summaryrefslogtreecommitdiff
path: root/src/usr.bin (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix cast-pasto's in commentsguenther2017-10-071-3/+3
|
* Remove SSLv23 padding mode.jsing2017-08-282-7/+5
|
* Switch to -Werror with clang for libressl.doug2017-08-131-2/+2
| | | | | Discussed with beck@ and jsing@ ok beck@
* Remove NPN support - the -nextprotoneg options now become no-ops.jsing2017-08-124-113/+13
| | | | ok bcook@ beck@ doug@
* grammar was ass backwards;jmc2017-07-151-7/+7
|
* Add a "-T tlscompat" option to nc(1), which enables the use of all TLSjsing2017-07-152-5/+12
| | | | | | | | | | protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
* remove redundant variable declarations in Makefiles, since those arelibressl-v2.6.0espie2017-07-091-2/+1
| | | | | | the default. okay millert@
* Continue the flattening of the pledge logic started in r1.184 and placetb2017-06-111-8/+8
| | | | | | a blank space somewhere else. suggested by and ok jsing
* Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace andtb2017-06-111-33/+35
| | | | | | | omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk
* If -P and -c were given, a second pledge call tried to add "rpath" to thetb2017-06-101-8/+5
| | | | | | | | | | | | first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk
* Fix gcc warnings triggered by WARNINGS=yes.bluhm2017-05-261-9/+9
| | | | OK florian@
* typo: ket -> key.tb2017-05-161-3/+3
| | | | from "fenderq" on freenode via tj
* Implement nc -W recvlimit to terminate netcat after receiving abluhm2017-05-102-8/+28
| | | | | | number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
* simplify startdate/enddate validationbeck2017-05-081-27/+5
| | | | ok jsing@
* Limit -Werror to gcc4 as was done in libcrypto/libssl/libtls to avoidjsg2017-05-071-3/+7
| | | | | | failed builds with different compilers. ok jsing@
* Fix the ca command so that certs it generates have RFC5280 conformant time.beck2017-05-041-16/+56
| | | | Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>
* use freezero() instead of 4-line conditional explicit_bzero + freederaadt2017-04-184-28/+10
|
* Move comments into a block and uses {} to unconfuse reading.deraadt2017-04-161-12/+13
|
* - -Z before -z in options listjmc2017-04-052-7/+9
| | | | - add -Z to help and usage()
* Allow nc to save the peer certificate and chain in a pem file specifiedbeck2017-04-052-4/+39
| | | | | with -Z ok jsing@
* The netcat server did not print the correct TLS error message ifbluhm2017-03-091-2/+2
| | | | | | the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@
* When netcat was started with -Uz, the exit status was always 1. Ifbluhm2017-02-091-3/+4
| | | | | | the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@
* Document that -x can take an ipv6 address enclosed in square brackets.jca2017-02-091-2/+5
|
* When getaddrinfo fails, print the requested host and port.jca2017-02-091-2/+3
| | | | Should make debugging easier, especially when using -x literal_ipv6_address
* Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()bluhm2017-02-081-18/+8
| | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@
* Avoid double close(2) in netcat. After every call to readwrite()bluhm2017-02-081-13/+5
| | | | | there is already a close(2), so do not do it in readwrite(). OK beck@
* Due to non-blocking sockets, tls_handshake() could wait in a busybluhm2017-02-081-21/+42
| | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
* Support IPv6 proxy addressesjca2017-02-051-10/+24
| | | | ok beck@
* oscp -> ocsp;jmc2017-01-261-3/+3
| | | | from holger mikolon, plus one more in nc;
* Add a -groups option to openssl s_client, which allows supported EC curvesjsing2017-01-241-7/+17
| | | | | | to be specified as a colon separated list. ok beck@
* whitespacederaadt2017-01-212-5/+5
|
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-2039-77/+77
|
* fix pledge for openssl ocsp - we will need tty to ask for a cert pwbeck2017-01-201-2/+2
|
* fix openssl ocsp to not report sucess when the ocsp responder rejects usbeck2017-01-191-3/+3
| | | | ok deraadt@ krw@
* consistently spell ASN.1;jmc2017-01-031-12/+12
|
* Display details of the server ephemeral key, based on OpenSSL.jsing2016-12-303-3/+44
| | | | ok doug@
* Expand ASN1_ITEM_rptr macros here as well... used with NETSCAPE_X509 of alljsing2016-12-302-4/+4
| | | | things...
* Stop using M_PKCS12_* compatibility macros here as well.jsing2016-12-301-3/+3
|
* Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)mestre2016-11-301-3/+6
| | | | | | and bail out in case of failure Feedback and OK jsing@
* tweak previous;jmc2016-11-061-3/+3
|
* rename tlslegacy to tlsall, and better describe what it does.beck2016-11-062-8/+8
| | | | ok jsing@
* zap trailing whitespace, and add -o to usage() and help (-h);jmc2016-11-052-6/+9
|
* Add support for server side OCSP stapling to libtls.beck2016-11-052-4/+19
| | | | Add support for server side OCSP stapling to netcat.
* new sentence, new line, and zap trailing whitespace;jmc2016-11-041-3/+4
|
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-042-6/+12
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* make OCSP_URL only show up when an OCSP url is actually present in the certbeck2016-11-031-2/+3
|
* Make OCSP Stapling: only appear if there is stapling info present.beck2016-11-031-5/+3
|
* Add OCSP client side support to libtls.beck2016-11-021-1/+37
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
* typonaddy2016-10-061-3/+3
|
* trim STANDARDS; ok jsinglibressl-v2.5.0jmc2016-09-221-13/+1
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 22:01:31 +0000