diff options
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/nc/netcat.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index 8c60fd1882..e3c9c939e2 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: netcat.c,v 1.229 2024/11/02 17:19:27 tb Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.234 2025/06/24 13:37:11 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
| 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
| @@ -108,6 +108,7 @@ char *tls_expectname; /* required name in peer cert */ | |||
| 108 | char *tls_expecthash; /* required hash of peer cert */ | 108 | char *tls_expecthash; /* required hash of peer cert */ |
| 109 | char *tls_ciphers; /* TLS ciphers */ | 109 | char *tls_ciphers; /* TLS ciphers */ |
| 110 | char *tls_protocols; /* TLS protocols */ | 110 | char *tls_protocols; /* TLS protocols */ |
| 111 | char *tls_alpn; /* TLS ALPN */ | ||
| 111 | FILE *Zflag; /* file to save peer cert */ | 112 | FILE *Zflag; /* file to save peer cert */ |
| 112 | 113 | ||
| 113 | int recvcount, recvlimit; | 114 | int recvcount, recvlimit; |
| @@ -190,6 +191,8 @@ main(int argc, char *argv[]) | |||
| 190 | socksv = -1; /* HTTP proxy CONNECT */ | 191 | socksv = -1; /* HTTP proxy CONNECT */ |
| 191 | else if (strcmp(optarg, "4") == 0) | 192 | else if (strcmp(optarg, "4") == 0) |
| 192 | socksv = 4; /* SOCKS v.4 */ | 193 | socksv = 4; /* SOCKS v.4 */ |
| 194 | else if (strcasecmp(optarg, "4A") == 0) | ||
| 195 | socksv = 44; /* SOCKS v.4A */ | ||
| 193 | else if (strcmp(optarg, "5") == 0) | 196 | else if (strcmp(optarg, "5") == 0) |
| 194 | socksv = 5; /* SOCKS v.5 */ | 197 | socksv = 5; /* SOCKS v.5 */ |
| 195 | else | 198 | else |
| @@ -532,6 +535,8 @@ main(int argc, char *argv[]) | |||
| 532 | errx(1, "%s", tls_config_error(tls_cfg)); | 535 | errx(1, "%s", tls_config_error(tls_cfg)); |
| 533 | if (tls_config_set_ciphers(tls_cfg, tls_ciphers) == -1) | 536 | if (tls_config_set_ciphers(tls_cfg, tls_ciphers) == -1) |
| 534 | errx(1, "%s", tls_config_error(tls_cfg)); | 537 | errx(1, "%s", tls_config_error(tls_cfg)); |
| 538 | if (tls_alpn != NULL && tls_config_set_alpn(tls_cfg, tls_alpn) == -1) | ||
| 539 | errx(1, "%s", tls_config_error(tls_cfg)); | ||
| 535 | if (!lflag && (TLSopt & TLS_CCERT)) | 540 | if (!lflag && (TLSopt & TLS_CCERT)) |
| 536 | errx(1, "clientcert is only valid with -l"); | 541 | errx(1, "clientcert is only valid with -l"); |
| 537 | if (TLSopt & TLS_NONAME) | 542 | if (TLSopt & TLS_NONAME) |
| @@ -1669,11 +1674,12 @@ process_tls_opt(char *s, int *flags) | |||
| 1669 | int flag; | 1674 | int flag; |
| 1670 | char **value; | 1675 | char **value; |
| 1671 | } *t, tlskeywords[] = { | 1676 | } *t, tlskeywords[] = { |
| 1677 | { "alpn", -1, &tls_alpn }, | ||
| 1672 | { "ciphers", -1, &tls_ciphers }, | 1678 | { "ciphers", -1, &tls_ciphers }, |
| 1673 | { "clientcert", TLS_CCERT, NULL }, | 1679 | { "clientcert", TLS_CCERT, NULL }, |
| 1674 | { "muststaple", TLS_MUSTSTAPLE, NULL }, | 1680 | { "muststaple", TLS_MUSTSTAPLE, NULL }, |
| 1675 | { "noverify", TLS_NOVERIFY, NULL }, | ||
| 1676 | { "noname", TLS_NONAME, NULL }, | 1681 | { "noname", TLS_NONAME, NULL }, |
| 1682 | { "noverify", TLS_NOVERIFY, NULL }, | ||
| 1677 | { "protocols", -1, &tls_protocols }, | 1683 | { "protocols", -1, &tls_protocols }, |
| 1678 | { NULL, -1, NULL }, | 1684 | { NULL, -1, NULL }, |
| 1679 | }; | 1685 | }; |
| @@ -1692,6 +1698,8 @@ process_tls_opt(char *s, int *flags) | |||
| 1692 | errx(1, "invalid tls value `%s'", s); | 1698 | errx(1, "invalid tls value `%s'", s); |
| 1693 | *t->value = v; | 1699 | *t->value = v; |
| 1694 | } else { | 1700 | } else { |
| 1701 | if (v != NULL) | ||
| 1702 | errx(1, "invalid tls value `%s'", s); | ||
| 1695 | *flags |= t->flag; | 1703 | *flags |= t->flag; |
| 1696 | } | 1704 | } |
| 1697 | return 1; | 1705 | return 1; |
| @@ -1718,7 +1726,7 @@ void | |||
| 1718 | report_tls(struct tls *tls_ctx, char *host) | 1726 | report_tls(struct tls *tls_ctx, char *host) |
| 1719 | { | 1727 | { |
| 1720 | time_t t; | 1728 | time_t t; |
| 1721 | const char *ocsp_url; | 1729 | const char *alpn_proto, *ocsp_url; |
| 1722 | 1730 | ||
| 1723 | fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n", | 1731 | fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n", |
| 1724 | tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host); | 1732 | tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host); |
| @@ -1770,6 +1778,8 @@ report_tls(struct tls *tls_ctx, char *host) | |||
| 1770 | tls_peer_ocsp_result(tls_ctx)); | 1778 | tls_peer_ocsp_result(tls_ctx)); |
| 1771 | break; | 1779 | break; |
| 1772 | } | 1780 | } |
| 1781 | if ((alpn_proto = tls_conn_alpn_selected(tls_ctx)) != NULL) | ||
| 1782 | fprintf(stderr, "Application Layer Protocol: %s\n", alpn_proto); | ||
| 1773 | } | 1783 | } |
| 1774 | 1784 | ||
| 1775 | void | 1785 | void |
| @@ -1842,7 +1852,7 @@ help(void) | |||
| 1842 | \t-v Verbose\n\ | 1852 | \t-v Verbose\n\ |
| 1843 | \t-W recvlimit Terminate after receiving a number of packets\n\ | 1853 | \t-W recvlimit Terminate after receiving a number of packets\n\ |
| 1844 | \t-w timeout Timeout for connects and final net reads\n\ | 1854 | \t-w timeout Timeout for connects and final net reads\n\ |
| 1845 | \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ | 1855 | \t-X proto Proxy protocol: \"4\", \"4A\", \"5\" (SOCKS) or \"connect\"\n\ |
| 1846 | \t-x addr[:port]\tSpecify proxy address and port\n\ | 1856 | \t-x addr[:port]\tSpecify proxy address and port\n\ |
| 1847 | \t-Z Peer certificate file\n\ | 1857 | \t-Z Peer certificate file\n\ |
| 1848 | \t-z Zero-I/O mode [used for scanning]\n\ | 1858 | \t-z Zero-I/O mode [used for scanning]\n\ |