linux-qubasis

0038-nc-Add-option-to-disable-certificate-time-checking.patch

(1885B)

 From 5e993fe93c590d60b05948e22b51dfc34c3eac4b Mon Sep 17 00:00:00 2001
 From: Michael Forney <mforney@mforney.org>
 Date: Thu, 20 May 2021 13:44:35 -0700
 Subject: [PATCH] nc: Add option to disable certificate time checking
 
 ---
  usr.bin/nc/nc.1     | 2 ++
  usr.bin/nc/netcat.c | 8 ++++++--
  2 files changed, 8 insertions(+), 2 deletions(-)
 
 diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1
 index 76b6dc018ea..9e13b84acf7 100644
 --- a/usr.bin/nc/nc.1
 +++ b/usr.bin/nc/nc.1
 @@ -249,6 +249,8 @@ may be one of:
  which disables certificate verification;
  .Cm noname ,
  which disables certificate name checking;
 +.Cm notime ,
 +which disables certificate validity time checking;
  .Cm clientcert ,
  which requires a client certificate on incoming connections; or
  .Cm muststaple ,
 diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
 index b5129c2204d..d1ed530eb2c 100644
 --- a/usr.bin/nc/netcat.c
 +++ b/usr.bin/nc/netcat.c
 @@ -70,8 +70,9 @@
  
  #define TLS_NOVERIFY	(1 << 1)
  #define TLS_NONAME	(1 << 2)
 -#define TLS_CCERT	(1 << 3)
 -#define TLS_MUSTSTAPLE	(1 << 4)
 +#define TLS_NOTIME	(1 << 3)
 +#define TLS_CCERT	(1 << 4)
 +#define TLS_MUSTSTAPLE	(1 << 5)
  
  /* Command Line Options */
  int	dflag;					/* detached, no stdin */
 @@ -546,6 +547,8 @@ main(int argc, char *argv[])
  			errx(1, "clientcert is only valid with -l");
  		if (TLSopt & TLS_NONAME)
  			tls_config_insecure_noverifyname(tls_cfg);
 +		if (TLSopt & TLS_NOTIME)
 +			tls_config_insecure_noverifytime(tls_cfg);
  		if (TLSopt & TLS_NOVERIFY) {
  			if (tls_expecthash != NULL)
  				errx(1, "-H and -T noverify may not be used "
 @@ -1707,6 +1710,7 @@ process_tls_opt(char *s, int *flags)
  		{ "muststaple",		TLS_MUSTSTAPLE,		NULL },
  		{ "noverify",		TLS_NOVERIFY,		NULL },
  		{ "noname",		TLS_NONAME,		NULL },
 +		{ "notime",		TLS_NOTIME,		NULL },
  		{ "protocols",		-1,			&tls_protocols },
  		{ NULL,			-1,			NULL },
  	};
 -- 
 2.49.0