diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/openbsd/patch/0040-nc-Add-option-to-disable-certificate-time-checking.patch | 59 | ||||
| -rw-r--r-- | pkg/openbsd/ver | 2 |
2 files changed, 60 insertions, 1 deletions
diff --git a/pkg/openbsd/patch/0040-nc-Add-option-to-disable-certificate-time-checking.patch b/pkg/openbsd/patch/0040-nc-Add-option-to-disable-certificate-time-checking.patch new file mode 100644 index 00000000..56f4071e --- /dev/null +++ b/pkg/openbsd/patch/0040-nc-Add-option-to-disable-certificate-time-checking.patch @@ -0,0 +1,59 @@ +From 439750086a7803d24bad1ae51a51d0949a89b6a0 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Thu, 20 May 2021 13:44:35 -0700 +Subject: [PATCH] nc: Add option to disable certificate time checking + +--- + usr.bin/nc/nc.1 | 2 ++ + usr.bin/nc/netcat.c | 8 ++++++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1 +index 14733597c18..74a3ecc7da6 100644 +--- a/usr.bin/nc/nc.1 ++++ b/usr.bin/nc/nc.1 +@@ -249,6 +249,8 @@ may be one of: + which disables certificate verification; + .Cm noname , + which disables certificate name checking; ++.Cm notime , ++which disables certificate validity time checking; + .Cm clientcert , + which requires a client certificate on incoming connections; or + .Cm muststaple , +diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c +index 489fe492fbd..89636f4f797 100644 +--- a/usr.bin/nc/netcat.c ++++ b/usr.bin/nc/netcat.c +@@ -70,8 +70,9 @@ + + #define TLS_NOVERIFY (1 << 1) + #define TLS_NONAME (1 << 2) +-#define TLS_CCERT (1 << 3) +-#define TLS_MUSTSTAPLE (1 << 4) ++#define TLS_NOTIME (1 << 3) ++#define TLS_CCERT (1 << 4) ++#define TLS_MUSTSTAPLE (1 << 5) + + /* Command Line Options */ + int dflag; /* detached, no stdin */ +@@ -547,6 +548,8 @@ main(int argc, char *argv[]) + errx(1, "clientcert is only valid with -l"); + if (TLSopt & TLS_NONAME) + tls_config_insecure_noverifyname(tls_cfg); ++ if (TLSopt & TLS_NOTIME) ++ tls_config_insecure_noverifytime(tls_cfg); + if (TLSopt & TLS_NOVERIFY) { + if (tls_expecthash != NULL) + errx(1, "-H and -T noverify may not be used " +@@ -1696,6 +1699,7 @@ process_tls_opt(char *s, int *flags) + { "muststaple", TLS_MUSTSTAPLE, NULL }, + { "noverify", TLS_NOVERIFY, NULL }, + { "noname", TLS_NONAME, NULL }, ++ { "notime", TLS_NOTIME, NULL }, + { "protocols", -1, &tls_protocols }, + { NULL, -1, NULL }, + }; +-- +2.35.1 + diff --git a/pkg/openbsd/ver b/pkg/openbsd/ver index ce5893bd..27e005c5 100644 --- a/pkg/openbsd/ver +++ b/pkg/openbsd/ver @@ -1 +1 @@ -7.1 r0 +7.1 r1 |