0038-nc-Add-option-to-disable-certificate-time-checking.patch (1902B)
- From e3267bbd5f0e3f8ea9caf07c92f58b046100901a Mon Sep 17 00:00:00 2001
- From: Michael Forney <mforney@mforney.org>
- Date: Thu, 20 May 2021 13:44:35 -0700
- Subject: [PATCH] nc: Add option to disable certificate time checking
- ---
- usr.bin/nc/nc.1 | 2 ++
- usr.bin/nc/netcat.c | 8 ++++++--
- 2 files changed, 8 insertions(+), 2 deletions(-)
- diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1
- index 2ffdcd1ea60..ecff109e395 100644
- --- a/usr.bin/nc/nc.1
- +++ b/usr.bin/nc/nc.1
- @@ -249,6 +249,8 @@ may be one of:
- which disables certificate verification;
- .Cm noname ,
- which disables certificate name checking;
- +.Cm notime ,
- +which disables certificate validity time checking;
- .Cm clientcert ,
- which requires a client certificate on incoming connections; or
- .Cm muststaple ,
- diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
- index 4fd399a6f89..982b65592fe 100644
- --- a/usr.bin/nc/netcat.c
- +++ b/usr.bin/nc/netcat.c
- @@ -70,8 +70,9 @@
- #define TLS_NOVERIFY (1 << 1)
- #define TLS_NONAME (1 << 2)
- -#define TLS_CCERT (1 << 3)
- -#define TLS_MUSTSTAPLE (1 << 4)
- +#define TLS_NOTIME (1 << 3)
- +#define TLS_CCERT (1 << 4)
- +#define TLS_MUSTSTAPLE (1 << 5)
- #ifndef IPTOS_DSCP_VA
- #define IPTOS_DSCP_VA 0xb0
- @@ -557,6 +558,8 @@ main(int argc, char *argv[])
- errx(1, "clientcert is only valid with -l");
- if (TLSopt & TLS_NONAME)
- tls_config_insecure_noverifyname(tls_cfg);
- + if (TLSopt & TLS_NOTIME)
- + tls_config_insecure_noverifytime(tls_cfg);
- if (TLSopt & TLS_NOVERIFY) {
- if (tls_expecthash != NULL)
- errx(1, "-H and -T noverify may not be used "
- @@ -1724,6 +1727,7 @@ process_tls_opt(char *s, int *flags)
- { "clientcert", TLS_CCERT, NULL },
- { "muststaple", TLS_MUSTSTAPLE, NULL },
- { "noname", TLS_NONAME, NULL },
- + { "notime", TLS_NOTIME, NULL },
- { "noverify", TLS_NOVERIFY, NULL },
- { "protocols", -1, &tls_protocols },
- { NULL, -1, NULL },
- --
- 2.54.0