summaryrefslogtreecommitdiffstats
path: root/usr.bin/nc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Correctly handle tls_read() and tls_write() failures.jsing2019-02-261-5/+9
| | | | | | | Otherwise a TLS error (for example the remote end sent a fatal alert) is silently ignored. ok bluhm@ tb@
* Revert back previous commit and stop including strings.hmestre2019-01-102-9/+7
| | | | | | | Use memset(3) instead of bzero(3) since POSIX recommends using the former and because it's also more portable (conforms to ANSI C standard) OK tedu@ tb@
* Include strings.h for bzero in usr.bin/ncinoguchi2019-01-092-2/+4
| | | | | | bzero is defined in strings.h. ok deraadt@
* too many words in previous;jmc2018-12-271-2/+2
|
* port ranges can be ambiguous with hypenated port-names.tedu2018-12-272-6/+7
| | | | | | specify that ranges must be numeric, and only check for range if first argument is a digit. identified by danj, fix suggest by sthen
* update for libtls default cert changes.tedu2018-11-291-5/+6
| | | | bonus: this exposed a few missing const qualifiers.
* In verbose mode netcat reports to stderr when the listen systembluhm2018-11-091-16/+29
| | | | | | call has finished. This allows to write race free scripts as they can check that the server is up and running. OK sthen@ tb@
* Use TLS_CA_CERT_FILE instead of a separate define.jsing2018-11-061-3/+2
| | | | ok beck@ bluhm@ tb@
* show what went wrong with a unix domain socket, rather than fail silentlydlg2018-10-261-2/+4
| | | | | | handy if you type the path wrong or don't have permission... ok deraadt@
* Plug TLS context leak in nc(1) server and client mode. Movebluhm2018-10-041-12/+10
| | | | | tls_free(3) directly after close(2) to catch all cases. based on a patch from Nan Xiao; OK tb@ deraadt@
* -T applies to ip6 too, apparently;jmc2018-09-251-4/+4
| | | | from nan xiao
* Declare strings passed to local_listen() as const. This makes itbluhm2018-09-071-3/+3
| | | | | consistent to remote_connect() and getaddrinfo(3). from Nan Xiao
* Do not close the socket twice in netcat.bluhm2018-09-061-5/+6
| | | | from Nan Xiao; OK tb@
* spelling;jmc2018-08-171-2/+2
|
* Make the wording more concise, use the imperative throughout, stateschwarze2018-08-171-108/+126
| | | | | | | more precisely which options require which other options, add many missing incompatibilities, mention the default for -e, and some macro cleanup. OK jmc@ tb@
* In typical swiss-army style, various modes and options causederaadt2018-08-101-1/+24
| | | | | different unveils. Joint work with beck and florian. Let us know if you hit any corner cases.
* trailing whitespace, and move arg checking before pledgebeck2018-04-271-17/+17
| | | | | in preparation for pledgepath ok deraadt@
* Clear password buffers in non-terminating casesderaadt2018-03-271-8/+11
| | | | ok tobias
* Remove the tls_init() call, since it is no longer necessary.jsing2018-03-191-3/+1
| | | | ok bcook@ beck@ inoguchi@
* Allow TLS ciphers and protocols to be specified for nc(1).jsing2017-11-282-41/+65
| | | | | | | | | | | Replace the "tlscompat" and "tlsall" options with "cipher" and "protocol" options that are key/value pairs. This allows the user to specify ciphers and protocols in a form that are accepted by tls_config_set_ciphers() and tls_config_set_protocols() respectively. ok beck@ (also ok jmc@ for a previous revision of the man page).
* Use a smaller buffer size too peek the receive data. The contentbluhm2017-10-241-5/+4
| | | | | | is discarded anyway, the plen variable is a leftover from the -j jumbo option. reported by Nan Xiao; OK deraadt@
* grammar was ass backwards;jmc2017-07-151-7/+7
|
* Add a "-T tlscompat" option to nc(1), which enables the use of all TLSjsing2017-07-152-5/+12
| | | | | | | | | | protocols and "compat" ciphers. This allows for TLS connections to TLS servers that are using less than ideal cipher suites, without having to resort to "-T tlsall" which enables all known cipher suites. Diff from Kyle J. McKay <mackyle at gmail dot com> ok beck@
* Continue the flattening of the pledge logic started in r1.184 and placetb2017-06-111-8/+8
| | | | | | a blank space somewhere else. suggested by and ok jsing
* Simple style(9) fixes from Juuso Lapinlampi, mostly whitespace andtb2017-06-111-33/+35
| | | | | | | omitting parentheses in return statements. Binary change because of return instead of exit(3) from main and because help() is now __dead. ok awolk
* If -P and -c were given, a second pledge call tried to add "rpath" to thetb2017-06-101-8/+5
| | | | | | | | | | | | first pledge promises, so nc exited with EPERM. To fix this, merge the pledge of the Pflag && usetls case into the first pledge block. This allows us to get rid of the second pledge block and thus to simplify the logic a bit. While there, add a missing blank to an error string. Joint effort by the #openbsd-daily code reading group, problem found and initial patch by <rain1 openmailbox org>. ok awolk
* Fix gcc warnings triggered by WARNINGS=yes.bluhm2017-05-261-9/+9
| | | | OK florian@
* Implement nc -W recvlimit to terminate netcat after receiving abluhm2017-05-102-8/+28
| | | | | | number of packets. This allows to send a UDP request, receive a reply and check the result on the command line. input jmc@; OK millert@
* Move comments into a block and uses {} to unconfuse reading.deraadt2017-04-161-12/+13
|
* - -Z before -z in options listjmc2017-04-052-7/+9
| | | | - add -Z to help and usage()
* Allow nc to save the peer certificate and chain in a pem file specifiedbeck2017-04-052-4/+39
| | | | | with -Z ok jsing@
* The netcat server did not print the correct TLS error message ifbluhm2017-03-091-2/+2
| | | | | | the handshake after accept had failed. Use the context of the accepted TLS connection. OK beck@
* When netcat was started with -Uz, the exit status was always 1. Ifbluhm2017-02-091-3/+4
| | | | | | the unix connect is successful, let nc -z close the socket and exit with 0. OK jca@
* Document that -x can take an ipv6 address enclosed in square brackets.jca2017-02-091-2/+5
|
* When getaddrinfo fails, print the requested host and port.jca2017-02-091-2/+3
| | | | Should make debugging easier, especially when using -x literal_ipv6_address
* Avoid a busy loop in netcat's tls_close(). Reuse the tls_handshake()bluhm2017-02-081-18/+8
| | | | | wrapper that calls poll(2) and handles the -w timeout. OK beck@
* Avoid double close(2) in netcat. After every call to readwrite()bluhm2017-02-081-13/+5
| | | | | there is already a close(2), so do not do it in readwrite(). OK beck@
* Due to non-blocking sockets, tls_handshake() could wait in a busybluhm2017-02-081-21/+42
| | | | | | loop. Use an additional poll(2) during the handshake and also respect the -w timeout option there. From Shuo Chen; OK beck@
* Support IPv6 proxy addressesjca2017-02-051-10/+24
| | | | ok beck@
* oscp -> ocsp;jmc2017-01-261-3/+3
| | | | from holger mikolon, plus one more in nc;
* Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)mestre2016-11-301-3/+6
| | | | | | and bail out in case of failure Feedback and OK jsing@
* tweak previous;jmc2016-11-061-3/+3
|
* rename tlslegacy to tlsall, and better describe what it does.beck2016-11-062-8/+8
| | | | ok jsing@
* zap trailing whitespace, and add -o to usage() and help (-h);jmc2016-11-052-6/+9
|
* Add support for server side OCSP stapling to libtls.beck2016-11-052-4/+19
| | | | Add support for server side OCSP stapling to netcat.
* new sentence, new line, and zap trailing whitespace;jmc2016-11-041-3/+4
|
* Add ocsp_require_stapling config option for tls - allows a connectionbeck2016-11-042-6/+12
| | | | | | to indicate that it requires the peer to provide a stapled OCSP response with the handshake. Provide a "-T muststaple" for nc that uses it. ok jsing@, guenther@
* make OCSP_URL only show up when an OCSP url is actually present in the certbeck2016-11-031-2/+3
|
* Make OCSP Stapling: only appear if there is stapling info present.beck2016-11-031-5/+3
|
* Add OCSP client side support to libtls.beck2016-11-021-1/+37
| | | | | | | | | | | | | - Provide access to certificate OCSP URL - Provide ability to check a raw OCSP reply against an established TLS ctx - Check and validate OCSP stapling info in the TLS handshake if a stapled OCSP response is provided.` Add example code to show OCSP URL and stapled info into netcat. ok jsing@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.