src - OpenBSD base system

Age	Commit message (Collapse)	Author
2019-02-26	Correctly handle tls_read() and tls_write() failures.	Joel Sing
	Otherwise a TLS error (for example the remote end sent a fatal alert) is silently ignored. ok bluhm@ tb@
2019-01-10	Revert back previous commit and stop including strings.h	Ricardo Mestre
	Use memset(3) instead of bzero(3) since POSIX recommends using the former and because it's also more portable (conforms to ANSI C standard) OK tedu@ tb@
2019-01-09	Include strings.h for bzero in usr.bin/nc	Kinichiro Inoguchi
	bzero is defined in strings.h. ok deraadt@
2018-12-27	too many words in previous;	Jason McIntyre

2018-12-27	port ranges can be ambiguous with hypenated port-names.	Ted Unangst
	specify that ranges must be numeric, and only check for range if first argument is a digit. identified by danj, fix suggest by sthen
2018-11-29	update for libtls default cert changes.	Ted Unangst
	bonus: this exposed a few missing const qualifiers.
2018-11-09	In verbose mode netcat reports to stderr when the listen system	Alexander Bluhm
	call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
2018-11-06	Use TLS_CA_CERT_FILE instead of a separate define.	Joel Sing
	ok beck@ bluhm@ tb@
2018-10-26	show what went wrong with a unix domain socket, rather than fail silently	David Gwynne
	handy if you type the path wrong or don't have permission... ok deraadt@
2018-10-04	Plug TLS context leak in nc(1) server and client mode. Move	Alexander Bluhm
	tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
2018-09-25	-T applies to ip6 too, apparently;	Jason McIntyre
	from nan xiao
2018-09-07	Declare strings passed to local_listen() as const. This makes it	Alexander Bluhm
	consistent to remote_connect() and getaddrinfo(3). from Nan Xiao
2018-09-06	Do not close the socket twice in netcat.	Alexander Bluhm
	from Nan Xiao; OK tb@
2018-08-17	spelling;	Jason McIntyre

2018-08-17	Make the wording more concise, use the imperative throughout, state	Ingo Schwarze
	more precisely which options require which other options, add many missing incompatibilities, mention the default for -e, and some macro cleanup. OK jmc@ tb@
2018-08-10	In typical swiss-army style, various modes and options cause	Theo de Raadt
	different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
2018-04-27	trailing whitespace, and move arg checking before pledge	Bob Beck
	in preparation for pledgepath ok deraadt@
2018-03-27	Clear password buffers in non-terminating cases	Theo de Raadt
	ok tobias
2018-03-19	Remove the tls_init() call, since it is no longer necessary.	Joel Sing
	ok bcook@ beck@ inoguchi@
2017-11-28	Allow TLS ciphers and protocols to be specified for nc(1).	Joel Sing
	Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
2017-10-24	Use a smaller buffer size too peek the receive data. The content	Alexander Bluhm
	is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
2017-07-15	grammar was ass backwards;	Jason McIntyre

2017-07-15	Add a "-T tlscompat" option to nc(1), which enables the use of all TLS	Joel Sing
	protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
2017-06-11	Continue the flattening of the pledge logic started in r1.184 and place	Theo Buehler
	a blank space somewhere else. suggested by and ok jsing
2017-06-11	Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace and	Theo Buehler
	omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk
2017-06-10	If -P and -c were given, a second pledge call tried to add "rpath" to the	Theo Buehler
	first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk
2017-05-26	Fix gcc warnings triggered by WARNINGS=yes.	Alexander Bluhm
	OK florian@
2017-05-10	Implement nc -W recvlimit to terminate netcat after receiving a	Alexander Bluhm
	number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
2017-04-16	Move comments into a block and uses {} to unconfuse reading.	Theo de Raadt

2017-04-05	- -Z before -z in options list	Jason McIntyre
	- add -Z to help and usage()
2017-04-05	Allow nc to save the peer certificate and chain in a pem file specified	Bob Beck
	with -Z ok jsing@
2017-03-09	The netcat server did not print the correct TLS error message if	Alexander Bluhm
	the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@
2017-02-09	When netcat was started with -Uz, the exit status was always 1. If	Alexander Bluhm
	the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@
2017-02-09	Document that -x can take an ipv6 address enclosed in square brackets.	Jeremie Courreges-Anglas

2017-02-09	When getaddrinfo fails, print the requested host and port.	Jeremie Courreges-Anglas
	Should make debugging easier, especially when using -x literal_ipv6_address
2017-02-08	Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()	Alexander Bluhm
	wrapper that calls poll(2) and handles the -w timeout. OK beck@
2017-02-08	Avoid double close(2) in netcat. After every call to readwrite()	Alexander Bluhm
	there is already a close(2), so do not do it in readwrite(). OK beck@
2017-02-08	Due to non-blocking sockets, tls_handshake() could wait in a busy	Alexander Bluhm
	loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
2017-02-05	Support IPv6 proxy addresses	Jeremie Courreges-Anglas
	ok beck@
2017-01-26	oscp -> ocsp;	Jason McIntyre
	from holger mikolon, plus one more in nc;
2016-11-30	Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)	Ricardo Mestre
	and bail out in case of failure Feedback and OK jsing@
2016-11-06	tweak previous;	Jason McIntyre

2016-11-06	rename tlslegacy to tlsall, and better describe what it does.	Bob Beck
	ok jsing@
2016-11-05	zap trailing whitespace, and add -o to usage() and help (-h);	Jason McIntyre

2016-11-05	Add support for server side OCSP stapling to libtls.	Bob Beck
	Add support for server side OCSP stapling to netcat.
2016-11-04	new sentence, new line, and zap trailing whitespace;	Jason McIntyre

2016-11-04	Add ocsp_require_stapling config option for tls - allows a connection	Bob Beck
	to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
2016-11-03	make OCSP_URL only show up when an OCSP url is actually present in the cert	Bob Beck

2016-11-03	Make OCSP Stapling: only appear if there is stapling info present.	Bob Beck

2016-11-02	Add OCSP client side support to libtls.	Bob Beck
	- Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@