Age | Commit message (Collapse) | Author |
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
similar to what deraadt@ recently did in other manual pages.
|
|
will attempt again later, now that there is new regress
|
|
hash value on the nc(1) server command line, the netcat server must
use the TLS context of the accepted socket for verification. As
the listening socket was used instead, the verification was always
successful.
If the peer provides a certificate, there must be a hash. Make the
hash verification fail safe.
OK tb@
|
|
the file system as it has to connect to the UNIX domain client
socket. The path of the latter is determined dynamically. Instead
add a restrictive pledge(2) after connect(2).
OK tb@
|
|
path name of the socket. This avoids bad errors from getnameinfo(3).
Use the same error check for both calls to getnameinfo(3).
OK millert@ tb@
|
|
noticed by jsing and beck, ok tedu
|
|
to handle tls_shutdown correctly if using TLS, doing tls_shutdown
correctly if we are using the -N flag
ok sthen@
|
|
From Lucas AT sexy DOT is. OK job@ kn@
|
|
OK kn@
|
|
for tls, since the socket is shut down without calling tls_close().
Since nc appears to have a problem with this in other shutdown() cases
I am simply going to bake a new diff for this.
noticed by bluhm@.
|
|
goes away. This allows for using nc in cases where the network server
will no longer expect anything after eof, instead of hanging waiting
for more input from our end.
Additionaly, shut down if tls is in use if either side of the socket
goes away, since we higher level TLS operations (tls_read and write)
will require the socket to be both readable and writable as we can
get TLS_WANT_POLLIN or TLS_WANT_POLLOUT on either operation.
deraadt@ buying it. found by sthen@
|
|
to misread.
as per suggestion by and OK deraadt@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
ok millert nicm tb, etc
|
|
Otherwise a TLS error (for example the remote end sent a fatal alert) is
silently ignored.
ok bluhm@ tb@
|
|
Use memset(3) instead of bzero(3) since POSIX recommends using the former and
because it's also more portable (conforms to ANSI C standard)
OK tedu@ tb@
|
|
bzero is defined in strings.h.
ok deraadt@
|
|
specify that ranges must be numeric, and only check for range if
first argument is a digit.
identified by danj, fix suggest by sthen
|
|
bonus: this exposed a few missing const qualifiers.
|
|
call has finished. This allows to write race free scripts as they
can check that the server is up and running.
OK sthen@ tb@
|
|
ok beck@ bluhm@ tb@
|
|
handy if you type the path wrong or don't have permission...
ok deraadt@
|
|
tls_free(3) directly after close(2) to catch all cases.
based on a patch from Nan Xiao; OK tb@ deraadt@
|
|
consistent to remote_connect() and getaddrinfo(3).
from Nan Xiao
|
|
from Nan Xiao; OK tb@
|
|
different unveils. Joint work with beck and florian.
Let us know if you hit any corner cases.
|
|
in preparation for pledgepath
ok deraadt@
|
|
ok bcook@ beck@ inoguchi@
|
|
Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol"
options that are key/value pairs. This allows the user to specify ciphers
and protocols in a form that are accepted by tls_config_set_ciphers() and
tls_config_set_protocols() respectively.
ok beck@
(also ok jmc@ for a previous revision of the man page).
|
|
is discarded anyway, the plen variable is a leftover from the -j
jumbo option.
reported by Nan Xiao; OK deraadt@
|
|
protocols and "compat" ciphers. This allows for TLS connections to TLS
servers that are using less than ideal cipher suites, without having to
resort to "-T tlsall" which enables all known cipher suites.
Diff from Kyle J. McKay <mackyle at gmail dot com>
ok beck@
|
|
a blank space somewhere else.
suggested by and ok jsing
|
|
omitting parentheses in return statements. Binary change because of
return instead of exit(3) from main and because help() is now __dead.
ok awolk
|
|
first pledge promises, so nc exited with EPERM. To fix this, merge the
pledge of the Pflag && usetls case into the first pledge block. This
allows us to get rid of the second pledge block and thus to simplify the
logic a bit. While there, add a missing blank to an error string.
Joint effort by the #openbsd-daily code reading group, problem found and
initial patch by <rain1 openmailbox org>.
ok awolk
|
|
OK florian@
|
|
number of packets. This allows to send a UDP request, receive a
reply and check the result on the command line.
input jmc@; OK millert@
|
|
|
|
- add -Z to help and usage()
|
|
with -Z
ok jsing@
|
|
the handshake after accept had failed. Use the context of the
accepted TLS connection.
OK beck@
|
|
the unix connect is successful, let nc -z close the socket and exit
with 0.
OK jca@
|
|
Should make debugging easier, especially when using -x literal_ipv6_address
|
|
wrapper that calls poll(2) and handles the -w timeout.
OK beck@
|
|
there is already a close(2), so do not do it in readwrite().
OK beck@
|
|
loop. Use an additional poll(2) during the handshake and also
respect the -w timeout option there.
From Shuo Chen; OK beck@
|
|
ok beck@
|
|
and bail out in case of failure
Feedback and OK jsing@
|
|
ok jsing@
|
|
|