diff options
Diffstat (limited to 'src/usr.bin/nc/netcat.c')
| -rw-r--r-- | src/usr.bin/nc/netcat.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index cfc5a2363b..a224717c72 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: netcat.c,v 1.145 2015/12/07 02:38:54 tb Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.146 2015/12/08 15:33:33 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
| 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
| @@ -104,6 +104,12 @@ int tls_cachanged; /* Using non-default CA file */ | |||
| 104 | int TLSopt; /* TLS options */ | 104 | int TLSopt; /* TLS options */ |
| 105 | char *tls_expectname; /* required name in peer cert */ | 105 | char *tls_expectname; /* required name in peer cert */ |
| 106 | char *tls_expecthash; /* required hash of peer cert */ | 106 | char *tls_expecthash; /* required hash of peer cert */ |
| 107 | uint8_t *cacert; | ||
| 108 | size_t cacertlen; | ||
| 109 | uint8_t *privkey; | ||
| 110 | size_t privkeylen; | ||
| 111 | uint8_t *pubcert; | ||
| 112 | size_t pubcertlen; | ||
| 107 | 113 | ||
| 108 | int timeout = -1; | 114 | int timeout = -1; |
| 109 | int family = AF_UNSPEC; | 115 | int family = AF_UNSPEC; |
| @@ -421,16 +427,26 @@ main(int argc, char *argv[]) | |||
| 421 | } | 427 | } |
| 422 | 428 | ||
| 423 | if (usetls) { | 429 | if (usetls) { |
| 430 | if (Rflag && (cacert=tls_load_file(Rflag, &cacertlen, NULL)) == NULL) | ||
| 431 | errx(1, "unable to load root CA file %s", Rflag); | ||
| 432 | if (Cflag && (pubcert=tls_load_file(Rflag, &pubcertlen, NULL)) == NULL) | ||
| 433 | errx(1, "unable to load TLS certificate file %s", Cflag); | ||
| 434 | if (Kflag && (privkey=tls_load_file(Rflag, &privkeylen, NULL)) == NULL) | ||
| 435 | errx(1, "unable to load TLS key file %s", Kflag); | ||
| 436 | |||
| 437 | if (pledge("stdio inet dns", NULL) == -1) | ||
| 438 | err(1, "pledge"); | ||
| 439 | |||
| 424 | if (tls_init() == -1) | 440 | if (tls_init() == -1) |
| 425 | errx(1, "unable to initialize TLS"); | 441 | errx(1, "unable to initialize TLS"); |
| 426 | if ((tls_cfg = tls_config_new()) == NULL) | 442 | if ((tls_cfg = tls_config_new()) == NULL) |
| 427 | errx(1, "unable to allocate TLS config"); | 443 | errx(1, "unable to allocate TLS config"); |
| 428 | if (Cflag && (tls_config_set_cert_file(tls_cfg, Cflag) == -1)) | 444 | if (Rflag && tls_config_set_ca_mem(tls_cfg, cacert, cacertlen) == -1) |
| 445 | errx(1, "unable to set root CA file %s", Rflag); | ||
| 446 | if (Cflag && tls_config_set_cert_mem(tls_cfg, cacert, cacertlen) == -1) | ||
| 429 | errx(1, "unable to set TLS certificate file %s", Cflag); | 447 | errx(1, "unable to set TLS certificate file %s", Cflag); |
| 430 | if (Kflag && (tls_config_set_key_file(tls_cfg, Kflag) == -1)) | 448 | if (Kflag && tls_config_set_key_mem(tls_cfg, privkey, privkeylen) == -1) |
| 431 | errx(1, "unable to set TLS key file %s", Kflag); | 449 | errx(1, "unable to set TLS key file %s", Kflag); |
| 432 | if (Rflag && (tls_config_set_ca_file(tls_cfg, Rflag) == -1)) | ||
| 433 | errx(1, "unable to set root CA file %s", Rflag); | ||
| 434 | if (TLSopt & TLS_LEGACY) { | 450 | if (TLSopt & TLS_LEGACY) { |
| 435 | tls_config_set_protocols(tls_cfg, TLS_PROTOCOLS_ALL); | 451 | tls_config_set_protocols(tls_cfg, TLS_PROTOCOLS_ALL); |
| 436 | tls_config_set_ciphers(tls_cfg, "legacy"); | 452 | tls_config_set_ciphers(tls_cfg, "legacy"); |