summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* If the client provides a TLS certificate and the user specifies abluhm2020-01-071-5/+6
| | | | | | | | | | hash value on the nc(1) server command line, the netcat server must use the TLS context of the accepted socket for verification. As the listening socket was used instead, the verification was always successful. If the peer provides a certificate, there must be a hash. Make the hash verification fail safe. OK tb@
* The unveil(2) for nc -U -u -l was wrong. The server cannot unveilbluhm2020-01-061-4/+23
| | | | | | | the file system as it has to connect to the UNIX domain client socket. The path of the latter is determined dynamically. Instead add a restrictive pledge(2) after connect(2). OK tb@
* When using UNIX domain sockets, always call report_sock() with thebluhm2020-01-061-6/+10
| | | | | | path name of the socket. This avoids bad errors from getnameinfo(3). Use the same error check for both calls to getnameinfo(3). OK millert@ tb@
* Check CMS API return value in openssl(1) cmsinoguchi2020-01-041-11/+21
| | | | ok jsing@
* use "Currently" in the doc for "openssl enc" when talking about defaultsthen2019-12-181-2/+2
| | | | | md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@
* In January, the default digest used in the openssl enc command wastb2019-12-181-7/+4
| | | | | | | | changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc
* Add manual for openssl(1) cmsinoguchi2019-11-281-2/+518
| | | | ok and comments jmc@
* More return value check in openssl(1) cmsinoguchi2019-11-191-23/+29
| | | | | | Checking return value of sk_.*_new_null(). ok beck@ jsing@
* Add manual descriptions for openssl(1) req -addextinoguchi2019-11-191-2/+10
| | | | ok jmc@
* Remove typedef and check sk_push return value in openssl(1) cmsinoguchi2019-11-181-23/+33
| | | | | | | | - Remove typedef and use 'struct cms_key_param' instead - Check return value of sk_X509_push and sk_OPENSSL_STRING_push - Add a blank line to separate variable declarations from code comments from jsing@
* Add -keyopt opiton to openssl(1) cms subcommandinoguchi2019-11-181-8/+128
| | | | | | | This provides rsa_padding_mode:oaep for cms -encrypt, and rsa_padding_mode:pss for cms -sign. ok jsing@
* fail to usage if extra argv are presentderaadt2019-11-171-8/+4
| | | | noticed by jsing and beck, ok tedu
* refactor the nc pool loop to not shut down the socket early, andbeck2019-11-131-36/+64
| | | | | | | to handle tls_shutdown correctly if using TLS, doing tls_shutdown correctly if we are using the -N flag ok sthen@
* Check return value and remove unnecessary variableinoguchi2019-11-061-7/+7
| | | | | | | - Check NCONF_new() return value - Remove unnecessary 'i' comments from jsing@
* Add -addext option to openssl(1) req subcommandinoguchi2019-11-061-3/+133
| | | | | | First step of adding -addext option to openssl(1) req from OpenSSL 1.1.1d. ok jsing@
* Fix an out of bound read/write when using a proxy.millert2019-11-042-11/+21
| | | | From Lucas AT sexy DOT is. OK job@ kn@
* Indent labels for diffability.jsing2019-11-041-5/+5
|
* Remove spaces between * and variable names.jsing2019-11-041-25/+25
|
* Remove explicit NULL checks before *_free() calls.jsing2019-11-041-21/+14
|
* Hook openssl(1) cms back up.jsing2019-11-043-4/+8
|
* Currently we need to include pem.h before cms.h...jsing2019-11-041-2/+3
|
* Remove engine argument from load_cert() calls.jsing2019-11-041-8/+8
| | | | This was cleaned up after cms went to the attic.
* Bring openssl(1) cms back from the attic.jsing2019-11-041-0/+1142
|
* Service names are still resolved with -nkn2019-10-241-4/+4
| | | | | | | | | Just like pfctl(8)'s -N, this flag only avoid DNS; "nc -vz ::1 socks" still works. Fix documentation by copying pfctl's wording. OK deraadt
* Print IP address in verbose modejob2019-10-241-12/+34
| | | | OK kn@
* Revert previous, which works for -N case but causes regress failuresbeck2019-10-231-18/+1
| | | | | | | for tls, since the socket is shut down without calling tls_close(). Since nc appears to have a problem with this in other shutdown() cases I am simply going to bake a new diff for this. noticed by bluhm@.
* Fix -N flag to actually shut down the (entire) socket when the inputbeck2019-10-171-1/+18
| | | | | | | | | | | | | goes away. This allows for using nc in cases where the network server will no longer expect anything after eof, instead of hanging waiting for more input from our end. Additionaly, shut down if tls is in use if either side of the socket goes away, since we higher level TLS operations (tls_read and write) will require the socket to be both readable and writable as we can get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation. deraadt@ buying it. found by sthen@
* Avoid a path traversal bug in s_server on Windows.bcook2019-10-041-3/+3
| | | | | | | | openssl s_server has an arbitrary read vulnerability on Windows when run with the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to Jobert Abma for reporting. ok tb@
* the formatting for the mini synopses in this page did not render welljmc2019-10-041-115/+179
| | | | | | | on html or groff. the solution, to replace the non-standard .nr macros with a hang list, was provided by ingo - thanks! ok schwarze
* Remove unnecessary NULL check before free function in openssl(1) dgstinoguchi2019-08-301-11/+6
|
* Wrap lines over 80 cols and put space before goto label in openssl(1) dgstinoguchi2019-08-301-20/+30
|
* Simplify checking and more readable descriptions in openssl(1) dgstinoguchi2019-08-301-8/+8
| | | | suggested from jsing@
* Convert openssl(1) dgst to the newer style of option handlinginoguchi2019-08-301-99/+216
| | | | | | | | Adapt openssl(1) dgst command to new option handling. Added dgst_options struct and option handlers, and replaced for-if-strcmp handling with options_parse(). ok bcook@ jsing@
* added /* no filesystem visibility */ above unveil("/", "") since "" is too easymestre2019-08-081-1/+2
| | | | | | to misread. as per suggestion by and OK deraadt@
* Remove -port option from s_server since it is same as -acceptinoguchi2019-08-051-4/+3
| | | | ok schwarze@
* Make proxy auth work with http 1.1 speaking webservers.benno2019-07-291-2/+3
| | | | | Diff from Alexander Koeppe format_c -AT- online -DOT- de, thanks. ok deraadt@
* Moving variables into struct in openssl(1) dgstinoguchi2019-07-291-86/+99
| | | | | | | | First step to adapt openssl(1) dgst command to new option handling. There is no functional changes by this diff, and just moving variables into dgst_config struct. ok bcook@
* Code clean up openssl(1) pkcs12inoguchi2019-07-261-61/+86
| | | | | | - Add a space before 'export_end:' - Remove space after '*' - Wrap lines by 80 columns
* Remove unnecessary NULL checks before free in openssl(1) pkcs12inoguchi2019-07-261-14/+7
| | | | ok bcook@ tb@
* remove superfluous commentbcook2019-07-251-2/+1
|
* zero tmpkeyiv buffer after use when encryptingbcook2019-07-251-2/+4
| | | | from Steven Roberts
* Capitalize cipher name and mode in help message as sync with pkcs12inoguchi2019-07-242-20/+20
|
* Convert openssl(1) pkcs12 to the newer style of option handlinginoguchi2019-07-241-214/+409
| | | | | | | | Adapt openssl(1) pkcs12 command to new option handling. Added pkcs12_options struct, and replaced for-if-strcmp handling with options_parse(). ok and comments jsing@
* Moving variables into struct in openssl(1) pkcs12inoguchi2019-07-231-125/+136
| | | | | | | | | First step to adapt openssl(1) pkcs12 command to new option handling. There is no functional changes by this diff, and just moving variables into pkcs12_config struct. I still keep long lines more than 80 for this review to minimize diffs. ok jsing@ tb@
* Fix long line by wrapping with 80 charsinoguchi2019-07-161-6/+9
|
* Move option handlers up to option definition struct in gendsa.cinoguchi2019-07-161-53/+50
| | | | | As we did in other openssl sub command, move up option handlers above option definition struct. No functional changes and just move up and remove prototype.
* Fix typo and -keyform argument in openssl(1) manualinoguchi2019-07-161-6/+8
| | | | | | - s/outputed/outputted/ - s/trused/trusted/ - add der as argument and describe pem is the default
* Mark the initialized struct options arrays as both static and const.guenther2019-07-1434-71/+71
| | | | | | This moves them from .data to .data.rel.ro ok deraadt@ inoguchi@
* Fix manual openssl(1) s_serverinoguchi2019-07-121-18/+94
| | | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2, -keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache, -no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal, -status, -status_timeout, -status_url, -status_verbose, -timeout, -tlsextdebug, -use_srtp, -verify_return_error - Remove -hack, -psk and -psk_hint since not exist in source code. I didn't add these 5 options since these were no-op. -chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok and suggestions from jmc@
* Fix manual openssl(1) s_clientinoguchi2019-07-111-14/+80
| | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen, -legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass -port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp, -verify_return_error - Remove -psk and -psk_identity since not exist in source code. I didn't add these 4 options since these were no-op. -nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok jmc@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 13:54:02 +0000