summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2020-09-06 09:00:38 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2020-09-06 09:00:38 +0000
commitde3241aa575e607a7ed9743f9eec25d88710f700 (patch)
treea5ff16f5a8b5913090ba3561a22a2107bafaa3a7
parent7ff75dbbee2953919b67d2e80f9262d88170eef2 (diff)
Allow specifying supported TLS protocols in ftp(1)
This adds the possibility of specifying the TLS protocols for ftp(1) to use via -S "protocols=tlsv1.2:tlsv1.1" or -S "protocols=all" or simlar options. This works the same way as nc(1)'s -T protocols option using tls_config_{parse,set}_protocols(3) internally. ok jca
-rw-r--r--usr.bin/ftp/main.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index 660eb04e9ff..2189b9241b4 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.132 2020/09/01 12:33:48 jca Exp $ */
+/* $OpenBSD: main.c,v 1.133 2020/09/06 09:00:37 tb Exp $ */
/* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */
/*
@@ -209,6 +209,8 @@ char * const ssl_verify_opts[] = {
"noverifytime",
#define SSL_SESSION 8
"session",
+#define SSL_PROTOCOLS 9
+ "protocols",
NULL
};
@@ -221,6 +223,7 @@ process_ssl_options(char *cp)
const char *errstr;
long long depth;
char *str;
+ uint32_t protocols;
while (*cp) {
switch (getsubopt(&cp, ssl_verify_opts, &str)) {
@@ -279,6 +282,14 @@ process_ssl_options(char *cp)
errx(1, "failed to set session: %s",
tls_config_error(tls_config));
break;
+ case SSL_PROTOCOLS:
+ if (str == NULL)
+ errx(1, "missing protocol name");
+ if (tls_config_parse_protocols(&protocols, str) != 0)
+ errx(1, "failed to parse TLS protocols");
+ if (tls_config_set_protocols(tls_config, protocols) != 0)
+ errx(1, "failed to set TLS protocols");
+ break;
default:
errx(1, "unknown -S suboption `%s'",
suboptarg ? suboptarg : "");