summaryrefslogtreecommitdiff
path: root/src/usr.bin/nc/netcat.c
diff options
context:
space:
mode:
authorbeck <>2015-09-12 21:01:14 +0000
committerbeck <>2015-09-12 21:01:14 +0000
commitf94c94a04ea79651e6bb855c94e302b424643cb5 (patch)
treeb9b57c344d5e8f9e0a496c1cd10834de0484bf93 /src/usr.bin/nc/netcat.c
parent843b2711f954203e88a74d8355945a89c1ab90f1 (diff)
downloadopenbsd-f94c94a04ea79651e6bb855c94e302b424643cb5.tar.gz
openbsd-f94c94a04ea79651e6bb855c94e302b424643cb5.tar.bz2
openbsd-f94c94a04ea79651e6bb855c94e302b424643cb5.zip
Adapt to just committed libtls api change
Diffstat (limited to '')
-rw-r--r--src/usr.bin/nc/netcat.c35
1 files changed, 14 insertions, 21 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index e044be4f3d..165c3c9c80 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: netcat.c,v 1.136 2015/09/12 08:38:33 deraadt Exp $ */ 1/* $OpenBSD: netcat.c,v 1.137 2015/09/12 21:01:14 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> 3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
4 * Copyright (c) 2015 Bob Beck. All rights reserved. 4 * Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -109,7 +109,6 @@ char *Rflag = DEFAULT_CA_FILE; /* Root CA file */
109int tls_cachanged; /* Using non-default CA file */ 109int tls_cachanged; /* Using non-default CA file */
110int TLSopt; /* TLS options */ 110int TLSopt; /* TLS options */
111char *tls_expectname; /* required name in peer cert */ 111char *tls_expectname; /* required name in peer cert */
112char *tls_peerhash; /* hash of peer cert */
113char *tls_expecthash; /* required hash of peer cert */ 112char *tls_expecthash; /* required hash of peer cert */
114 113
115int timeout = -1; 114int timeout = -1;
@@ -617,7 +616,6 @@ main(int argc, char *argv[])
617 if (s) 616 if (s)
618 close(s); 617 close(s);
619 618
620 free(tls_peerhash);
621 tls_config_free(tls_cfg); 619 tls_config_free(tls_cfg);
622 620
623 exit(ret); 621 exit(ret);
@@ -671,12 +669,10 @@ tls_setup_client(struct tls *tls_ctx, int s, char *host)
671 errx(1, "tls handshake failed (%s)", 669 errx(1, "tls handshake failed (%s)",
672 tls_error(tls_ctx)); 670 tls_error(tls_ctx));
673 } while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT); 671 } while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
674 if (tls_peer_cert_hash(tls_ctx, &tls_peerhash) == -1)
675 errx(1, "hash of peer certificate failed");
676 if (vflag) 672 if (vflag)
677 report_tls(tls_ctx, host, tls_expectname); 673 report_tls(tls_ctx, host, tls_expectname);
678 if (tls_expecthash && tls_peerhash && 674 if (tls_expecthash && tls_peer_cert_hash(tls_ctx) &&
679 strcmp(tls_expecthash, tls_peerhash) != 0) 675 strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
680 errx(1, "peer certificate is not %s", tls_expecthash); 676 errx(1, "peer certificate is not %s", tls_expecthash);
681} 677}
682struct tls * 678struct tls *
@@ -701,14 +697,12 @@ tls_setup_server(struct tls *tls_ctx, int connfd, char *host)
701 if (tls_cctx) { 697 if (tls_cctx) {
702 int gotcert = tls_peer_cert_provided(tls_cctx); 698 int gotcert = tls_peer_cert_provided(tls_cctx);
703 699
704 if (gotcert && tls_peer_cert_hash(tls_cctx, &tls_peerhash) == -1)
705 warn("hash of peer certificate failed");
706 if (vflag && gotcert) 700 if (vflag && gotcert)
707 report_tls(tls_cctx, host, tls_expectname); 701 report_tls(tls_cctx, host, tls_expectname);
708 if ((TLSopt & TLS_CCERT) && !gotcert) 702 if ((TLSopt & TLS_CCERT) && !gotcert)
709 warnx("No client certificate provided"); 703 warnx("No client certificate provided");
710 else if (gotcert && tls_peerhash && tls_expecthash && 704 else if (gotcert && tls_peer_cert_hash(tls_ctx) && tls_expecthash &&
711 strcmp(tls_expecthash, tls_peerhash) != 0) 705 strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
712 warnx("peer certificate is not %s", tls_expecthash); 706 warnx("peer certificate is not %s", tls_expecthash);
713 else if (gotcert && tls_expectname && 707 else if (gotcert && tls_expectname &&
714 (!tls_peer_cert_contains_name(tls_cctx, tls_expectname))) 708 (!tls_peer_cert_contains_name(tls_cctx, tls_expectname)))
@@ -1454,19 +1448,18 @@ void
1454report_tls(struct tls * tls_ctx, char * host, char *tls_expectname) 1448report_tls(struct tls * tls_ctx, char * host, char *tls_expectname)
1455{ 1449{
1456 char *subject = NULL, *issuer = NULL; 1450 char *subject = NULL, *issuer = NULL;
1457 if (tls_peer_cert_subject(tls_ctx, &subject) == -1)
1458 errx(1, "unable to get certificate subject");
1459 if (tls_peer_cert_issuer(tls_ctx, &issuer) == -1)
1460 errx(1, "unable to get certificate issuer");
1461 fprintf(stderr, "TLS handshake completed with %s\n", host); 1451 fprintf(stderr, "TLS handshake completed with %s\n", host);
1462 fprintf(stderr, "Peer name %s\n", 1452 fprintf(stderr, "Peer name %s\n",
1463 tls_expectname ? tls_expectname : host); 1453 tls_expectname ? tls_expectname : host);
1464 if (subject) 1454 if (tls_peer_cert_subject(tls_ctx))
1465 fprintf(stderr, "Subject: %s\n", subject); 1455 fprintf(stderr, "Subject: %s\n",
1466 if (issuer) 1456 tls_peer_cert_subject(tls_ctx));
1467 fprintf(stderr, "Issuer: %s\n", issuer); 1457 if (tls_peer_cert_issuer(tls_ctx))
1468 if (tls_peerhash) 1458 fprintf(stderr, "Issuer: %s\n",
1469 fprintf(stderr, "Cert Hash: %s\n", tls_peerhash); 1459 tls_peer_cert_issuer(tls_ctx));
1460 if (tls_peer_cert_hash(tls_ctx))
1461 fprintf(stderr, "Cert Hash: %s\n",
1462 tls_peer_cert_hash(tls_ctx));
1470 free(subject); 1463 free(subject);
1471 free(issuer); 1464 free(issuer);
1472} 1465}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 07:21:22 +0000