diff options
author | tb <> | 2025-06-24 13:37:11 +0000 |
---|---|---|
committer | tb <> | 2025-06-24 13:37:11 +0000 |
commit | 45839069bb2e3c5d62712a4865d5db67202cabc8 (patch) | |
tree | 172f03cff4359140eca271044595b50047079f65 /src | |
parent | f9050a65a4be5f1c1c32875fc3c4f32263423859 (diff) | |
download | openbsd-45839069bb2e3c5d62712a4865d5db67202cabc8.tar.gz openbsd-45839069bb2e3c5d62712a4865d5db67202cabc8.tar.bz2 openbsd-45839069bb2e3c5d62712a4865d5db67202cabc8.zip |
nc: add ALPN TLS option, so you can specify -T alpn=value
From David Leadbeater with a report_tls tweak by me
ok jsing
Diffstat (limited to 'src')
-rw-r--r-- | src/usr.bin/nc/netcat.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index 566c63bf31..e3c9c939e2 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: netcat.c,v 1.233 2025/06/24 13:27:28 tb Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.234 2025/06/24 13:37:11 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
@@ -108,6 +108,7 @@ char *tls_expectname; /* required name in peer cert */ | |||
108 | char *tls_expecthash; /* required hash of peer cert */ | 108 | char *tls_expecthash; /* required hash of peer cert */ |
109 | char *tls_ciphers; /* TLS ciphers */ | 109 | char *tls_ciphers; /* TLS ciphers */ |
110 | char *tls_protocols; /* TLS protocols */ | 110 | char *tls_protocols; /* TLS protocols */ |
111 | char *tls_alpn; /* TLS ALPN */ | ||
111 | FILE *Zflag; /* file to save peer cert */ | 112 | FILE *Zflag; /* file to save peer cert */ |
112 | 113 | ||
113 | int recvcount, recvlimit; | 114 | int recvcount, recvlimit; |
@@ -534,6 +535,8 @@ main(int argc, char *argv[]) | |||
534 | errx(1, "%s", tls_config_error(tls_cfg)); | 535 | errx(1, "%s", tls_config_error(tls_cfg)); |
535 | if (tls_config_set_ciphers(tls_cfg, tls_ciphers) == -1) | 536 | if (tls_config_set_ciphers(tls_cfg, tls_ciphers) == -1) |
536 | errx(1, "%s", tls_config_error(tls_cfg)); | 537 | errx(1, "%s", tls_config_error(tls_cfg)); |
538 | if (tls_alpn != NULL && tls_config_set_alpn(tls_cfg, tls_alpn) == -1) | ||
539 | errx(1, "%s", tls_config_error(tls_cfg)); | ||
537 | if (!lflag && (TLSopt & TLS_CCERT)) | 540 | if (!lflag && (TLSopt & TLS_CCERT)) |
538 | errx(1, "clientcert is only valid with -l"); | 541 | errx(1, "clientcert is only valid with -l"); |
539 | if (TLSopt & TLS_NONAME) | 542 | if (TLSopt & TLS_NONAME) |
@@ -1671,6 +1674,7 @@ process_tls_opt(char *s, int *flags) | |||
1671 | int flag; | 1674 | int flag; |
1672 | char **value; | 1675 | char **value; |
1673 | } *t, tlskeywords[] = { | 1676 | } *t, tlskeywords[] = { |
1677 | { "alpn", -1, &tls_alpn }, | ||
1674 | { "ciphers", -1, &tls_ciphers }, | 1678 | { "ciphers", -1, &tls_ciphers }, |
1675 | { "clientcert", TLS_CCERT, NULL }, | 1679 | { "clientcert", TLS_CCERT, NULL }, |
1676 | { "muststaple", TLS_MUSTSTAPLE, NULL }, | 1680 | { "muststaple", TLS_MUSTSTAPLE, NULL }, |
@@ -1722,7 +1726,7 @@ void | |||
1722 | report_tls(struct tls *tls_ctx, char *host) | 1726 | report_tls(struct tls *tls_ctx, char *host) |
1723 | { | 1727 | { |
1724 | time_t t; | 1728 | time_t t; |
1725 | const char *ocsp_url; | 1729 | const char *alpn_proto, *ocsp_url; |
1726 | 1730 | ||
1727 | fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n", | 1731 | fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n", |
1728 | tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host); | 1732 | tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host); |
@@ -1774,6 +1778,8 @@ report_tls(struct tls *tls_ctx, char *host) | |||
1774 | tls_peer_ocsp_result(tls_ctx)); | 1778 | tls_peer_ocsp_result(tls_ctx)); |
1775 | break; | 1779 | break; |
1776 | } | 1780 | } |
1781 | if ((alpn_proto = tls_conn_alpn_selected(tls_ctx)) != NULL) | ||
1782 | fprintf(stderr, "Application Layer Protocol: %s\n", alpn_proto); | ||
1777 | } | 1783 | } |
1778 | 1784 | ||
1779 | void | 1785 | void |