisdom
 	 * our server is going to send to us - since we really don't know

ex1/server.c

@@ -40,6 +40,8 @@
 #include <unistd.h>
 #include <tls.h>
 
+extern void report_tls(struct tls * tls_ctx, char * host);
+
 static void usage()
 {
 	extern char * __progname;
@@ -103,6 +105,11 @@ int main(int argc,  char *argv[])
 		errx(1, "unable to set TLS key file");
 	if ((tls_ctx = tls_server()) == NULL)
 		errx(1, "tls server creation failed");
+#if 0
+	tls_config_verify_client(tls_cfg);
+#else
+	tls_config_verify_client_optional(tls_cfg);
+#endif
 	if (tls_configure(tls_ctx, tls_cfg) == -1)
 		errx(1, "tls configuration failed (%s)", tls_error(tls_ctx));
 
@@ -180,6 +187,18 @@ int main(int argc,  char *argv[])
 				} while(i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
 			}
 
+			report_tls(tls_cctx, "localhost");
+
+#if 0
+			if (tls_peer_cert_contains_name(tls_cctx, "localhost")) {
+				warn("I hate localhost - hanging up");
+				tls_close(tls_cctx);
+				tls_free(tls_cctx);
+				close(clientsd);
+				exit(1);
+			}
+#endif
+
 			/*
 			 * write the message to the client, being sure to
 			 * handle a short write, or being interrupted by