Adapt to just committed libtls api change

1 files changed, 14 insertions, 21 deletions

diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
index e044be4f3d2..165c3c9c809 100644
--- a/usr.bin/nc/netcat.c
+++ b/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.136 2015/09/12 08:38:33 deraadt Exp $ */
+/* $OpenBSD: netcat.c,v 1.137 2015/09/12 21:01:14 beck Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -109,7 +109,6 @@ char    *Rflag = DEFAULT_CA_FILE;		/* Root CA file */
 int	tls_cachanged;				/* Using non-default CA file */
 int     TLSopt;					/* TLS options */
 char	*tls_expectname;			/* required name in peer cert */
-char	*tls_peerhash;				/* hash of peer cert */
 char	*tls_expecthash;			/* required hash of peer cert */
 
 int timeout = -1;
@@ -617,7 +616,6 @@ main(int argc, char *argv[])
 	if (s)
 		close(s);
 
-	free(tls_peerhash);
 	tls_config_free(tls_cfg);
 
 	exit(ret);
@@ -671,12 +669,10 @@ tls_setup_client(struct tls *tls_ctx, int s, char *host)
 			errx(1, "tls handshake failed (%s)",
 			    tls_error(tls_ctx));
 	} while (i == TLS_WANT_POLLIN || i == TLS_WANT_POLLOUT);
-	if (tls_peer_cert_hash(tls_ctx, &tls_peerhash) == -1)
-		errx(1, "hash of peer certificate failed");
 	if (vflag)
 		report_tls(tls_ctx, host, tls_expectname);
-	if (tls_expecthash && tls_peerhash &&
-	    strcmp(tls_expecthash, tls_peerhash) != 0)
+	if (tls_expecthash && tls_peer_cert_hash(tls_ctx) &&
+	    strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
 		errx(1, "peer certificate is not %s", tls_expecthash);
 }
 struct tls *
@@ -701,14 +697,12 @@ tls_setup_server(struct tls *tls_ctx, int connfd, char *host)
 	if (tls_cctx) {
 		int gotcert = tls_peer_cert_provided(tls_cctx);
 
-		if (gotcert && tls_peer_cert_hash(tls_cctx, &tls_peerhash) == -1)
-			warn("hash of peer certificate failed");
 		if (vflag && gotcert)
 			report_tls(tls_cctx, host, tls_expectname);
 		if ((TLSopt & TLS_CCERT) && !gotcert)
 			warnx("No client certificate provided");
-		else if (gotcert && tls_peerhash && tls_expecthash &&
-		    strcmp(tls_expecthash, tls_peerhash) != 0)
+		else if (gotcert && tls_peer_cert_hash(tls_ctx) && tls_expecthash &&
+		    strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
 			warnx("peer certificate is not %s", tls_expecthash);
 		else if (gotcert && tls_expectname &&
 		    (!tls_peer_cert_contains_name(tls_cctx, tls_expectname)))
@@ -1454,19 +1448,18 @@ void
 report_tls(struct tls * tls_ctx, char * host, char *tls_expectname)
 {
 	char *subject = NULL, *issuer = NULL;
-	if (tls_peer_cert_subject(tls_ctx, &subject) == -1)
-		errx(1, "unable to get certificate subject");
-	if (tls_peer_cert_issuer(tls_ctx, &issuer) == -1)
-		errx(1, "unable to get certificate issuer");
 	fprintf(stderr, "TLS handshake completed with %s\n", host);
 	fprintf(stderr, "Peer name %s\n",
 	    tls_expectname ? tls_expectname : host);
-	if (subject)
-		fprintf(stderr, "Subject: %s\n", subject);
-	if (issuer)
-		fprintf(stderr, "Issuer: %s\n", issuer);
-	if (tls_peerhash)
-		fprintf(stderr, "Cert Hash: %s\n", tls_peerhash);
+	if (tls_peer_cert_subject(tls_ctx))
+		fprintf(stderr, "Subject: %s\n",
+		    tls_peer_cert_subject(tls_ctx));
+	if (tls_peer_cert_issuer(tls_ctx))
+		fprintf(stderr, "Issuer: %s\n",
+		    tls_peer_cert_issuer(tls_ctx));
+	if (tls_peer_cert_hash(tls_ctx))
+		fprintf(stderr, "Cert Hash: %s\n",
+		    tls_peer_cert_hash(tls_ctx));
 	free(subject);
 	free(issuer);
 }