diff options
author | Brent Cook <bcook@openbsd.org> | 2016-08-13 11:42:21 -0500 |
---|---|---|
committer | Brent Cook <bcook@openbsd.org> | 2016-08-13 11:42:21 -0500 |
commit | 9e25f75800c9077ab031ecf689bd35132c038546 (patch) | |
tree | 936fc47a01726d051ceaf1a32cfdf23dc7d23614 /patches/netcat.c.patch | |
parent | 36aafbb2410a9a0da0c83c32499d3dcb6e5d2025 (diff) | |
download | portable-9e25f75800c9077ab031ecf689bd35132c038546.tar.gz portable-9e25f75800c9077ab031ecf689bd35132c038546.tar.bz2 portable-9e25f75800c9077ab031ecf689bd35132c038546.zip |
remove DEFAULT_CA_FILE patch, since libtls handles this by default
Diffstat (limited to 'patches/netcat.c.patch')
-rw-r--r-- | patches/netcat.c.patch | 50 |
1 files changed, 14 insertions, 36 deletions
diff --git a/patches/netcat.c.patch b/patches/netcat.c.patch index 19154a3..89a4e43 100644 --- a/patches/netcat.c.patch +++ b/patches/netcat.c.patch | |||
@@ -1,16 +1,6 @@ | |||
1 | --- apps/nc/netcat.c.orig Thu Jun 30 19:56:49 2016 | 1 | --- apps/nc/netcat.c.orig Thu Jul 7 07:25:23 2016 |
2 | +++ apps/nc/netcat.c Thu Jun 30 19:59:09 2016 | 2 | +++ apps/nc/netcat.c Thu Jul 7 07:25:37 2016 |
3 | @@ -65,7 +65,9 @@ | 3 | @@ -91,9 +91,13 @@ |
4 | #define POLL_NETIN 2 | ||
5 | #define POLL_STDOUT 3 | ||
6 | #define BUFSIZE 16384 | ||
7 | +#ifndef DEFAULT_CA_FILE | ||
8 | #define DEFAULT_CA_FILE "/etc/ssl/cert.pem" | ||
9 | +#endif | ||
10 | |||
11 | #define TLS_LEGACY (1 << 1) | ||
12 | #define TLS_NOVERIFY (1 << 2) | ||
13 | @@ -92,9 +94,13 @@ | ||
14 | int Dflag; /* sodebug */ | 4 | int Dflag; /* sodebug */ |
15 | int Iflag; /* TCP receive buffer size */ | 5 | int Iflag; /* TCP receive buffer size */ |
16 | int Oflag; /* TCP send buffer size */ | 6 | int Oflag; /* TCP send buffer size */ |
@@ -24,7 +14,7 @@ | |||
24 | 14 | ||
25 | int usetls; /* use TLS */ | 15 | int usetls; /* use TLS */ |
26 | char *Cflag; /* Public cert file */ | 16 | char *Cflag; /* Public cert file */ |
27 | @@ -152,7 +158,7 @@ | 17 | @@ -145,7 +149,7 @@ |
28 | struct servent *sv; | 18 | struct servent *sv; |
29 | socklen_t len; | 19 | socklen_t len; |
30 | struct sockaddr_storage cliaddr; | 20 | struct sockaddr_storage cliaddr; |
@@ -33,7 +23,7 @@ | |||
33 | const char *errstr, *proxyhost = "", *proxyport = NULL; | 23 | const char *errstr, *proxyhost = "", *proxyport = NULL; |
34 | struct addrinfo proxyhints; | 24 | struct addrinfo proxyhints; |
35 | char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; | 25 | char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; |
36 | @@ -262,12 +268,14 @@ | 26 | @@ -255,12 +259,14 @@ |
37 | case 'u': | 27 | case 'u': |
38 | uflag = 1; | 28 | uflag = 1; |
39 | break; | 29 | break; |
@@ -48,7 +38,7 @@ | |||
48 | case 'v': | 38 | case 'v': |
49 | vflag = 1; | 39 | vflag = 1; |
50 | break; | 40 | break; |
51 | @@ -300,9 +308,11 @@ | 41 | @@ -293,9 +299,11 @@ |
52 | errx(1, "TCP send window %s: %s", | 42 | errx(1, "TCP send window %s: %s", |
53 | errstr, optarg); | 43 | errstr, optarg); |
54 | break; | 44 | break; |
@@ -60,7 +50,7 @@ | |||
60 | case 'T': | 50 | case 'T': |
61 | errstr = NULL; | 51 | errstr = NULL; |
62 | errno = 0; | 52 | errno = 0; |
63 | @@ -326,9 +336,11 @@ | 53 | @@ -319,9 +327,11 @@ |
64 | argc -= optind; | 54 | argc -= optind; |
65 | argv += optind; | 55 | argv += optind; |
66 | 56 | ||
@@ -72,19 +62,7 @@ | |||
72 | 62 | ||
73 | if (family == AF_UNIX) { | 63 | if (family == AF_UNIX) { |
74 | if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) | 64 | if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) |
75 | @@ -480,7 +492,10 @@ | 65 | @@ -824,7 +834,10 @@ |
76 | errx(1, "-H and -T noverify may not be used" | ||
77 | "together"); | ||
78 | tls_config_insecure_noverifycert(tls_cfg); | ||
79 | - } | ||
80 | + } else { | ||
81 | + if (Rflag && access(Rflag, R_OK) == -1) | ||
82 | + errx(1, "unable to find root CA file %s", Rflag); | ||
83 | + } | ||
84 | } | ||
85 | if (lflag) { | ||
86 | struct tls *tls_cctx = NULL; | ||
87 | @@ -832,7 +847,10 @@ | ||
88 | remote_connect(const char *host, const char *port, struct addrinfo hints) | 66 | remote_connect(const char *host, const char *port, struct addrinfo hints) |
89 | { | 67 | { |
90 | struct addrinfo *res, *res0; | 68 | struct addrinfo *res, *res0; |
@@ -96,7 +74,7 @@ | |||
96 | 74 | ||
97 | if ((error = getaddrinfo(host, port, &hints, &res))) | 75 | if ((error = getaddrinfo(host, port, &hints, &res))) |
98 | errx(1, "getaddrinfo: %s", gai_strerror(error)); | 76 | errx(1, "getaddrinfo: %s", gai_strerror(error)); |
99 | @@ -847,8 +865,10 @@ | 77 | @@ -839,8 +852,10 @@ |
100 | if (sflag || pflag) { | 78 | if (sflag || pflag) { |
101 | struct addrinfo ahints, *ares; | 79 | struct addrinfo ahints, *ares; |
102 | 80 | ||
@@ -107,7 +85,7 @@ | |||
107 | memset(&ahints, 0, sizeof(struct addrinfo)); | 85 | memset(&ahints, 0, sizeof(struct addrinfo)); |
108 | ahints.ai_family = res0->ai_family; | 86 | ahints.ai_family = res0->ai_family; |
109 | ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; | 87 | ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; |
110 | @@ -919,7 +939,10 @@ | 88 | @@ -911,7 +926,10 @@ |
111 | local_listen(char *host, char *port, struct addrinfo hints) | 89 | local_listen(char *host, char *port, struct addrinfo hints) |
112 | { | 90 | { |
113 | struct addrinfo *res, *res0; | 91 | struct addrinfo *res, *res0; |
@@ -119,7 +97,7 @@ | |||
119 | int error; | 97 | int error; |
120 | 98 | ||
121 | /* Allow nodename to be null. */ | 99 | /* Allow nodename to be null. */ |
122 | @@ -941,9 +964,11 @@ | 100 | @@ -933,9 +951,11 @@ |
123 | res0->ai_protocol)) < 0) | 101 | res0->ai_protocol)) < 0) |
124 | continue; | 102 | continue; |
125 | 103 | ||
@@ -131,7 +109,7 @@ | |||
131 | 109 | ||
132 | set_common_sockopts(s, res0->ai_family); | 110 | set_common_sockopts(s, res0->ai_family); |
133 | 111 | ||
134 | @@ -1401,11 +1426,13 @@ | 112 | @@ -1393,11 +1413,13 @@ |
135 | { | 113 | { |
136 | int x = 1; | 114 | int x = 1; |
137 | 115 | ||
@@ -145,7 +123,7 @@ | |||
145 | if (Dflag) { | 123 | if (Dflag) { |
146 | if (setsockopt(s, SOL_SOCKET, SO_DEBUG, | 124 | if (setsockopt(s, SOL_SOCKET, SO_DEBUG, |
147 | &x, sizeof(x)) == -1) | 125 | &x, sizeof(x)) == -1) |
148 | @@ -1442,13 +1469,17 @@ | 126 | @@ -1434,13 +1456,17 @@ |
149 | } | 127 | } |
150 | 128 | ||
151 | if (minttl != -1) { | 129 | if (minttl != -1) { |
@@ -164,7 +142,7 @@ | |||
164 | } | 142 | } |
165 | } | 143 | } |
166 | 144 | ||
167 | @@ -1605,14 +1636,22 @@ | 145 | @@ -1597,14 +1623,22 @@ |
168 | \t-P proxyuser\tUsername for proxy authentication\n\ | 146 | \t-P proxyuser\tUsername for proxy authentication\n\ |
169 | \t-p port\t Specify local port for remote connects\n\ | 147 | \t-p port\t Specify local port for remote connects\n\ |
170 | \t-R CAfile CA bundle\n\ | 148 | \t-R CAfile CA bundle\n\ |