commit 3847d69e6bea87ad76ee06dafcbb9133bf4a255b
from: Omar Polo <op@omarpolo.com>
date: Sun Jan 30 23:20:26 2022 UTC

ftp: allow only -C for file with both cert and key inside

Assume that if -K is not given, the file passed for -C holds the
key too.  This is particularly useful with the new `gencert' contrib
script.

commit - a37a930ca65c365da4f2b8652d066b90d1035672
commit + 3847d69e6bea87ad76ee06dafcbb9133bf4a255b
blob - 93eccac000e2849b6eef92b5822f79462680bb74
blob + 5566fa5f7770bb009285a68319afa63df60d23fe
--- kamiftp/ftp.c
+++ kamiftp/ftp.c
@@ -849,6 +849,10 @@ do_tls_connect(const char *host, const char *port)
 		fatalx("tls_config_new");
 	tls_config_insecure_noverifycert(tlsconf);
 	tls_config_insecure_noverifyname(tlsconf);
+
+	if (keypath == NULL)
+		keypath = crtpath;
+
 	if (tls_config_set_keypair_file(tlsconf, crtpath, keypath) == -1)
 		fatalx("can't load certs (%s, %s)", crtpath, keypath);
 
@@ -1589,7 +1593,7 @@ main(int argc, char **argv)
 	argc -= optind;
 	argv += optind;
 
-	if (argc == 0)
+	if (argc == 0 || (tls && crtpath == NULL))
 		usage(1);
 
 	signal(SIGPIPE, SIG_IGN);