diff options
| author | beck <> | 2015-09-12 21:01:14 +0000 |
|---|---|---|
| committer | beck <> | 2015-09-12 21:01:14 +0000 |
| commit | 807bfb8b08fa0aa5df3a8857b3a45cbbda96a873 (patch) | |
| tree | b9b57c344d5e8f9e0a496c1cd10834de0484bf93 | |
| parent | 597a9dc18b943498a3f42065e756e1b0a648987c (diff) | |
| download | openbsd-807bfb8b08fa0aa5df3a8857b3a45cbbda96a873.tar.gz openbsd-807bfb8b08fa0aa5df3a8857b3a45cbbda96a873.tar.bz2 openbsd-807bfb8b08fa0aa5df3a8857b3a45cbbda96a873.zip | |
Adapt to just committed libtls api change
| -rw-r--r-- | src/usr.bin/nc/netcat.c | 35 |
1 files changed, 14 insertions, 21 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index e044be4f3d..165c3c9c80 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: netcat.c,v 1.136 2015/09/12 08:38:33 deraadt Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.137 2015/09/12 21:01:14 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
| 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
| @@ -109,7 +109,6 @@ char *Rflag = DEFAULT_CA_FILE; /* Root CA file */ | |||
| 109 | int tls_cachanged; /* Using non-default CA file */ | 109 | int tls_cachanged; /* Using non-default CA file */ |
| 110 | int TLSopt; /* TLS options */ | 110 | int TLSopt; /* TLS options */ |
| 111 | char *tls_expectname; /* required name in peer cert */ | 111 | char *tls_expectname; /* required name in peer cert */ |
| 112 | char *tls_peerhash; /* hash of peer cert */ | ||
| 113 | char *tls_expecthash; /* required hash of peer cert */ | 112 | char *tls_expecthash; /* required hash of peer cert */ |
| 114 | 113 | ||
| 115 | int timeout = -1; | 114 | int timeout = -1; |
| @@ -617,7 +616,6 @@ main(int argc, char *argv[]) | |||
| 617 | if (s) | 616 | if (s) |
| 618 | close(s); | 617 | close(s); |
| 619 | 618 | ||
| 620 | free(tls_peerhash); | ||
| 621 | tls_config_free(tls_cfg); | 619 | tls_config_free(tls_cfg); |
| 622 | 620 | ||
| 623 | exit(ret); | 621 | exit(ret); |
| @@ -671,12 +669,10 @@ tls_setup_client(struct tls *tls_ctx, int s, char *host) | |||
| 671 | errx(1, "tls handshake failed (%s)", | 669 | errx(1, "tls handshake failed (%s)", |
| 672 | tls_error(tls_ctx)); | 670 | tls_error(tls_ctx)); |
| 673 | } while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT); | 671 | } while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT); |
| 674 | if (tls_peer_cert_hash(tls_ctx, &tls_peerhash) == -1) | ||
| 675 | errx(1, "hash of peer certificate failed"); | ||
| 676 | if (vflag) | 672 | if (vflag) |
| 677 | report_tls(tls_ctx, host, tls_expectname); | 673 | report_tls(tls_ctx, host, tls_expectname); |
| 678 | if (tls_expecthash && tls_peerhash && | 674 | if (tls_expecthash && tls_peer_cert_hash(tls_ctx) && |
| 679 | strcmp(tls_expecthash, tls_peerhash) != 0) | 675 | strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) |
| 680 | errx(1, "peer certificate is not %s", tls_expecthash); | 676 | errx(1, "peer certificate is not %s", tls_expecthash); |
| 681 | } | 677 | } |
| 682 | struct tls * | 678 | struct tls * |
| @@ -701,14 +697,12 @@ tls_setup_server(struct tls *tls_ctx, int connfd, char *host) | |||
| 701 | if (tls_cctx) { | 697 | if (tls_cctx) { |
| 702 | int gotcert = tls_peer_cert_provided(tls_cctx); | 698 | int gotcert = tls_peer_cert_provided(tls_cctx); |
| 703 | 699 | ||
| 704 | if (gotcert && tls_peer_cert_hash(tls_cctx, &tls_peerhash) == -1) | ||
| 705 | warn("hash of peer certificate failed"); | ||
| 706 | if (vflag && gotcert) | 700 | if (vflag && gotcert) |
| 707 | report_tls(tls_cctx, host, tls_expectname); | 701 | report_tls(tls_cctx, host, tls_expectname); |
| 708 | if ((TLSopt & TLS_CCERT) && !gotcert) | 702 | if ((TLSopt & TLS_CCERT) && !gotcert) |
| 709 | warnx("No client certificate provided"); | 703 | warnx("No client certificate provided"); |
| 710 | else if (gotcert && tls_peerhash && tls_expecthash && | 704 | else if (gotcert && tls_peer_cert_hash(tls_ctx) && tls_expecthash && |
| 711 | strcmp(tls_expecthash, tls_peerhash) != 0) | 705 | strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) |
| 712 | warnx("peer certificate is not %s", tls_expecthash); | 706 | warnx("peer certificate is not %s", tls_expecthash); |
| 713 | else if (gotcert && tls_expectname && | 707 | else if (gotcert && tls_expectname && |
| 714 | (!tls_peer_cert_contains_name(tls_cctx, tls_expectname))) | 708 | (!tls_peer_cert_contains_name(tls_cctx, tls_expectname))) |
| @@ -1454,19 +1448,18 @@ void | |||
| 1454 | report_tls(struct tls * tls_ctx, char * host, char *tls_expectname) | 1448 | report_tls(struct tls * tls_ctx, char * host, char *tls_expectname) |
| 1455 | { | 1449 | { |
| 1456 | char *subject = NULL, *issuer = NULL; | 1450 | char *subject = NULL, *issuer = NULL; |
| 1457 | if (tls_peer_cert_subject(tls_ctx, &subject) == -1) | ||
| 1458 | errx(1, "unable to get certificate subject"); | ||
| 1459 | if (tls_peer_cert_issuer(tls_ctx, &issuer) == -1) | ||
| 1460 | errx(1, "unable to get certificate issuer"); | ||
| 1461 | fprintf(stderr, "TLS handshake completed with %s\n", host); | 1451 | fprintf(stderr, "TLS handshake completed with %s\n", host); |
| 1462 | fprintf(stderr, "Peer name %s\n", | 1452 | fprintf(stderr, "Peer name %s\n", |
| 1463 | tls_expectname ? tls_expectname : host); | 1453 | tls_expectname ? tls_expectname : host); |
| 1464 | if (subject) | 1454 | if (tls_peer_cert_subject(tls_ctx)) |
| 1465 | fprintf(stderr, "Subject: %s\n", subject); | 1455 | fprintf(stderr, "Subject: %s\n", |
| 1466 | if (issuer) | 1456 | tls_peer_cert_subject(tls_ctx)); |
| 1467 | fprintf(stderr, "Issuer: %s\n", issuer); | 1457 | if (tls_peer_cert_issuer(tls_ctx)) |
| 1468 | if (tls_peerhash) | 1458 | fprintf(stderr, "Issuer: %s\n", |
| 1469 | fprintf(stderr, "Cert Hash: %s\n", tls_peerhash); | 1459 | tls_peer_cert_issuer(tls_ctx)); |
| 1460 | if (tls_peer_cert_hash(tls_ctx)) | ||
| 1461 | fprintf(stderr, "Cert Hash: %s\n", | ||
| 1462 | tls_peer_cert_hash(tls_ctx)); | ||
| 1470 | free(subject); | 1463 | free(subject); |
| 1471 | free(issuer); | 1464 | free(issuer); |
| 1472 | } | 1465 | } |