diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2020-09-06 09:00:38 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-09-06 09:00:38 +0000 |
commit | de3241aa575e607a7ed9743f9eec25d88710f700 (patch) | |
tree | a5ff16f5a8b5913090ba3561a22a2107bafaa3a7 | |
parent | 7ff75dbbee2953919b67d2e80f9262d88170eef2 (diff) |
Allow specifying supported TLS protocols in ftp(1)
This adds the possibility of specifying the TLS protocols for ftp(1) to
use via -S "protocols=tlsv1.2:tlsv1.1" or -S "protocols=all" or simlar
options. This works the same way as nc(1)'s -T protocols option using
tls_config_{parse,set}_protocols(3) internally.
ok jca
-rw-r--r-- | usr.bin/ftp/main.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c index 660eb04e9ff..2189b9241b4 100644 --- a/usr.bin/ftp/main.c +++ b/usr.bin/ftp/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.132 2020/09/01 12:33:48 jca Exp $ */ +/* $OpenBSD: main.c,v 1.133 2020/09/06 09:00:37 tb Exp $ */ /* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */ /* @@ -209,6 +209,8 @@ char * const ssl_verify_opts[] = { "noverifytime", #define SSL_SESSION 8 "session", +#define SSL_PROTOCOLS 9 + "protocols", NULL }; @@ -221,6 +223,7 @@ process_ssl_options(char *cp) const char *errstr; long long depth; char *str; + uint32_t protocols; while (*cp) { switch (getsubopt(&cp, ssl_verify_opts, &str)) { @@ -279,6 +282,14 @@ process_ssl_options(char *cp) errx(1, "failed to set session: %s", tls_config_error(tls_config)); break; + case SSL_PROTOCOLS: + if (str == NULL) + errx(1, "missing protocol name"); + if (tls_config_parse_protocols(&protocols, str) != 0) + errx(1, "failed to parse TLS protocols"); + if (tls_config_set_protocols(tls_config, protocols) != 0) + errx(1, "failed to set TLS protocols"); + break; default: errx(1, "unknown -S suboption `%s'", suboptarg ? suboptarg : ""); |