=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ftp/main.c,v retrieving revision 1.109 retrieving revision 1.110 diff -c -r1.109 -r1.110 *** src/usr.bin/ftp/main.c 2016/07/13 16:35:47 1.109 --- src/usr.bin/ftp/main.c 2016/08/13 12:55:21 1.110 *************** *** 1,4 **** ! /* $OpenBSD: main.c,v 1.109 2016/07/13 16:35:47 jsing Exp $ */ /* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */ /* --- 1,4 ---- ! /* $OpenBSD: main.c,v 1.110 2016/08/13 12:55:21 jsing Exp $ */ /* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */ /* *************** *** 98,103 **** --- 98,157 ---- }; struct tls_config *tls_config; + + static void + process_ssl_options(char *cp) + { + const char *errstr; + long long depth; + char *str; + + while (*cp) { + switch (getsubopt(&cp, ssl_verify_opts, &str)) { + case SSL_CAFILE: + if (str == NULL) + errx(1, "missing CA file"); + if (tls_config_set_ca_file(tls_config, str) != 0) + errx(1, "tls ca file failed: %s", + tls_config_error(tls_config)); + break; + case SSL_CAPATH: + if (str == NULL) + errx(1, "missing CA directory path"); + if (tls_config_set_ca_path(tls_config, str) != 0) + errx(1, "tls ca path failed: %s", + tls_config_error(tls_config)); + break; + case SSL_CIPHERS: + if (str == NULL) + errx(1, "missing cipher list"); + if (tls_config_set_ciphers(tls_config, str) != 0) + errx(1, "tls ciphers failed: %s", + tls_config_error(tls_config)); + break; + case SSL_DONTVERIFY: + tls_config_insecure_noverifycert(tls_config); + tls_config_insecure_noverifyname(tls_config); + break; + case SSL_DOVERIFY: + tls_config_verify(tls_config); + break; + case SSL_VERIFYDEPTH: + if (str == NULL) + errx(1, "missing depth"); + depth = strtonum(str, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "certificate validation depth is %s", + errstr); + tls_config_set_verify_depth(tls_config, (int)depth); + break; + default: + errx(1, "unknown -S suboption `%s'", + suboptarg ? suboptarg : ""); + /* NOTREACHED */ + } + } + } #endif /* !SMALL */ int family = PF_UNSPEC; *************** *** 112,120 **** char *outfile = NULL; const char *errstr; int dumb_terminal = 0; - #ifndef SMALL - long long depth; - #endif ftpport = "ftp"; httpport = "http"; --- 166,171 ---- *************** *** 202,208 **** errx(1, "tls config failed"); tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL); if (tls_config_set_ciphers(tls_config, "all") != 0) ! errx(1, "tls set ciphers failed"); } #endif /* !SMALL */ --- 253,260 ---- errx(1, "tls config failed"); tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL); if (tls_config_set_ciphers(tls_config, "all") != 0) ! errx(1, "tls set ciphers failed: %s", ! tls_config_error(tls_config)); } #endif /* !SMALL */ *************** *** 318,377 **** case 'S': #ifndef SMALL ! cp = optarg; ! while (*cp) { ! char *str; ! switch (getsubopt(&cp, ssl_verify_opts, &str)) { ! case SSL_CAFILE: ! if (str == NULL) ! errx(1, "missing CA file"); ! if (tls_config_set_ca_file( ! tls_config, str) != 0) ! errx(1, "tls ca file failed"); ! break; ! case SSL_CAPATH: ! if (str == NULL) ! errx(1, "missing CA directory" ! " path"); ! if (tls_config_set_ca_path( ! tls_config, str) != 0) ! errx(1, "tls ca path failed"); ! break; ! case SSL_CIPHERS: ! if (str == NULL) ! errx(1, "missing cipher list"); ! if (tls_config_set_ciphers( ! tls_config, str) != 0) ! errx(1, "tls ciphers failed"); ! break; ! case SSL_DONTVERIFY: ! tls_config_insecure_noverifycert( ! tls_config); ! tls_config_insecure_noverifyname( ! tls_config); ! break; ! case SSL_DOVERIFY: ! tls_config_verify(tls_config); ! break; ! case SSL_VERIFYDEPTH: ! if (str == NULL) ! errx(1, "missing depth"); ! depth = strtonum(str, 0, INT_MAX, ! &errstr); ! if (errstr) ! errx(1, "certificate " ! "validation depth is %s", ! errstr); ! tls_config_set_verify_depth( ! tls_config, (int)depth); ! break; ! default: ! errx(1, "unknown -S suboption `%s'", ! suboptarg ? suboptarg : ""); ! /* NOTREACHED */ ! } ! } ! #endif break; case 's': --- 370,377 ---- case 'S': #ifndef SMALL ! process_ssl_options(optarg); ! #endif /* !SMALL */ break; case 's':