| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Allow nc to save the peer certificate and chain in a pem file specified | beck | 2017-04-05 | 1 | -2/+32 | |
| | | | | | | with -Z ok jsing@ | |||||
| * | The netcat server did not print the correct TLS error message if | bluhm | 2017-03-09 | 1 | -2/+2 | |
| | | | | | | | the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@ | |||||
| * | When netcat was started with -Uz, the exit status was always 1. If | bluhm | 2017-02-09 | 1 | -3/+4 | |
| | | | | | | | the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@ | |||||
| * | When getaddrinfo fails, print the requested host and port. | jca | 2017-02-09 | 1 | -2/+3 | |
| | | | | | Should make debugging easier, especially when using -x literal_ipv6_address | |||||
| * | Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake() | bluhm | 2017-02-08 | 1 | -18/+8 | |
| | | | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@ | |||||
| * | Avoid double close(2) in netcat. After every call to readwrite() | bluhm | 2017-02-08 | 1 | -13/+5 | |
| | | | | | | there is already a close(2), so do not do it in readwrite(). OK beck@ | |||||
| * | Due to non-blocking sockets, tls_handshake() could wait in a busy | bluhm | 2017-02-08 | 1 | -21/+42 | |
| | | | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@ | |||||
| * | Support IPv6 proxy addresses | jca | 2017-02-05 | 1 | -10/+24 | |
| | | | | | ok beck@ | |||||
| * | Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3) | mestre | 2016-11-30 | 1 | -3/+6 | |
| | | | | | | | and bail out in case of failure Feedback and OK jsing@ | |||||
| * | rename tlslegacy to tlsall, and better describe what it does. | beck | 2016-11-06 | 1 | -4/+4 | |
| | | | | | ok jsing@ | |||||
| * | zap trailing whitespace, and add -o to usage() and help (-h); | jmc | 2016-11-05 | 1 | -3/+6 | |
| | | ||||||
| * | Add support for server side OCSP stapling to libtls. | beck | 2016-11-05 | 1 | -2/+10 | |
| | | | | | Add support for server side OCSP stapling to netcat. | |||||
| * | Add ocsp_require_stapling config option for tls - allows a connection | beck | 2016-11-04 | 1 | -1/+5 | |
| | | | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@ | |||||
| * | make OCSP_URL only show up when an OCSP url is actually present in the cert | beck | 2016-11-03 | 1 | -2/+3 | |
| | | ||||||
| * | Make OCSP Stapling: only appear if there is stapling info present. | beck | 2016-11-03 | 1 | -5/+3 | |
| | | ||||||
| * | Add OCSP client side support to libtls. | beck | 2016-11-02 | 1 | -1/+37 | |
| | | | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@ | |||||
| * | squash some possibly-used-uninitialized warnings | bcook | 2016-09-03 | 1 | -3/+3 | |
| | | ||||||
| * | Let libtls load the CA, certificate and key files for nc(1), now that it | jsing | 2016-08-13 | 1 | -22/+15 | |
| | | | | | | | does this at the time the tls_config_set_*_file() function is called. ok bluhm@ | |||||
| * | use the style from the man page examples for getaddrinfo, which makes a | halex | 2016-07-30 | 1 | -21/+19 | |
| | | | | | | | bit more sense ok jung@ deraadt@ | |||||
| * | Adjust existing tls_config_set_cipher() callers for TLS cipher group | jsing | 2016-07-13 | 1 | -2/+2 | |
| | | | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@ | |||||
| * | Revert previous since the libtls change has been reverted. | jsing | 2016-07-07 | 1 | -16/+24 | |
| | | ||||||
| * | Remove manual file loading (now that libtls does this for us) and adjust | jsing | 2016-07-06 | 1 | -24/+16 | |
| | | | | | | pledge to match. Also use tls_config_error() to provide friendlier error messages. | |||||
| * | Simplify IP proto-specific sockopt error handling. | bcook | 2016-07-01 | 1 | -34/+26 | |
| | | | | | | | | This makes error messages more specific and simplifies masking compatible sections for the portable version. ok beck@ | |||||
| * | Add -M and -m options to specify the outgoing and incoming minimum TTL | jca | 2016-06-28 | 1 | -7/+43 | |
| | | | | | Req by and ok blumh@ | |||||
| * | If an error path if close() is called, save errno so that original error | deraadt | 2016-06-28 | 1 | -5/+13 | |
| | | | | | | is shown by errx ok millert krw | |||||
| * | Be more careful initializing and tracking socket s through main, this is | deraadt | 2016-06-27 | 1 | -7/+6 | |
| | | | | | | so complicated that a future refactoring could easily in introduce a bug. ok millert krw | |||||
| * | Let netcat support the use of service names instead of port numbers. | beck | 2016-06-02 | 1 | -14/+30 | |
| | | | | | | based on a diff from Andras Farkas <deepbluemistake@gmail.com> ok deraadt@ | |||||
| * | Fix pledge violation with -P s used and we need to supply a password | beck | 2016-05-28 | 1 | -3/+12 | |
| | | | | | | | for an http proxy - we need tty in this case. Found and fixed by Anthony Coulter <bsd@anthonycoulter.name>. ok tb@ | |||||
| * | Fix nc -verbose mode when used on a unix domain socket. | beck | 2016-05-28 | 1 | -5/+11 | |
| | | | | | Noticed by and a modified version of fix from <attila@stalphonsos.com> | |||||
| * | Use the correct values for TLS certificate / private key flags. | bcook | 2016-01-04 | 1 | -5/+5 | |
| | | | | | fix from Andreas Bartelt <obsd at bartula.de> | |||||
| * | include time.h over sys/time.h for ctime(3) | bcook | 2015-12-28 | 1 | -2/+2 | |
| | | | | | ok beck@ | |||||
| * | Add missing colon after "Peer name" in verbose output. Mentioned on the | mmcc | 2015-12-17 | 1 | -2/+2 | |
| | | | | | lists recently. | |||||
| * | clean up some unused variables, and add the printing of the certificate validity | beck | 2015-12-16 | 1 | -4/+7 | |
| | | | | | | to the verbose output when using tls - from rob@2keys.ca ok mmcc@ jsing@ deraadt@ | |||||
| * | pledge nc better - Load the certificate into memory and then do the pledge, | beck | 2015-12-08 | 1 | -5/+21 | |
| | | | | | | this allows us to drop the rpath fromt the nc pledge. ok deraadt@, tedu@ | |||||
| * | Get rid of modulo bias and replace the naive shuffle by the | tb | 2015-12-07 | 1 | -20/+16 | |
| | | | | | | | | | Knuth-Fisher-Yates shuffle to make the random sequence of ports less biased. Based on the implementation in sys/netinet/ip_id.c. With helpful input from daniel@ and beck@ ok beck@ despite eye twitching | |||||
| * | rename variable 'sun' to allow building on Solaris | bcook | 2015-11-23 | 1 | -13/+13 | |
| | | | | | ok deraadt@ | |||||
| * | Since rtable was hoisted to the top with setrtable, it should have no | deraadt | 2015-11-13 | 1 | -10/+7 | |
| | | | | | | bearing on the following pledge setups anymore. ok benno | |||||
| * | with -V argument, dont set rtable on the socket, instead set if for the whole | benno | 2015-11-12 | 1 | -15/+4 | |
| | | | | | | | | | | process, before pledge(). This way the rtable can be pledged too. the discussion about removing -V is postponed. diff from beck@, i wrote the same diff without seeing his, and various people at u2k15 agreed this is the right thing to do. ok phessler@ | |||||
| * | KNF; from Rob Pierce | deraadt | 2015-11-01 | 1 | -3/+3 | |
| | | ||||||
| * | Initial pledge of netcat - unfortunately flawed because fiddling the rtableid | beck | 2015-10-23 | 1 | -1/+27 | |
| | | | | | | | | in a socket option can be pretty scary and there is no better interface for this. so if the -V option is used you get no pledge at all.. Otherwise, do what works for the various options. Still needs refinement for tls to drop rpath, and a better solution for the routing table stuff | |||||
| * | Userspace doesn't need to use SUN_LEN(): connect() and bind() must accept | guenther | 2015-10-11 | 1 | -8/+3 | |
| | | | | | | | sizeof(struct sockaddr_un), so do the simple, portable thing ok beck@ deraadt@ | |||||
| * | display negotiated TLS version and cipher suite in verbose mode. | beck | 2015-09-13 | 1 | -2/+3 | |
| | | | | | ok jsing@ | |||||
| * | Adapt to just committed libtls api change | beck | 2015-09-12 | 1 | -21/+14 | |
| | | ||||||
| * | use SOCK_CLOEXEC instead of fnctl; ok guenther beck jsing | deraadt | 2015-09-12 | 1 | -12/+16 | |
| | | ||||||
| * | fix previous; | jmc | 2015-09-12 | 1 | -10/+17 | |
| | | ||||||
| * | spaces found during a read | deraadt | 2015-09-11 | 1 | -19/+18 | |
| | | ||||||
| * | Add TLS suppport to nc. Provides a useful little test and script tool. | beck | 2015-09-11 | 1 | -38/+298 | |
| | | | | | ok jsing@ bluhm@ | |||||
| * | Netcat could hang during write(2) although poll(2) reports that the | bluhm | 2015-09-08 | 1 | -15/+6 | |
| | | | | | | | | | | socket is writeable. This happens because netcat tries to write more than the low water mark of the socket write buffer. With a non-blocking socket you may get a short write, otherwise it blocks. The latter could cause a total hang of the netcat process depending on the upper protocol. So make the network connection non-blocking. OK claudio@ millert@ | |||||
| * | synchronize synopsis and usage. | sobrado | 2015-09-03 | 1 | -2/+2 | |
| | | ||||||
| * | remove unused variable | chl | 2015-07-26 | 1 | -2/+2 | |
| | | | | | ok tedu@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |