From 5e993fe93c590d60b05948e22b51dfc34c3eac4b Mon Sep 17 00:00:00 2001 From: Michael Forney Date: Thu, 20 May 2021 13:44:35 -0700 Subject: [PATCH] nc: Add option to disable certificate time checking --- usr.bin/nc/nc.1 | 2 ++ usr.bin/nc/netcat.c | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1 index 76b6dc018ea..9e13b84acf7 100644 --- a/usr.bin/nc/nc.1 +++ b/usr.bin/nc/nc.1 @@ -249,6 +249,8 @@ may be one of: which disables certificate verification; .Cm noname , which disables certificate name checking; +.Cm notime , +which disables certificate validity time checking; .Cm clientcert , which requires a client certificate on incoming connections; or .Cm muststaple , diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c index b5129c2204d..d1ed530eb2c 100644 --- a/usr.bin/nc/netcat.c +++ b/usr.bin/nc/netcat.c @@ -70,8 +70,9 @@ #define TLS_NOVERIFY (1 << 1) #define TLS_NONAME (1 << 2) -#define TLS_CCERT (1 << 3) -#define TLS_MUSTSTAPLE (1 << 4) +#define TLS_NOTIME (1 << 3) +#define TLS_CCERT (1 << 4) +#define TLS_MUSTSTAPLE (1 << 5) /* Command Line Options */ int dflag; /* detached, no stdin */ @@ -546,6 +547,8 @@ main(int argc, char *argv[]) errx(1, "clientcert is only valid with -l"); if (TLSopt & TLS_NONAME) tls_config_insecure_noverifyname(tls_cfg); + if (TLSopt & TLS_NOTIME) + tls_config_insecure_noverifytime(tls_cfg); if (TLSopt & TLS_NOVERIFY) { if (tls_expecthash != NULL) errx(1, "-H and -T noverify may not be used " @@ -1707,6 +1710,7 @@ process_tls_opt(char *s, int *flags) { "muststaple", TLS_MUSTSTAPLE, NULL }, { "noverify", TLS_NOVERIFY, NULL }, { "noname", TLS_NONAME, NULL }, + { "notime", TLS_NOTIME, NULL }, { "protocols", -1, &tls_protocols }, { NULL, -1, NULL }, }; -- 2.49.0