| version 1.158, 2016/07/06 16:31:18 |
version 1.159, 2016/07/07 14:09:44 |
|
|
| #define POLL_NETIN 2 |
#define POLL_NETIN 2 |
| #define POLL_STDOUT 3 |
#define POLL_STDOUT 3 |
| #define BUFSIZE 16384 |
#define BUFSIZE 16384 |
| |
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem" |
| |
|
| #define TLS_LEGACY (1 << 1) |
#define TLS_LEGACY (1 << 1) |
| #define TLS_NOVERIFY (1 << 2) |
#define TLS_NOVERIFY (1 << 2) |
|
|
| int usetls; /* use TLS */ |
int usetls; /* use TLS */ |
| char *Cflag; /* Public cert file */ |
char *Cflag; /* Public cert file */ |
| char *Kflag; /* Private key file */ |
char *Kflag; /* Private key file */ |
| char *Rflag; /* Root CA file */ |
char *Rflag = DEFAULT_CA_FILE; /* Root CA file */ |
| int tls_cachanged; /* Using non-default CA file */ |
int tls_cachanged; /* Using non-default CA file */ |
| int TLSopt; /* TLS options */ |
int TLSopt; /* TLS options */ |
| char *tls_expectname; /* required name in peer cert */ |
char *tls_expectname; /* required name in peer cert */ |
| char *tls_expecthash; /* required hash of peer cert */ |
char *tls_expecthash; /* required hash of peer cert */ |
| |
uint8_t *cacert; |
| |
size_t cacertlen; |
| |
uint8_t *privkey; |
| |
size_t privkeylen; |
| |
uint8_t *pubcert; |
| |
size_t pubcertlen; |
| |
|
| int timeout = -1; |
int timeout = -1; |
| int family = AF_UNSPEC; |
int family = AF_UNSPEC; |
|
|
| } |
} |
| |
|
| if (usetls) { |
if (usetls) { |
| |
if (Rflag && (cacert = tls_load_file(Rflag, &cacertlen, NULL)) == NULL) |
| |
errx(1, "unable to load root CA file %s", Rflag); |
| |
if (Cflag && (pubcert = tls_load_file(Cflag, &pubcertlen, NULL)) == NULL) |
| |
errx(1, "unable to load TLS certificate file %s", Cflag); |
| |
if (Kflag && (privkey = tls_load_file(Kflag, &privkeylen, NULL)) == NULL) |
| |
errx(1, "unable to load TLS key file %s", Kflag); |
| |
|
| if (Pflag) { |
if (Pflag) { |
| if (pledge("stdio inet dns rpath tty", NULL) == -1) |
if (pledge("stdio inet dns tty", NULL) == -1) |
| err(1, "pledge"); |
err(1, "pledge"); |
| } else if (pledge("stdio inet dns rpath", NULL) == -1) |
} else if (pledge("stdio inet dns", NULL) == -1) |
| err(1, "pledge"); |
err(1, "pledge"); |
| |
|
| if (tls_init() == -1) |
if (tls_init() == -1) |
| errx(1, "unable to initialize TLS"); |
errx(1, "unable to initialize TLS"); |
| if ((tls_cfg = tls_config_new()) == NULL) |
if ((tls_cfg = tls_config_new()) == NULL) |
| errx(1, "unable to allocate TLS config"); |
errx(1, "unable to allocate TLS config"); |
| if (Rflag && tls_config_set_ca_file(tls_cfg, Rflag) == -1) |
if (Rflag && tls_config_set_ca_mem(tls_cfg, cacert, cacertlen) == -1) |
| errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "unable to set root CA file %s", Rflag); |
| if (Cflag && tls_config_set_cert_file(tls_cfg, Cflag) == -1) |
if (Cflag && tls_config_set_cert_mem(tls_cfg, pubcert, pubcertlen) == -1) |
| errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "unable to set TLS certificate file %s", Cflag); |
| if (Kflag && tls_config_set_key_file(tls_cfg, Kflag) == -1) |
if (Kflag && tls_config_set_key_mem(tls_cfg, privkey, privkeylen) == -1) |
| errx(1, "%s", tls_config_error(tls_cfg)); |
errx(1, "unable to set TLS key file %s", Kflag); |
| if (TLSopt & TLS_LEGACY) { |
if (TLSopt & TLS_LEGACY) { |
| tls_config_set_protocols(tls_cfg, TLS_PROTOCOLS_ALL); |
tls_config_set_protocols(tls_cfg, TLS_PROTOCOLS_ALL); |
| tls_config_set_ciphers(tls_cfg, "legacy"); |
tls_config_set_ciphers(tls_cfg, "legacy"); |
|
|
| "together"); |
"together"); |
| tls_config_insecure_noverifycert(tls_cfg); |
tls_config_insecure_noverifycert(tls_cfg); |
| } |
} |
| |
|
| if (Pflag) { |
|
| if (pledge("stdio inet dns tty", NULL) == -1) |
|
| err(1, "pledge"); |
|
| } else if (pledge("stdio inet dns", NULL) == -1) |
|
| err(1, "pledge"); |
|
| } |
} |
| if (lflag) { |
if (lflag) { |
| struct tls *tls_cctx = NULL; |
struct tls *tls_cctx = NULL; |
![[BACK]](/icons/back.gif){kind=icon}
Return to netcat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / nc