summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2025-06-24 13:37:11 +0000
committertb <>2025-06-24 13:37:11 +0000
commit45839069bb2e3c5d62712a4865d5db67202cabc8 (patch)
tree172f03cff4359140eca271044595b50047079f65 /src
parentf9050a65a4be5f1c1c32875fc3c4f32263423859 (diff)
downloadopenbsd-45839069bb2e3c5d62712a4865d5db67202cabc8.tar.gz
openbsd-45839069bb2e3c5d62712a4865d5db67202cabc8.tar.bz2
openbsd-45839069bb2e3c5d62712a4865d5db67202cabc8.zip
nc: add ALPN TLS option, so you can specify -T alpn=value
From David Leadbeater with a report_tls tweak by me ok jsing
Diffstat (limited to 'src')
-rw-r--r--src/usr.bin/nc/netcat.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 566c63bf31..e3c9c939e2 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: netcat.c,v 1.233 2025/06/24 13:27:28 tb Exp $ */ 1/* $OpenBSD: netcat.c,v 1.234 2025/06/24 13:37:11 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> 3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
4 * Copyright (c) 2015 Bob Beck. All rights reserved. 4 * Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -108,6 +108,7 @@ char *tls_expectname; /* required name in peer cert */
108char *tls_expecthash; /* required hash of peer cert */ 108char *tls_expecthash; /* required hash of peer cert */
109char *tls_ciphers; /* TLS ciphers */ 109char *tls_ciphers; /* TLS ciphers */
110char *tls_protocols; /* TLS protocols */ 110char *tls_protocols; /* TLS protocols */
111char *tls_alpn; /* TLS ALPN */
111FILE *Zflag; /* file to save peer cert */ 112FILE *Zflag; /* file to save peer cert */
112 113
113int recvcount, recvlimit; 114int recvcount, recvlimit;
@@ -534,6 +535,8 @@ main(int argc, char *argv[])
534 errx(1, "%s", tls_config_error(tls_cfg)); 535 errx(1, "%s", tls_config_error(tls_cfg));
535 if (tls_config_set_ciphers(tls_cfg, tls_ciphers) == -1) 536 if (tls_config_set_ciphers(tls_cfg, tls_ciphers) == -1)
536 errx(1, "%s", tls_config_error(tls_cfg)); 537 errx(1, "%s", tls_config_error(tls_cfg));
538 if (tls_alpn != NULL && tls_config_set_alpn(tls_cfg, tls_alpn) == -1)
539 errx(1, "%s", tls_config_error(tls_cfg));
537 if (!lflag && (TLSopt & TLS_CCERT)) 540 if (!lflag && (TLSopt & TLS_CCERT))
538 errx(1, "clientcert is only valid with -l"); 541 errx(1, "clientcert is only valid with -l");
539 if (TLSopt & TLS_NONAME) 542 if (TLSopt & TLS_NONAME)
@@ -1671,6 +1674,7 @@ process_tls_opt(char *s, int *flags)
1671 int flag; 1674 int flag;
1672 char **value; 1675 char **value;
1673 } *t, tlskeywords[] = { 1676 } *t, tlskeywords[] = {
1677 { "alpn", -1, &tls_alpn },
1674 { "ciphers", -1, &tls_ciphers }, 1678 { "ciphers", -1, &tls_ciphers },
1675 { "clientcert", TLS_CCERT, NULL }, 1679 { "clientcert", TLS_CCERT, NULL },
1676 { "muststaple", TLS_MUSTSTAPLE, NULL }, 1680 { "muststaple", TLS_MUSTSTAPLE, NULL },
@@ -1722,7 +1726,7 @@ void
1722report_tls(struct tls *tls_ctx, char *host) 1726report_tls(struct tls *tls_ctx, char *host)
1723{ 1727{
1724 time_t t; 1728 time_t t;
1725 const char *ocsp_url; 1729 const char *alpn_proto, *ocsp_url;
1726 1730
1727 fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n", 1731 fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n",
1728 tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host); 1732 tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host);
@@ -1774,6 +1778,8 @@ report_tls(struct tls *tls_ctx, char *host)
1774 tls_peer_ocsp_result(tls_ctx)); 1778 tls_peer_ocsp_result(tls_ctx));
1775 break; 1779 break;
1776 } 1780 }
1781 if ((alpn_proto = tls_conn_alpn_selected(tls_ctx)) != NULL)
1782 fprintf(stderr, "Application Layer Protocol: %s\n", alpn_proto);
1777} 1783}
1778 1784
1779void 1785void
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-30 06:35:10 +0000