logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git

0038-nc-Add-option-to-disable-certificate-time-checking.patch (1885B)


  1. From 5e993fe93c590d60b05948e22b51dfc34c3eac4b Mon Sep 17 00:00:00 2001
  2. From: Michael Forney <mforney@mforney.org>
  3. Date: Thu, 20 May 2021 13:44:35 -0700
  4. Subject: [PATCH] nc: Add option to disable certificate time checking
  5. ---
  6. usr.bin/nc/nc.1 | 2 ++
  7. usr.bin/nc/netcat.c | 8 ++++++--
  8. 2 files changed, 8 insertions(+), 2 deletions(-)
  9. diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1
  10. index 76b6dc018ea..9e13b84acf7 100644
  11. --- a/usr.bin/nc/nc.1
  12. +++ b/usr.bin/nc/nc.1
  13. @@ -249,6 +249,8 @@ may be one of:
  14. which disables certificate verification;
  15. .Cm noname ,
  16. which disables certificate name checking;
  17. +.Cm notime ,
  18. +which disables certificate validity time checking;
  19. .Cm clientcert ,
  20. which requires a client certificate on incoming connections; or
  21. .Cm muststaple ,
  22. diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
  23. index b5129c2204d..d1ed530eb2c 100644
  24. --- a/usr.bin/nc/netcat.c
  25. +++ b/usr.bin/nc/netcat.c
  26. @@ -70,8 +70,9 @@
  27. #define TLS_NOVERIFY (1 << 1)
  28. #define TLS_NONAME (1 << 2)
  29. -#define TLS_CCERT (1 << 3)
  30. -#define TLS_MUSTSTAPLE (1 << 4)
  31. +#define TLS_NOTIME (1 << 3)
  32. +#define TLS_CCERT (1 << 4)
  33. +#define TLS_MUSTSTAPLE (1 << 5)
  34. /* Command Line Options */
  35. int dflag; /* detached, no stdin */
  36. @@ -546,6 +547,8 @@ main(int argc, char *argv[])
  37. errx(1, "clientcert is only valid with -l");
  38. if (TLSopt & TLS_NONAME)
  39. tls_config_insecure_noverifyname(tls_cfg);
  40. + if (TLSopt & TLS_NOTIME)
  41. + tls_config_insecure_noverifytime(tls_cfg);
  42. if (TLSopt & TLS_NOVERIFY) {
  43. if (tls_expecthash != NULL)
  44. errx(1, "-H and -T noverify may not be used "
  45. @@ -1707,6 +1710,7 @@ process_tls_opt(char *s, int *flags)
  46. { "muststaple", TLS_MUSTSTAPLE, NULL },
  47. { "noverify", TLS_NOVERIFY, NULL },
  48. { "noname", TLS_NONAME, NULL },
  49. + { "notime", TLS_NOTIME, NULL },
  50. { "protocols", -1, &tls_protocols },
  51. { NULL, -1, NULL },
  52. };
  53. --
  54. 2.49.0