src - OpenBSD base system

Age	Commit message (Collapse)	Author
2018-03-27	Clear password buffers in non-terminating cases	Theo de Raadt
	ok tobias
2018-03-19	Remove the tls_init() call, since it is no longer necessary.	Joel Sing
	ok bcook@ beck@ inoguchi@
2017-11-28	Allow TLS ciphers and protocols to be specified for nc(1).	Joel Sing
	Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
2017-10-24	Use a smaller buffer size too peek the receive data. The content	Alexander Bluhm
	is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
2017-07-15	grammar was ass backwards;	Jason McIntyre

2017-07-15	Add a "-T tlscompat" option to nc(1), which enables the use of all TLS	Joel Sing
	protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
2017-06-11	Continue the flattening of the pledge logic started in r1.184 and place	Theo Buehler
	a blank space somewhere else. suggested by and ok jsing
2017-06-11	Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace and	Theo Buehler
	omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk
2017-06-10	If -P and -c were given, a second pledge call tried to add "rpath" to the	Theo Buehler
	first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk
2017-05-26	Fix gcc warnings triggered by WARNINGS=yes.	Alexander Bluhm
	OK florian@
2017-05-10	Implement nc -W recvlimit to terminate netcat after receiving a	Alexander Bluhm
	number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
2017-04-16	Move comments into a block and uses {} to unconfuse reading.	Theo de Raadt

2017-04-05	- -Z before -z in options list	Jason McIntyre
	- add -Z to help and usage()
2017-04-05	Allow nc to save the peer certificate and chain in a pem file specified	Bob Beck
	with -Z ok jsing@
2017-03-09	The netcat server did not print the correct TLS error message if	Alexander Bluhm
	the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@
2017-02-09	When netcat was started with -Uz, the exit status was always 1. If	Alexander Bluhm
	the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@
2017-02-09	Document that -x can take an ipv6 address enclosed in square brackets.	Jeremie Courreges-Anglas

2017-02-09	When getaddrinfo fails, print the requested host and port.	Jeremie Courreges-Anglas
	Should make debugging easier, especially when using -x literal_ipv6_address
2017-02-08	Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()	Alexander Bluhm
	wrapper that calls poll(2) and handles the -w timeout. OK beck@
2017-02-08	Avoid double close(2) in netcat. After every call to readwrite()	Alexander Bluhm
	there is already a close(2), so do not do it in readwrite(). OK beck@
2017-02-08	Due to non-blocking sockets, tls_handshake() could wait in a busy	Alexander Bluhm
	loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
2017-02-05	Support IPv6 proxy addresses	Jeremie Courreges-Anglas
	ok beck@
2017-01-26	oscp -> ocsp;	Jason McIntyre
	from holger mikolon, plus one more in nc;
2016-11-30	Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)	Ricardo Mestre
	and bail out in case of failure Feedback and OK jsing@
2016-11-06	tweak previous;	Jason McIntyre

2016-11-06	rename tlslegacy to tlsall, and better describe what it does.	Bob Beck
	ok jsing@
2016-11-05	zap trailing whitespace, and add -o to usage() and help (-h);	Jason McIntyre

2016-11-05	Add support for server side OCSP stapling to libtls.	Bob Beck
	Add support for server side OCSP stapling to netcat.
2016-11-04	new sentence, new line, and zap trailing whitespace;	Jason McIntyre

2016-11-04	Add ocsp_require_stapling config option for tls - allows a connection	Bob Beck
	to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
2016-11-03	make OCSP_URL only show up when an OCSP url is actually present in the cert	Bob Beck

2016-11-03	Make OCSP Stapling: only appear if there is stapling info present.	Bob Beck

2016-11-02	Add OCSP client side support to libtls.	Bob Beck
	- Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
2016-09-03	squash some possibly-used-uninitialized warnings	Brent Cook

2016-08-13	Let libtls load the CA, certificate and key files for nc(1), now that it	Joel Sing
	does this at the time the tls_config_set_*_file() function is called. ok bluhm@
2016-07-30	use the style from the man page examples for getaddrinfo, which makes a	Alexander Hall
	bit more sense ok jung@ deraadt@
2016-07-13	Adjust existing tls_config_set_cipher() callers for TLS cipher group	Joel Sing
	changes - map the previous configuration to the equivalent in the new groups. This will be revisited post release. Discussed with beck@
2016-07-07	Revert previous since the libtls change has been reverted.	Joel Sing

2016-07-06	Remove manual file loading (now that libtls does this for us) and adjust	Joel Sing
	pledge to match. Also use tls_config_error() to provide friendlier error messages.
2016-07-02	do not uppercase "hop limit";	Jason McIntyre

2016-07-01	Simplify IP proto-specific sockopt error handling.	Brent Cook
	This makes error messages more specific and simplifies masking compatible sections for the portable version. ok beck@
2016-06-28	Add -M and -m options to specify the outgoing and incoming minimum TTL	Jeremie Courreges-Anglas
	Req by and ok blumh@
2016-06-28	If an error path if close() is called, save errno so that original error	Theo de Raadt
	is shown by errx ok millert krw
2016-06-27	Be more careful initializing and tracking socket s through main, this is	Theo de Raadt
	so complicated that a future refactoring could easily in introduce a bug. ok millert krw
2016-06-27	whitespace	Theo de Raadt

2016-06-02	Let netcat support the use of service names instead of port numbers.	Bob Beck
	based on a diff from Andras Farkas <deepbluemistake@gmail.com> ok deraadt@
2016-05-28	Fix pledge violation with -P s used and we need to supply a password	Bob Beck
	for an http proxy - we need tty in this case. Found and fixed by Anthony Coulter <bsd@anthonycoulter.name>. ok tb@
2016-05-28	Fix nc -verbose mode when used on a unix domain socket.	Bob Beck
	Noticed by and a modified version of fix from <attila@stalphonsos.com>
2016-01-04	Use the correct values for TLS certificate / private key flags.	Brent Cook
	fix from Andreas Bartelt <obsd at bartula.de>
2015-12-28	include time.h over sys/time.h for ctime(3)	Brent Cook
	ok beck@