1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
From 5e993fe93c590d60b05948e22b51dfc34c3eac4b Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Thu, 20 May 2021 13:44:35 -0700
Subject: [PATCH] nc: Add option to disable certificate time checking
---
usr.bin/nc/nc.1 | 2 ++
usr.bin/nc/netcat.c | 8 ++++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1
index 76b6dc018ea..9e13b84acf7 100644
--- a/usr.bin/nc/nc.1
+++ b/usr.bin/nc/nc.1
@@ -249,6 +249,8 @@ may be one of:
which disables certificate verification;
.Cm noname ,
which disables certificate name checking;
+.Cm notime ,
+which disables certificate validity time checking;
.Cm clientcert ,
which requires a client certificate on incoming connections; or
.Cm muststaple ,
diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
index b5129c2204d..d1ed530eb2c 100644
--- a/usr.bin/nc/netcat.c
+++ b/usr.bin/nc/netcat.c
@@ -70,8 +70,9 @@
#define TLS_NOVERIFY (1 << 1)
#define TLS_NONAME (1 << 2)
-#define TLS_CCERT (1 << 3)
-#define TLS_MUSTSTAPLE (1 << 4)
+#define TLS_NOTIME (1 << 3)
+#define TLS_CCERT (1 << 4)
+#define TLS_MUSTSTAPLE (1 << 5)
/* Command Line Options */
int dflag; /* detached, no stdin */
@@ -546,6 +547,8 @@ main(int argc, char *argv[])
errx(1, "clientcert is only valid with -l");
if (TLSopt & TLS_NONAME)
tls_config_insecure_noverifyname(tls_cfg);
+ if (TLSopt & TLS_NOTIME)
+ tls_config_insecure_noverifytime(tls_cfg);
if (TLSopt & TLS_NOVERIFY) {
if (tls_expecthash != NULL)
errx(1, "-H and -T noverify may not be used "
@@ -1707,6 +1710,7 @@ process_tls_opt(char *s, int *flags)
{ "muststaple", TLS_MUSTSTAPLE, NULL },
{ "noverify", TLS_NOVERIFY, NULL },
{ "noname", TLS_NONAME, NULL },
+ { "notime", TLS_NOTIME, NULL },
{ "protocols", -1, &tls_protocols },
{ NULL, -1, NULL },
};
--
2.49.0
|
