summaryrefslogtreecommitdiff
path: root/src/usr.bin/nc/netcat.c
diff options
context:
space:
mode:
authorjsing <>2017-07-15 17:27:39 +0000
committerjsing <>2017-07-15 17:27:39 +0000
commit9eaa4cb6e81813fe936e19a8268bea5bbff1076f (patch)
tree703ecdf262b5973e5d7a099cf012d0a0894b8e93 /src/usr.bin/nc/netcat.c
parentaf3b67bd96b09e3317ac761a44d87f718bc54020 (diff)
downloadopenbsd-9eaa4cb6e81813fe936e19a8268bea5bbff1076f.tar.gz
openbsd-9eaa4cb6e81813fe936e19a8268bea5bbff1076f.tar.bz2
openbsd-9eaa4cb6e81813fe936e19a8268bea5bbff1076f.zip
Add a "-T tlscompat" option to nc(1), which enables the use of all TLS
protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
Diffstat (limited to 'src/usr.bin/nc/netcat.c')
-rw-r--r--src/usr.bin/nc/netcat.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 0d972ee53e..ce55972a7c 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: netcat.c,v 1.186 2017/06/11 14:38:52 tb Exp $ */ 1/* $OpenBSD: netcat.c,v 1.187 2017/07/15 17:27:39 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> 3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
4 * Copyright (c) 2015 Bob Beck. All rights reserved. 4 * Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -73,6 +73,7 @@
73#define TLS_NONAME (1 << 3) 73#define TLS_NONAME (1 << 3)
74#define TLS_CCERT (1 << 4) 74#define TLS_CCERT (1 << 4)
75#define TLS_MUSTSTAPLE (1 << 5) 75#define TLS_MUSTSTAPLE (1 << 5)
76#define TLS_COMPAT (1 << 6)
76 77
77/* Command Line Options */ 78/* Command Line Options */
78int dflag; /* detached, no stdin */ 79int dflag; /* detached, no stdin */
@@ -401,6 +402,8 @@ main(int argc, char *argv[])
401 errx(1, "cannot use -c and -F"); 402 errx(1, "cannot use -c and -F");
402 if (TLSopt && !usetls) 403 if (TLSopt && !usetls)
403 errx(1, "you must specify -c to use TLS options"); 404 errx(1, "you must specify -c to use TLS options");
405 if ((TLSopt & (TLS_ALL|TLS_COMPAT)) == (TLS_ALL|TLS_COMPAT))
406 errx(1, "cannot use -T tlsall and -T tlscompat");
404 if (Cflag && !usetls) 407 if (Cflag && !usetls)
405 errx(1, "you must specify -c to use -C"); 408 errx(1, "you must specify -c to use -C");
406 if (Kflag && !usetls) 409 if (Kflag && !usetls)
@@ -494,11 +497,12 @@ main(int argc, char *argv[])
494 errx(1, "%s", tls_config_error(tls_cfg)); 497 errx(1, "%s", tls_config_error(tls_cfg));
495 if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1) 498 if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1)
496 errx(1, "%s", tls_config_error(tls_cfg)); 499 errx(1, "%s", tls_config_error(tls_cfg));
497 if (TLSopt & TLS_ALL) { 500 if (TLSopt & (TLS_ALL|TLS_COMPAT)) {
498 if (tls_config_set_protocols(tls_cfg, 501 if (tls_config_set_protocols(tls_cfg,
499 TLS_PROTOCOLS_ALL) != 0) 502 TLS_PROTOCOLS_ALL) != 0)
500 errx(1, "%s", tls_config_error(tls_cfg)); 503 errx(1, "%s", tls_config_error(tls_cfg));
501 if (tls_config_set_ciphers(tls_cfg, "all") != 0) 504 if (tls_config_set_ciphers(tls_cfg,
505 (TLSopt & TLS_ALL) ? "all" : "compat") != 0)
502 errx(1, "%s", tls_config_error(tls_cfg)); 506 errx(1, "%s", tls_config_error(tls_cfg));
503 } 507 }
504 if (!lflag && (TLSopt & TLS_CCERT)) 508 if (!lflag && (TLSopt & TLS_CCERT))
@@ -1565,6 +1569,7 @@ map_tls(char *s, int *val)
1565 { "noname", TLS_NONAME }, 1569 { "noname", TLS_NONAME },
1566 { "clientcert", TLS_CCERT}, 1570 { "clientcert", TLS_CCERT},
1567 { "muststaple", TLS_MUSTSTAPLE}, 1571 { "muststaple", TLS_MUSTSTAPLE},
1572 { "tlscompat", TLS_COMPAT },
1568 { NULL, -1 }, 1573 { NULL, -1 },
1569 }; 1574 };
1570 1575
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 20:50:59 +0000