(Optional) Client certificate support, fix main to exit if init client or server network fails

1 files changed, 10 insertions, 7 deletions

diff --git a/tls.c b/tls.c
index 167f530..d526812 100644
--- a/tls.c
+++ b/tls.c
@@ -52,28 +52,31 @@ int connect_tls(void) {
 	if (gnutls_certificate_set_x509_system_trust(xcred) < 0)
 		return 3;
 
-	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
+	if (tls_cert_path && tls_key_path && gnutls_certificate_set_x509_key_file(xcred, tls_cert_path, tls_key_path, GNUTLS_X509_FMT_PEM) < 0)
 		return 4;
 
-	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
+	if (gnutls_init(&session, GNUTLS_CLIENT) < 0)
 		return 5;
 
-	if (gnutls_set_default_priority(session) < 0)
+	if (gnutls_server_name_set(session, GNUTLS_NAME_DNS, address.data, address.len) < 0)
 		return 6;
 
-	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+	if (gnutls_set_default_priority(session) < 0)
 		return 7;
+
+	if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred) < 0)
+		return 8;
 	gnutls_session_set_verify_cert(session, address.data, 0);
 
 	fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
 	if (fd == -1)
-		return 8;
+		return 9;
 
 	struct sockaddr sockaddr;
 	resolve(address.data, port.data, &sockaddr);
 	int ret = connect(fd, &sockaddr, sizeof(sockaddr));
 	if (ret != 0)
-		return 9;
+		return 10;
 
 	gnutls_transport_set_int(session, fd);
 	gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
@@ -82,7 +85,7 @@ int connect_tls(void) {
 		ret = gnutls_handshake(session);
 	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
 	if (ret < 0)
-		return 10;
+		return 11;
 
 	gnutls_record_set_timeout(session, 60000); // 60s