From 30adf9c06e8d3d7ac9e89f4b2b290567bcafa75c Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 7 Jul 2016 07:27:39 -0500 Subject: remove DEFAULT_CA_FILE patch, since libtls handles this by default --- apps/nc/Makefile.am | 5 ----- patches/netcat.c.patch | 50 ++++++++++++++------------------------------------ 2 files changed, 14 insertions(+), 41 deletions(-) diff --git a/apps/nc/Makefile.am b/apps/nc/Makefile.am index ed45c3f..2a24d87 100644 --- a/apps/nc/Makefile.am +++ b/apps/nc/Makefile.am @@ -17,11 +17,6 @@ nc_LDADD += $(abs_top_builddir)/ssl/libssl.la nc_LDADD += $(abs_top_builddir)/tls/libtls.la AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat -if OPENSSLDIR_DEFINED -AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\" -else -AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" -endif nc_SOURCES = atomicio.c nc_SOURCES += netcat.c diff --git a/patches/netcat.c.patch b/patches/netcat.c.patch index 19154a3..89a4e43 100644 --- a/patches/netcat.c.patch +++ b/patches/netcat.c.patch @@ -1,16 +1,6 @@ ---- apps/nc/netcat.c.orig Thu Jun 30 19:56:49 2016 -+++ apps/nc/netcat.c Thu Jun 30 19:59:09 2016 -@@ -65,7 +65,9 @@ - #define POLL_NETIN 2 - #define POLL_STDOUT 3 - #define BUFSIZE 16384 -+#ifndef DEFAULT_CA_FILE - #define DEFAULT_CA_FILE "/etc/ssl/cert.pem" -+#endif - - #define TLS_LEGACY (1 << 1) - #define TLS_NOVERIFY (1 << 2) -@@ -92,9 +94,13 @@ +--- apps/nc/netcat.c.orig Thu Jul 7 07:25:23 2016 ++++ apps/nc/netcat.c Thu Jul 7 07:25:37 2016 +@@ -91,9 +91,13 @@ int Dflag; /* sodebug */ int Iflag; /* TCP receive buffer size */ int Oflag; /* TCP send buffer size */ @@ -24,7 +14,7 @@ int usetls; /* use TLS */ char *Cflag; /* Public cert file */ -@@ -152,7 +158,7 @@ +@@ -145,7 +149,7 @@ struct servent *sv; socklen_t len; struct sockaddr_storage cliaddr; @@ -33,7 +23,7 @@ const char *errstr, *proxyhost = "", *proxyport = NULL; struct addrinfo proxyhints; char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; -@@ -262,12 +268,14 @@ +@@ -255,12 +259,14 @@ case 'u': uflag = 1; break; @@ -48,7 +38,7 @@ case 'v': vflag = 1; break; -@@ -300,9 +308,11 @@ +@@ -293,9 +299,11 @@ errx(1, "TCP send window %s: %s", errstr, optarg); break; @@ -60,7 +50,7 @@ case 'T': errstr = NULL; errno = 0; -@@ -326,9 +336,11 @@ +@@ -319,9 +327,11 @@ argc -= optind; argv += optind; @@ -72,19 +62,7 @@ if (family == AF_UNIX) { if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) -@@ -480,7 +492,10 @@ - errx(1, "-H and -T noverify may not be used" - "together"); - tls_config_insecure_noverifycert(tls_cfg); -- } -+ } else { -+ if (Rflag && access(Rflag, R_OK) == -1) -+ errx(1, "unable to find root CA file %s", Rflag); -+ } - } - if (lflag) { - struct tls *tls_cctx = NULL; -@@ -832,7 +847,10 @@ +@@ -824,7 +834,10 @@ remote_connect(const char *host, const char *port, struct addrinfo hints) { struct addrinfo *res, *res0; @@ -96,7 +74,7 @@ if ((error = getaddrinfo(host, port, &hints, &res))) errx(1, "getaddrinfo: %s", gai_strerror(error)); -@@ -847,8 +865,10 @@ +@@ -839,8 +852,10 @@ if (sflag || pflag) { struct addrinfo ahints, *ares; @@ -107,7 +85,7 @@ memset(&ahints, 0, sizeof(struct addrinfo)); ahints.ai_family = res0->ai_family; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; -@@ -919,7 +939,10 @@ +@@ -911,7 +926,10 @@ local_listen(char *host, char *port, struct addrinfo hints) { struct addrinfo *res, *res0; @@ -119,7 +97,7 @@ int error; /* Allow nodename to be null. */ -@@ -941,9 +964,11 @@ +@@ -933,9 +951,11 @@ res0->ai_protocol)) < 0) continue; @@ -131,7 +109,7 @@ set_common_sockopts(s, res0->ai_family); -@@ -1401,11 +1426,13 @@ +@@ -1393,11 +1413,13 @@ { int x = 1; @@ -145,7 +123,7 @@ if (Dflag) { if (setsockopt(s, SOL_SOCKET, SO_DEBUG, &x, sizeof(x)) == -1) -@@ -1442,13 +1469,17 @@ +@@ -1434,13 +1456,17 @@ } if (minttl != -1) { @@ -164,7 +142,7 @@ } } -@@ -1605,14 +1636,22 @@ +@@ -1597,14 +1623,22 @@ \t-P proxyuser\tUsername for proxy authentication\n\ \t-p port\t Specify local port for remote connects\n\ \t-R CAfile CA bundle\n\ -- cgit v1.2.3-55-g6feb