| version 1.178, 2017/03/09 13:58:00 |
version 1.179, 2017/04/05 03:20:19 |
|
|
| int TLSopt; /* TLS options */ |
int TLSopt; /* TLS options */ |
| char *tls_expectname; /* required name in peer cert */ |
char *tls_expectname; /* required name in peer cert */ |
| char *tls_expecthash; /* required hash of peer cert */ |
char *tls_expecthash; /* required hash of peer cert */ |
| |
FILE *Zflag; /* file to save peer cert */ |
| |
|
| int timeout = -1; |
int timeout = -1; |
| int family = AF_UNSPEC; |
int family = AF_UNSPEC; |
|
|
| void set_common_sockopts(int, int); |
void set_common_sockopts(int, int); |
| int map_tos(char *, int *); |
int map_tos(char *, int *); |
| int map_tls(char *, int *); |
int map_tls(char *, int *); |
| |
void save_peer_cert(struct tls *_tls_ctx, FILE *_fp); |
| void report_connect(const struct sockaddr *, socklen_t, char *); |
void report_connect(const struct sockaddr *, socklen_t, char *); |
| void report_tls(struct tls *tls_ctx, char * host, char *tls_expectname); |
void report_tls(struct tls *tls_ctx, char * host, char *tls_expectname); |
| void usage(int); |
void usage(int); |
|
|
| signal(SIGPIPE, SIG_IGN); |
signal(SIGPIPE, SIG_IGN); |
| |
|
| while ((ch = getopt(argc, argv, |
while ((ch = getopt(argc, argv, |
| "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:z")) != -1) { |
"46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vw:X:x:Z:z")) != -1) { |
| switch (ch) { |
switch (ch) { |
| case '4': |
case '4': |
| family = AF_INET; |
family = AF_INET; |
|
|
| if ((proxy = strdup(optarg)) == NULL) |
if ((proxy = strdup(optarg)) == NULL) |
| err(1, NULL); |
err(1, NULL); |
| break; |
break; |
| |
case 'Z': |
| |
if (strcmp(optarg, "-") == 0) |
| |
Zflag = stderr; |
| |
else if ((Zflag = fopen(optarg, "w")) == NULL) |
| |
err(1, "can't open %s", optarg); |
| |
break; |
| case 'z': |
case 'z': |
| zflag = 1; |
zflag = 1; |
| break; |
break; |
|
|
| errx(1, "you must specify -c to use -C"); |
errx(1, "you must specify -c to use -C"); |
| if (Kflag && !usetls) |
if (Kflag && !usetls) |
| errx(1, "you must specify -c to use -K"); |
errx(1, "you must specify -c to use -K"); |
| |
if (Zflag && !usetls) |
| |
errx(1, "you must specify -c to use -Z"); |
| if (oflag && !Cflag) |
if (oflag && !Cflag) |
| errx(1, "you must specify -C to use -o"); |
errx(1, "you must specify -C to use -o"); |
| if (tls_cachanged && !usetls) |
if (tls_cachanged && !usetls) |
|
|
| if (tls_expecthash && tls_peer_cert_hash(tls_ctx) && |
if (tls_expecthash && tls_peer_cert_hash(tls_ctx) && |
| strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) |
strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0) |
| errx(1, "peer certificate is not %s", tls_expecthash); |
errx(1, "peer certificate is not %s", tls_expecthash); |
| |
if (Zflag) { |
| |
save_peer_cert(tls_ctx, Zflag); |
| |
if (Zflag != stderr && (fclose(Zflag) != 0)) |
| |
err(1, "fclose failed saving peer cert"); |
| |
} |
| } |
} |
| |
|
| struct tls * |
struct tls * |
|
|
| } |
} |
| } |
} |
| return (0); |
return (0); |
| |
} |
| |
|
| |
void |
| |
save_peer_cert(struct tls *tls_ctx, FILE *fp) |
| |
{ |
| |
const char *pem; |
| |
size_t plen; |
| |
FILE *out; |
| |
|
| |
if ((pem = tls_peer_cert_chain_pem(tls_ctx, &plen)) == NULL) |
| |
errx(1, "Can't get peer certificate"); |
| |
if (fprintf(fp, "%.*s", plen, pem) < 0) |
| |
err(1, "unable to save peer cert"); |
| |
if (fflush(fp) != 0) |
| |
err(1, "unable to flush peer cert"); |
| } |
} |
| |
|
| void |
void |
![[BACK]](/icons/back.gif){kind=icon}
Return to netcat.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / nc