dl for the signer cert + fix example + css tweaks

* add a DL button + serve the signer certificate file (the one used to
timestamp)
* fix the verification instruction (add -untrusted tsa_cert.pem)
* few CSS tweaks to improve page layout

src/lib/http.c

@@ -217,13 +217,14 @@ int ca_serve_handler(struct mg_connection *conn, void *context) {
     clock_t start = clock(), diff;
     rfc3161_context *ct = (rfc3161_context *)context;
     const char *filename = ct->ca_file;
-    if (strlen(filename) == 0){
-        uts_logger(context, LOG_NOTICE, "'certs' param in '[ tsa ]' section not filed");
+    if (strlen(filename) == 0) {
+        uts_logger(context, LOG_NOTICE,
+                   "'certs' param in '[ tsa ]' section not filed");
         mg_send_http_error(conn, 404, "CA file not available");
         diff = clock() - start;
         log_request(request_info, "CA_DL  ", ct, 404,
                     (diff * 1000000 / CLOCKS_PER_SEC));
-	return 1;
+        return 1;
     }
     if (access(filename, F_OK) != -1) {
         mg_send_file(conn, filename);
@@ -242,6 +243,39 @@ int ca_serve_handler(struct mg_connection *conn, void *context) {
     return 1;
 }
 
+int cert_serve_handler(struct mg_connection *conn, void *context) {
+    /* In this handler, we ignore the req_info and send the file "filename". */
+    const struct mg_request_info *request_info = mg_get_request_info(conn);
+    clock_t start = clock(), diff;
+    rfc3161_context *ct = (rfc3161_context *)context;
+    const char *filename = ct->cert_file;
+    if (strlen(filename) == 0) {
+        uts_logger(context, LOG_NOTICE,
+                   "'signer_cert' param in '[ tsa ]' section not filed");
+        mg_send_http_error(conn, 404, "CA file not available");
+        diff = clock() - start;
+        log_request(request_info, "CERT_DL", ct, 404,
+                    (diff * 1000000 / CLOCKS_PER_SEC));
+        return 1;
+    }
+    if (access(filename, F_OK) != -1) {
+        mg_send_file(conn, filename);
+        const struct mg_response_info *ri = mg_get_response_info(conn);
+        diff = clock() - start;
+        log_request(request_info, "CERT_DL", ct, 200,
+                    (diff * 1000000 / CLOCKS_PER_SEC));
+
+    } else {
+        uts_logger(context, LOG_NOTICE,
+                   "signer certificate file '%s' not available", filename);
+        mg_send_http_error(conn, 404, "CA file not available");
+        diff = clock() - start;
+        log_request(request_info, "CERT_DL", ct, 404,
+                    (diff * 1000000 / CLOCKS_PER_SEC));
+    }
+    return 1;
+}
+
 int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
     struct mg_context *ctx;
     struct mg_callbacks callbacks;
@@ -269,6 +303,8 @@ int http_server_start(char *conffile, char *conf_wd, bool stdout_dbg) {
     if (ctx != NULL) {
         mg_set_request_handler(ctx, "/", rfc3161_handler, (void *)ct);
         mg_set_request_handler(ctx, "/ca.pem", ca_serve_handler, (void *)ct);
+        mg_set_request_handler(ctx, "/tsa_cert.pem", cert_serve_handler,
+                               (void *)ct);
 
         // Wait until some signals are received
         while (g_uts_sig == 0) {

src/lib/utils.c

@@ -390,6 +390,10 @@ int set_params(rfc3161_context *ct, char *conf_file, char *conf_wd) {
 
     ct->ca_file = calloc(PATH_MAX, sizeof(char));
     realpath(NCONF_get_string(ct->conf, TSA_SECTION, "certs"), ct->ca_file);
+    ct->cert_file = calloc(PATH_MAX, sizeof(char));
+    realpath(NCONF_get_string(ct->conf, TSA_SECTION, "signer_cert"),
+             ct->cert_file);
+
     // like any good daemon, return to '/' once the configuration is loaded
     chdir("/");
     return ret;
@@ -409,6 +413,7 @@ void free_uts_context(rfc3161_context *ct) {
     }
     free(ct->ts_ctx_pool);
     free(ct->ca_file);
+    free(ct->cert_file);
     NCONF_free(ct->conf);
     free(ct);
 }