aboutsummaryrefslogtreecommitdiff
path: root/patches/netcat.c.patch
diff options
context:
space:
mode:
authorBrent Cook <bcook@openbsd.org>2015-12-07 07:55:05 -0600
committerBrent Cook <bcook@openbsd.org>2015-12-07 07:55:05 -0600
commit1988b8f65e4bfa2c9fb1fa13316f3c22ec59d298 (patch)
treef27569fb259eca41fdda222fdaa919485b750e31 /patches/netcat.c.patch
parent905e2a3b8046e227bf02410def56b0c2535de14f (diff)
downloadportable-1988b8f65e4bfa2c9fb1fa13316f3c22ec59d298.tar.gz
portable-1988b8f65e4bfa2c9fb1fa13316f3c22ec59d298.tar.bz2
portable-1988b8f65e4bfa2c9fb1fa13316f3c22ec59d298.zip
fixup cert.pem path override for libtls, add for nc(1)
this also fixes the formatting of help for nc(1)
Diffstat (limited to 'patches/netcat.c.patch')
-rw-r--r--patches/netcat.c.patch61
1 files changed, 42 insertions, 19 deletions
diff --git a/patches/netcat.c.patch b/patches/netcat.c.patch
index d914231..86cd9ae 100644
--- a/patches/netcat.c.patch
+++ b/patches/netcat.c.patch
@@ -1,5 +1,5 @@
1--- apps/nc/netcat.c.orig Sun Dec 6 22:05:45 2015 1--- apps/nc/netcat.c.orig Sun Dec 6 22:05:45 2015
2+++ apps/nc/netcat.c Sun Dec 6 23:23:15 2015 2+++ apps/nc/netcat.c Mon Dec 7 07:52:00 2015
3@@ -57,6 +57,10 @@ 3@@ -57,6 +57,10 @@
4 #include <tls.h> 4 #include <tls.h>
5 #include "atomicio.h" 5 #include "atomicio.h"
@@ -11,7 +11,17 @@
11 #define PORT_MAX 65535 11 #define PORT_MAX 65535
12 #define UNIX_DG_TMP_SOCKET_SIZE 19 12 #define UNIX_DG_TMP_SOCKET_SIZE 19
13 13
14@@ -92,9 +96,13 @@ 14@@ -65,7 +69,9 @@
15 #define POLL_NETIN 2
16 #define POLL_STDOUT 3
17 #define BUFSIZE 16384
18+#ifndef DEFAULT_CA_FILE
19 #define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
20+#endif
21
22 #define TLS_LEGACY (1 << 1)
23 #define TLS_NOVERIFY (1 << 2)
24@@ -92,9 +98,13 @@
15 int Dflag; /* sodebug */ 25 int Dflag; /* sodebug */
16 int Iflag; /* TCP receive buffer size */ 26 int Iflag; /* TCP receive buffer size */
17 int Oflag; /* TCP send buffer size */ 27 int Oflag; /* TCP send buffer size */
@@ -25,7 +35,7 @@
25 35
26 int usetls; /* use TLS */ 36 int usetls; /* use TLS */
27 char *Cflag; /* Public cert file */ 37 char *Cflag; /* Public cert file */
28@@ -144,7 +152,7 @@ 38@@ -144,7 +154,7 @@
29 struct servent *sv; 39 struct servent *sv;
30 socklen_t len; 40 socklen_t len;
31 struct sockaddr_storage cliaddr; 41 struct sockaddr_storage cliaddr;
@@ -34,7 +44,7 @@
34 const char *errstr, *proxyhost = "", *proxyport = NULL; 44 const char *errstr, *proxyhost = "", *proxyport = NULL;
35 struct addrinfo proxyhints; 45 struct addrinfo proxyhints;
36 char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; 46 char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
37@@ -245,12 +253,14 @@ 47@@ -245,12 +255,14 @@
38 case 'u': 48 case 'u':
39 uflag = 1; 49 uflag = 1;
40 break; 50 break;
@@ -49,7 +59,7 @@
49 case 'v': 59 case 'v':
50 vflag = 1; 60 vflag = 1;
51 break; 61 break;
52@@ -283,9 +293,11 @@ 62@@ -283,9 +295,11 @@
53 errx(1, "TCP send window %s: %s", 63 errx(1, "TCP send window %s: %s",
54 errstr, optarg); 64 errstr, optarg);
55 break; 65 break;
@@ -61,7 +71,7 @@
61 case 'T': 71 case 'T':
62 errstr = NULL; 72 errstr = NULL;
63 errno = 0; 73 errno = 0;
64@@ -309,9 +321,11 @@ 74@@ -309,9 +323,11 @@
65 argc -= optind; 75 argc -= optind;
66 argv += optind; 76 argv += optind;
67 77
@@ -73,7 +83,19 @@
73 83
74 if (family == AF_UNIX) { 84 if (family == AF_UNIX) {
75 if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) 85 if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
76@@ -791,7 +805,10 @@ 86@@ -444,7 +460,10 @@
87 errx(1, "-H and -T noverify may not be used"
88 "together");
89 tls_config_insecure_noverifycert(tls_cfg);
90- }
91+ } else {
92+ if (Rflag && access(Rflag, R_OK) == -1)
93+ errx(1, "unable to find root CA file %s", Rflag);
94+ }
95 }
96 if (lflag) {
97 struct tls *tls_cctx = NULL;
98@@ -791,7 +810,10 @@
77 remote_connect(const char *host, const char *port, struct addrinfo hints) 99 remote_connect(const char *host, const char *port, struct addrinfo hints)
78 { 100 {
79 struct addrinfo *res, *res0; 101 struct addrinfo *res, *res0;
@@ -85,7 +107,7 @@
85 107
86 if ((error = getaddrinfo(host, port, &hints, &res))) 108 if ((error = getaddrinfo(host, port, &hints, &res)))
87 errx(1, "getaddrinfo: %s", gai_strerror(error)); 109 errx(1, "getaddrinfo: %s", gai_strerror(error));
88@@ -806,8 +823,10 @@ 110@@ -806,8 +828,10 @@
89 if (sflag || pflag) { 111 if (sflag || pflag) {
90 struct addrinfo ahints, *ares; 112 struct addrinfo ahints, *ares;
91 113
@@ -96,7 +118,7 @@
96 memset(&ahints, 0, sizeof(struct addrinfo)); 118 memset(&ahints, 0, sizeof(struct addrinfo));
97 ahints.ai_family = res0->ai_family; 119 ahints.ai_family = res0->ai_family;
98 ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; 120 ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
99@@ -876,7 +895,10 @@ 121@@ -876,7 +900,10 @@
100 local_listen(char *host, char *port, struct addrinfo hints) 122 local_listen(char *host, char *port, struct addrinfo hints)
101 { 123 {
102 struct addrinfo *res, *res0; 124 struct addrinfo *res, *res0;
@@ -108,7 +130,7 @@
108 int error; 130 int error;
109 131
110 /* Allow nodename to be null. */ 132 /* Allow nodename to be null. */
111@@ -898,9 +920,11 @@ 133@@ -898,9 +925,11 @@
112 res0->ai_protocol)) < 0) 134 res0->ai_protocol)) < 0)
113 continue; 135 continue;
114 136
@@ -120,7 +142,7 @@
120 142
121 set_common_sockopts(s, res0->ai_family); 143 set_common_sockopts(s, res0->ai_family);
122 144
123@@ -1340,11 +1364,13 @@ 145@@ -1340,11 +1369,13 @@
124 { 146 {
125 int x = 1; 147 int x = 1;
126 148
@@ -134,29 +156,30 @@
134 if (Dflag) { 156 if (Dflag) {
135 if (setsockopt(s, SOL_SOCKET, SO_DEBUG, 157 if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
136 &x, sizeof(x)) == -1) 158 &x, sizeof(x)) == -1)
137@@ -1519,15 +1545,19 @@ 159@@ -1519,14 +1550,22 @@
138 \t-P proxyuser\tUsername for proxy authentication\n\ 160 \t-P proxyuser\tUsername for proxy authentication\n\
139 \t-p port\t Specify local port for remote connects\n\ 161 \t-p port\t Specify local port for remote connects\n\
140 \t-R CAfile CA bundle\n\ 162 \t-R CAfile CA bundle\n\
141- \t-r Randomize remote ports\n\ 163- \t-r Randomize remote ports\n\
142- \t-S Enable the TCP MD5 signature option\n\ 164- \t-S Enable the TCP MD5 signature option\n\
143- \t-s source Local source address\n\
144+ \t-r Randomize remote ports\n" 165+ \t-r Randomize remote ports\n"
145+#ifdef TCP_MD5SIG 166+#ifdef TCP_MD5SIG
146+ "\t-S Enable the TCP MD5 signature option\n" 167+ "\
168+ \t-S Enable the TCP MD5 signature option\n"
147+#endif 169+#endif
148+ "\t-s source Local source address\n\ 170+ "\
171 \t-s source Local source address\n\
149 \t-T keyword TOS value or TLS options\n\ 172 \t-T keyword TOS value or TLS options\n\
150 \t-t Answer TELNET negotiation\n\ 173 \t-t Answer TELNET negotiation\n\
151 \t-U Use UNIX domain socket\n\ 174 \t-U Use UNIX domain socket\n\
152- \t-u UDP mode\n\ 175- \t-u UDP mode\n\
153- \t-V rtable Specify alternate routing table\n\ 176- \t-V rtable Specify alternate routing table\n\
154- \t-v Verbose\n\
155+ \t-u UDP mode\n" 177+ \t-u UDP mode\n"
156+#ifdef SO_RTABLE 178+#ifdef SO_RTABLE
157+ "\t-V rtable Specify alternate routing table\n" 179+ "\
180+ \t-V rtable Specify alternate routing table\n"
158+#endif 181+#endif
159+ "\t-v Verbose\n\ 182+ "\
183 \t-v Verbose\n\
160 \t-w timeout Timeout for connects and final net reads\n\ 184 \t-w timeout Timeout for connects and final net reads\n\
161 \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ 185 \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
162 \t-x addr[:port]\tSpecify proxy address and port\n\