summaryrefslogtreecommitdiff
path: root/src/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin')
-rw-r--r--src/usr.bin/nc/nc.112
-rw-r--r--src/usr.bin/nc/netcat.c6
2 files changed, 12 insertions, 6 deletions
diff --git a/src/usr.bin/nc/nc.1 b/src/usr.bin/nc/nc.1
index 8b7c92aa63..313ec1f19c 100644
--- a/src/usr.bin/nc/nc.1
+++ b/src/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: nc.1,v 1.74 2016/07/02 05:58:00 jmc Exp $ 1.\" $OpenBSD: nc.1,v 1.75 2016/11/04 05:13:13 beck Exp $
2.\" 2.\"
3.\" Copyright (c) 1996 David Sacerdote 3.\" Copyright (c) 1996 David Sacerdote
4.\" All rights reserved. 4.\" All rights reserved.
@@ -25,7 +25,7 @@
25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27.\" 27.\"
28.Dd $Mdocdate: July 2 2016 $ 28.Dd $Mdocdate: November 4 2016 $
29.Dt NC 1 29.Dt NC 1
30.Os 30.Os
31.Sh NAME 31.Sh NAME
@@ -229,10 +229,12 @@ which allows legacy TLS protocols;
229.Ar noverify , 229.Ar noverify ,
230which disables certificate verification; 230which disables certificate verification;
231.Ar noname , 231.Ar noname ,
232which disables certificate name checking; or 232which disables certificate name checking;
233.Ar clientcert , 233.Ar clientcert ,
234which requires a client certificate on incoming connections. 234which requires a client certificate on incoming connections; or
235It is illegal to specify TLS options if not using TLS. 235.Ar muststaple ,
236which requires the peer to provide a valid stapled OCSP response
237with the handshake. It is illegal to specify TLS options if not using TLS.
236.Pp 238.Pp
237For IPv4 TOS value 239For IPv4 TOS value
238.Ar keyword 240.Ar keyword
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 6b05b3fdf7..b71c0426dc 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: netcat.c,v 1.166 2016/11/03 15:54:39 beck Exp $ */ 1/* $OpenBSD: netcat.c,v 1.167 2016/11/04 05:13:13 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> 3 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
4 * Copyright (c) 2015 Bob Beck. All rights reserved. 4 * Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -71,6 +71,7 @@
71#define TLS_NOVERIFY (1 << 2) 71#define TLS_NOVERIFY (1 << 2)
72#define TLS_NONAME (1 << 3) 72#define TLS_NONAME (1 << 3)
73#define TLS_CCERT (1 << 4) 73#define TLS_CCERT (1 << 4)
74#define TLS_MUSTSTAPLE (1 << 5)
74 75
75/* Command Line Options */ 76/* Command Line Options */
76int dflag; /* detached, no stdin */ 77int dflag; /* detached, no stdin */
@@ -468,6 +469,8 @@ main(int argc, char *argv[])
468 "together"); 469 "together");
469 tls_config_insecure_noverifycert(tls_cfg); 470 tls_config_insecure_noverifycert(tls_cfg);
470 } 471 }
472 if (TLSopt & TLS_MUSTSTAPLE)
473 tls_config_ocsp_require_stapling(tls_cfg);
471 474
472 if (Pflag) { 475 if (Pflag) {
473 if (pledge("stdio inet dns tty", NULL) == -1) 476 if (pledge("stdio inet dns tty", NULL) == -1)
@@ -1502,6 +1505,7 @@ map_tls(char *s, int *val)
1502 { "noverify", TLS_NOVERIFY }, 1505 { "noverify", TLS_NOVERIFY },
1503 { "noname", TLS_NONAME }, 1506 { "noname", TLS_NONAME },
1504 { "clientcert", TLS_CCERT}, 1507 { "clientcert", TLS_CCERT},
1508 { "muststaple", TLS_MUSTSTAPLE},
1505 { NULL, -1 }, 1509 { NULL, -1 },
1506 }; 1510 };
1507 1511
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-27 04:03:20 +0000