summaryrefslogtreecommitdiff
path: root/src/usr.bin/nc (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Document that -x can take an ipv6 address enclosed in square brackets.jca2017-02-091-2/+5
|
* When getaddrinfo fails, print the requested host and port.jca2017-02-091-2/+3
| | | | Should make debugging easier, especially when using -x literal_ipv6_address
* Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()bluhm2017-02-081-18/+8
| | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@
* Avoid double close(2) in netcat. After every call to readwrite()bluhm2017-02-081-13/+5
| | | | | there is already a close(2), so do not do it in readwrite(). OK beck@
* Due to non-blocking sockets, tls_handshake() could wait in a busybluhm2017-02-081-21/+42
| | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
* Support IPv6 proxy addressesjca2017-02-051-10/+24
| | | | ok beck@
* oscp -> ocsp;jmc2017-01-261-3/+3
| | | | from holger mikolon, plus one more in nc;
* Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)mestre2016-11-301-3/+6
| | | | | | and bail out in case of failure Feedback and OK jsing@
* tweak previous;jmc2016-11-061-3/+3
|
* rename tlslegacy to tlsall, and better describe what it does.beck2016-11-062-8/+8
| | | | ok jsing@
* zap trailing whitespace, and add -o to usage() and help (-h);jmc2016-11-052-6/+9
|
* Add support for server side OCSP stapling to libtls.beck2016-11-052-4/+19
| | | | Add support for server side OCSP stapling to netcat.
* new sentence, new line, and zap trailing whitespace;jmc2016-11-041-3/+4
|
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-042-6/+12
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* make OCSP_URL only show up when an OCSP url is actually present in the certbeck2016-11-031-2/+3
|
* Make OCSP Stapling: only appear if there is stapling info present.beck2016-11-031-5/+3
|
* Add OCSP client side support to libtls.beck2016-11-021-1/+37
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* squash some possibly-used-uninitialized warningsbcook2016-09-031-3/+3
|
* Let libtls load the CA, certificate and key files for nc(1), now that itjsing2016-08-131-22/+15
| | | | | | does this at the time the tls_config_set_*_file() function is called. ok bluhm@
* use the style from the man page examples for getaddrinfo, which makes ahalex2016-07-301-21/+19
| | | | | | bit more sense ok jung@ deraadt@
* Adjust existing tls_config_set_cipher() callers for TLS cipher groupjsing2016-07-131-2/+2
| | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
* Revert previous since the libtls change has been reverted.jsing2016-07-071-16/+24
|
* Remove manual file loading (now that libtls does this for us) and adjustjsing2016-07-061-24/+16
| | | | | pledge to match. Also use tls_config_error() to provide friendlier error messages.
* do not uppercase "hop limit";jmc2016-07-021-4/+4
|
* Simplify IP proto-specific sockopt error handling.bcook2016-07-011-34/+26
| | | | | | | This makes error messages more specific and simplifies masking compatible sections for the portable version. ok beck@
* Add -M and -m options to specify the outgoing and incoming minimum TTLjca2016-06-282-9/+52
| | | | Req by and ok blumh@
* If an error path if close() is called, save errno so that original errorderaadt2016-06-281-5/+13
| | | | | is shown by errx ok millert krw
* Be more careful initializing and tracking socket s through main, this isderaadt2016-06-271-7/+6
| | | | | so complicated that a future refactoring could easily in introduce a bug. ok millert krw
* whitespacederaadt2016-06-271-2/+2
|
* Let netcat support the use of service names instead of port numbers.beck2016-06-022-18/+34
| | | | | based on a diff from Andras Farkas <deepbluemistake@gmail.com> ok deraadt@
* Fix pledge violation with -P s used and we need to supply a passwordbeck2016-05-281-3/+12
| | | | | | for an http proxy - we need tty in this case. Found and fixed by Anthony Coulter <bsd@anthonycoulter.name>. ok tb@
* Fix nc -verbose mode when used on a unix domain socket.beck2016-05-281-5/+11
| | | | Noticed by and a modified version of fix from <attila@stalphonsos.com>
* Use the correct values for TLS certificate / private key flags.bcook2016-01-041-5/+5
| | | | fix from Andreas Bartelt <obsd at bartula.de>
* include time.h over sys/time.h for ctime(3)bcook2015-12-281-2/+2
| | | | ok beck@
* Add missing colon after "Peer name" in verbose output. Mentioned on themmcc2015-12-171-2/+2
| | | | lists recently.
* clean up some unused variables, and add the printing of the certificate validitybeck2015-12-161-4/+7
| | | | | to the verbose output when using tls - from rob@2keys.ca ok mmcc@ jsing@ deraadt@
* Specify SOCKS version in error messages. ok deraadt@mmcc2015-12-101-3/+3
|
* Map SOCKS error codes to error strings. With input from deraadt@mmcc2015-12-101-5/+61
|
* pledge nc better - Load the certificate into memory and then do the pledge,beck2015-12-081-5/+21
| | | | | this allows us to drop the rpath fromt the nc pledge. ok deraadt@, tedu@
* Get rid of modulo bias and replace the naive shuffle by thetb2015-12-071-20/+16
| | | | | | | | Knuth-Fisher-Yates shuffle to make the random sequence of ports less biased. Based on the implementation in sys/netinet/ip_id.c. With helpful input from daniel@ and beck@ ok beck@ despite eye twitching
* rename variable 'sun' to allow building on Solarisbcook2015-11-231-13/+13
| | | | ok deraadt@
* Since rtable was hoisted to the top with setrtable, it should have noderaadt2015-11-131-10/+7
| | | | | bearing on the following pledge setups anymore. ok benno
* with -V argument, dont set rtable on the socket, instead set if for the wholebenno2015-11-121-15/+4
| | | | | | | | | process, before pledge(). This way the rtable can be pledged too. the discussion about removing -V is postponed. diff from beck@, i wrote the same diff without seeing his, and various people at u2k15 agreed this is the right thing to do. ok phessler@
* KNF; from Rob Piercederaadt2015-11-011-3/+3
|
* Initial pledge of netcat - unfortunately flawed because fiddling the rtableidbeck2015-10-231-1/+27
| | | | | | | in a socket option can be pretty scary and there is no better interface for this. so if the -V option is used you get no pledge at all.. Otherwise, do what works for the various options. Still needs refinement for tls to drop rpath, and a better solution for the routing table stuff
* Userspace doesn't need to use SUN_LEN(): connect() and bind() must acceptguenther2015-10-111-8/+3
| | | | | | sizeof(struct sockaddr_un), so do the simple, portable thing ok beck@ deraadt@
* avoid trailing .Ns, reduce .Xo and .Sm, drop redundant .Bkschwarze2015-09-251-12/+4
|
* display negotiated TLS version and cipher suite in verbose mode.beck2015-09-131-2/+3
| | | | ok jsing@
* Adapt to just committed libtls api changebeck2015-09-121-21/+14
|
* use SOCK_CLOEXEC instead of fnctl; ok guenther beck jsingderaadt2015-09-121-12/+16
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 00:15:01 +0000