summaryrefslogtreecommitdiff
path: root/src/usr.bin/nc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Plug TLS context leak in nc(1) server and client mode. Movebluhm2018-10-041-12/+10
| | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
* -T applies to ip6 too, apparently;jmc2018-09-251-4/+4
| | | | from nan xiao
* Declare strings passed to local_listen() as const. This makes itbluhm2018-09-071-3/+3
| | | | | consistent to remote_connect() and getaddrinfo(3). from Nan Xiao
* Do not close the socket twice in netcat.bluhm2018-09-061-5/+6
| | | | from Nan Xiao; OK tb@
* spelling;jmc2018-08-171-2/+2
|
* Make the wording more concise, use the imperative throughout, stateschwarze2018-08-171-108/+126
| | | | | | | more precisely which options require which other options, add many missing incompatibilities, mention the default for -e, and some macro cleanup. OK jmc@ tb@
* In typical swiss-army style, various modes and options causederaadt2018-08-101-1/+24
| | | | | different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@
* Clear password buffers in non-terminating casesderaadt2018-03-271-8/+11
| | | | ok tobias
* Remove the tls_init() call, since it is no longer necessary.jsing2018-03-191-3/+1
| | | | ok bcook@ beck@ inoguchi@
* Allow TLS ciphers and protocols to be specified for nc(1).jsing2017-11-282-41/+65
| | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
* Use a smaller buffer size too peek the receive data. The contentbluhm2017-10-241-5/+4
| | | | | | is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
* grammar was ass backwards;jmc2017-07-151-7/+7
|
* Add a "-T tlscompat" option to nc(1), which enables the use of all TLSjsing2017-07-152-5/+12
| | | | | | | | | | protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
* Continue the flattening of the pledge logic started in r1.184 and placetb2017-06-111-8/+8
| | | | | | a blank space somewhere else. suggested by and ok jsing
* Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace andtb2017-06-111-33/+35
| | | | | | | omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk
* If -P and -c were given, a second pledge call tried to add "rpath" to thetb2017-06-101-8/+5
| | | | | | | | | | | | first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk
* Fix gcc warnings triggered by WARNINGS=yes.bluhm2017-05-261-9/+9
| | | | OK florian@
* Implement nc -W recvlimit to terminate netcat after receiving abluhm2017-05-102-8/+28
| | | | | | number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
* Move comments into a block and uses {} to unconfuse reading.deraadt2017-04-161-12/+13
|
* - -Z before -z in options listjmc2017-04-052-7/+9
| | | | - add -Z to help and usage()
* Allow nc to save the peer certificate and chain in a pem file specifiedbeck2017-04-052-4/+39
| | | | | with -Z ok jsing@
* The netcat server did not print the correct TLS error message ifbluhm2017-03-091-2/+2
| | | | | | the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@
* When netcat was started with -Uz, the exit status was always 1. Ifbluhm2017-02-091-3/+4
| | | | | | the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@
* Document that -x can take an ipv6 address enclosed in square brackets.jca2017-02-091-2/+5
|
* When getaddrinfo fails, print the requested host and port.jca2017-02-091-2/+3
| | | | Should make debugging easier, especially when using -x literal_ipv6_address
* Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()bluhm2017-02-081-18/+8
| | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@
* Avoid double close(2) in netcat. After every call to readwrite()bluhm2017-02-081-13/+5
| | | | | there is already a close(2), so do not do it in readwrite(). OK beck@
* Due to non-blocking sockets, tls_handshake() could wait in a busybluhm2017-02-081-21/+42
| | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
* Support IPv6 proxy addressesjca2017-02-051-10/+24
| | | | ok beck@
* oscp -> ocsp;jmc2017-01-261-3/+3
| | | | from holger mikolon, plus one more in nc;
* Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)mestre2016-11-301-3/+6
| | | | | | and bail out in case of failure Feedback and OK jsing@
* tweak previous;jmc2016-11-061-3/+3
|
* rename tlslegacy to tlsall, and better describe what it does.beck2016-11-062-8/+8
| | | | ok jsing@
* zap trailing whitespace, and add -o to usage() and help (-h);jmc2016-11-052-6/+9
|
* Add support for server side OCSP stapling to libtls.beck2016-11-052-4/+19
| | | | Add support for server side OCSP stapling to netcat.
* new sentence, new line, and zap trailing whitespace;jmc2016-11-041-3/+4
|
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-042-6/+12
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* make OCSP_URL only show up when an OCSP url is actually present in the certbeck2016-11-031-2/+3
|
* Make OCSP Stapling: only appear if there is stapling info present.beck2016-11-031-5/+3
|
* Add OCSP client side support to libtls.beck2016-11-021-1/+37
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* squash some possibly-used-uninitialized warningsbcook2016-09-031-3/+3
|
* Let libtls load the CA, certificate and key files for nc(1), now that itjsing2016-08-131-22/+15
| | | | | | does this at the time the tls_config_set_*_file() function is called. ok bluhm@
* use the style from the man page examples for getaddrinfo, which makes ahalex2016-07-301-21/+19
| | | | | | bit more sense ok jung@ deraadt@
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* Revert previous since the libtls change has been reverted.jsing2016-07-071-16/+24
|
* Remove manual file loading (now that libtls does this for us) and adjustjsing2016-07-061-24/+16
| | | | | pledge to match. Also use tls_config_error() to provide friendlier error messages.
* do not uppercase "hop limit";jmc2016-07-021-4/+4
|
* Simplify IP proto-specific sockopt error handling.bcook2016-07-011-34/+26
| | | | | | | This makes error messages more specific and simplifies masking compatible sections for the portable version. ok beck@
* Add -M and -m options to specify the outgoing and incoming minimum TTLjca2016-06-282-9/+52
| | | | Req by and ok blumh@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 12:15:32 +0000