| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Remove the tls_init() call, since it is no longer necessary. | jsing | 2018-03-19 | 1 | -3/+1 | |
| | | | | | ok bcook@ beck@ inoguchi@ | |||||
| * | Allow TLS ciphers and protocols to be specified for nc(1). | jsing | 2017-11-28 | 2 | -41/+65 | |
| | | | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page). | |||||
| * | Use a smaller buffer size too peek the receive data. The content | bluhm | 2017-10-24 | 1 | -5/+4 | |
| | | | | | | | is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@ | |||||
| * | grammar was ass backwards; | jmc | 2017-07-15 | 1 | -7/+7 | |
| | | ||||||
| * | Add a "-T tlscompat" option to nc(1), which enables the use of all TLS | jsing | 2017-07-15 | 2 | -5/+12 | |
| | | | | | | | | | | | protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@ | |||||
| * | Continue the flattening of the pledge logic started in r1.184 and place | tb | 2017-06-11 | 1 | -8/+8 | |
| | | | | | | | a blank space somewhere else. suggested by and ok jsing | |||||
| * | Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace and | tb | 2017-06-11 | 1 | -33/+35 | |
| | | | | | | | | omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk | |||||
| * | If -P and -c were given, a second pledge call tried to add "rpath" to the | tb | 2017-06-10 | 1 | -8/+5 | |
| | | | | | | | | | | | | | first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk | |||||
| * | Fix gcc warnings triggered by WARNINGS=yes. | bluhm | 2017-05-26 | 1 | -9/+9 | |
| | | | | | OK florian@ | |||||
| * | Implement nc -W recvlimit to terminate netcat after receiving a | bluhm | 2017-05-10 | 2 | -8/+28 | |
| | | | | | | | number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@ | |||||
| * | Move comments into a block and uses {} to unconfuse reading. | deraadt | 2017-04-16 | 1 | -12/+13 | |
| | | ||||||
| * | - -Z before -z in options list | jmc | 2017-04-05 | 2 | -7/+9 | |
| | | | | | - add -Z to help and usage() | |||||
| * | Allow nc to save the peer certificate and chain in a pem file specified | beck | 2017-04-05 | 2 | -4/+39 | |
| | | | | | | with -Z ok jsing@ | |||||
| * | The netcat server did not print the correct TLS error message if | bluhm | 2017-03-09 | 1 | -2/+2 | |
| | | | | | | | the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@ | |||||
| * | When netcat was started with -Uz, the exit status was always 1. If | bluhm | 2017-02-09 | 1 | -3/+4 | |
| | | | | | | | the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@ | |||||
| * | Document that -x can take an ipv6 address enclosed in square brackets. | jca | 2017-02-09 | 1 | -2/+5 | |
| | | ||||||
| * | When getaddrinfo fails, print the requested host and port. | jca | 2017-02-09 | 1 | -2/+3 | |
| | | | | | Should make debugging easier, especially when using -x literal_ipv6_address | |||||
| * | Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake() | bluhm | 2017-02-08 | 1 | -18/+8 | |
| | | | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@ | |||||
| * | Avoid double close(2) in netcat. After every call to readwrite() | bluhm | 2017-02-08 | 1 | -13/+5 | |
| | | | | | | there is already a close(2), so do not do it in readwrite(). OK beck@ | |||||
| * | Due to non-blocking sockets, tls_handshake() could wait in a busy | bluhm | 2017-02-08 | 1 | -21/+42 | |
| | | | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@ | |||||
| * | Support IPv6 proxy addresses | jca | 2017-02-05 | 1 | -10/+24 | |
| | | | | | ok beck@ | |||||
| * | oscp -> ocsp; | jmc | 2017-01-26 | 1 | -3/+3 | |
| | | | | | from holger mikolon, plus one more in nc; | |||||
| * | Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3) | mestre | 2016-11-30 | 1 | -3/+6 | |
| | | | | | | | and bail out in case of failure Feedback and OK jsing@ | |||||
| * | tweak previous; | jmc | 2016-11-06 | 1 | -3/+3 | |
| | | ||||||
| * | rename tlslegacy to tlsall, and better describe what it does. | beck | 2016-11-06 | 2 | -8/+8 | |
| | | | | | ok jsing@ | |||||
| * | zap trailing whitespace, and add -o to usage() and help (-h); | jmc | 2016-11-05 | 2 | -6/+9 | |
| | | ||||||
| * | Add support for server side OCSP stapling to libtls. | beck | 2016-11-05 | 2 | -4/+19 | |
| | | | | | Add support for server side OCSP stapling to netcat. | |||||
| * | new sentence, new line, and zap trailing whitespace; | jmc | 2016-11-04 | 1 | -3/+4 | |
| | | ||||||
| * | Add ocsp_require_stapling config option for tls - allows a connection | beck | 2016-11-04 | 2 | -6/+12 | |
| | | | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@ | |||||
| * | make OCSP_URL only show up when an OCSP url is actually present in the cert | beck | 2016-11-03 | 1 | -2/+3 | |
| | | ||||||
| * | Make OCSP Stapling: only appear if there is stapling info present. | beck | 2016-11-03 | 1 | -5/+3 | |
| | | ||||||
| * | Add OCSP client side support to libtls. | beck | 2016-11-02 | 1 | -1/+37 | |
| | | | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@ | |||||
| * | squash some possibly-used-uninitialized warnings | bcook | 2016-09-03 | 1 | -3/+3 | |
| | | ||||||
| * | Let libtls load the CA, certificate and key files for nc(1), now that it | jsing | 2016-08-13 | 1 | -22/+15 | |
| | | | | | | | does this at the time the tls_config_set_*_file() function is called. ok bluhm@ | |||||
| * | use the style from the man page examples for getaddrinfo, which makes a | halex | 2016-07-30 | 1 | -21/+19 | |
| | | | | | | | bit more sense ok jung@ deraadt@ | |||||
| * | Adjust existing tls_config_set_cipher() callers for TLS cipher group | jsing | 2016-07-13 | 1 | -2/+2 | |
| | | | | | | | | changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@ | |||||
| * | Revert previous since the libtls change has been reverted. | jsing | 2016-07-07 | 1 | -16/+24 | |
| | | ||||||
| * | Remove manual file loading (now that libtls does this for us) and adjust | jsing | 2016-07-06 | 1 | -24/+16 | |
| | | | | | | pledge to match. Also use tls_config_error() to provide friendlier error messages. | |||||
| * | do not uppercase "hop limit"; | jmc | 2016-07-02 | 1 | -4/+4 | |
| | | ||||||
| * | Simplify IP proto-specific sockopt error handling. | bcook | 2016-07-01 | 1 | -34/+26 | |
| | | | | | | | | This makes error messages more specific and simplifies masking compatible sections for the portable version. ok beck@ | |||||
| * | Add -M and -m options to specify the outgoing and incoming minimum TTL | jca | 2016-06-28 | 2 | -9/+52 | |
| | | | | | Req by and ok blumh@ | |||||
| * | If an error path if close() is called, save errno so that original error | deraadt | 2016-06-28 | 1 | -5/+13 | |
| | | | | | | is shown by errx ok millert krw | |||||
| * | Be more careful initializing and tracking socket s through main, this is | deraadt | 2016-06-27 | 1 | -7/+6 | |
| | | | | | | so complicated that a future refactoring could easily in introduce a bug. ok millert krw | |||||
| * | whitespace | deraadt | 2016-06-27 | 1 | -2/+2 | |
| | | ||||||
| * | Let netcat support the use of service names instead of port numbers. | beck | 2016-06-02 | 2 | -18/+34 | |
| | | | | | | based on a diff from Andras Farkas <deepbluemistake@gmail.com> ok deraadt@ | |||||
| * | Fix pledge violation with -P s used and we need to supply a password | beck | 2016-05-28 | 1 | -3/+12 | |
| | | | | | | | for an http proxy - we need tty in this case. Found and fixed by Anthony Coulter <bsd@anthonycoulter.name>. ok tb@ | |||||
| * | Fix nc -verbose mode when used on a unix domain socket. | beck | 2016-05-28 | 1 | -5/+11 | |
| | | | | | Noticed by and a modified version of fix from <attila@stalphonsos.com> | |||||
| * | Use the correct values for TLS certificate / private key flags. | bcook | 2016-01-04 | 1 | -5/+5 | |
| | | | | | fix from Andreas Bartelt <obsd at bartula.de> | |||||
| * | include time.h over sys/time.h for ctime(3) | bcook | 2015-12-28 | 1 | -2/+2 | |
| | | | | | ok beck@ | |||||
| * | Add missing colon after "Peer name" in verbose output. Mentioned on the | mmcc | 2015-12-17 | 1 | -2/+2 | |
| | | | | | lists recently. | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |