diff options
Diffstat (limited to 'network/netcat-openbsd/patches/0002-build-without-TLS-support.patch')
-rw-r--r-- | network/netcat-openbsd/patches/0002-build-without-TLS-support.patch | 872 |
1 files changed, 0 insertions, 872 deletions
diff --git a/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch b/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch deleted file mode 100644 index c4a72c65af..0000000000 --- a/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch +++ /dev/null @@ -1,872 +0,0 @@ -From: Guilhem Moulin <guilhem@debian.org> -Date: Fri, 09 Jun 2017 13:21:23 +0200 -Subject: build without TLS support - -tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z) -that are already used by our Debian-specific patches. - ---- - Makefile | 2 - nc.1 | 114 ++--------------------------------------- - netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- - 3 files changed, 153 insertions(+), 135 deletions(-) - ---- a/Makefile -+++ b/Makefile -@@ -2,8 +2,6 @@ - - PROG= nc - SRCS= netcat.c atomicio.c socks.c --LDADD+= -ltls -lssl -lcrypto --DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} - - LIBS= `pkg-config --libs libbsd` -lresolv - OBJS= $(SRCS:.c=.o) ---- a/nc.1 -+++ b/nc.1 -@@ -33,20 +33,14 @@ - .Nd arbitrary TCP and UDP connections and listens - .Sh SYNOPSIS - .Nm nc --.Op Fl 46cDdFhklNnrStUuvz --.Op Fl C Ar certfile --.Op Fl e Ar name --.Op Fl H Ar hash -+.Op Fl 46DdFhklNnrStUuvz - .Op Fl I Ar length - .Op Fl i Ar interval --.Op Fl K Ar keyfile - .Op Fl M Ar ttl - .Op Fl m Ar minttl - .Op Fl O Ar length --.Op Fl o Ar staplefile - .Op Fl P Ar proxy_username - .Op Fl p Ar source_port --.Op Fl R Ar CAfile - .Op Fl s Ar source - .Op Fl T Ar keyword - .Op Fl V Ar rtable -@@ -54,7 +48,6 @@ - .Op Fl w Ar timeout - .Op Fl X Ar proxy_protocol - .Op Fl x Ar proxy_address Ns Op : Ns Ar port --.Op Fl Z Ar peercertfile - .Op Ar destination - .Op Ar port - .Sh DESCRIPTION -@@ -99,28 +92,10 @@ The options are as follows: - Use IPv4 addresses only. - .It Fl 6 - Use IPv6 addresses only. --.It Fl C Ar certfile --Load the public key part of the TLS peer certificate from --.Ar certfile , --in PEM format. --Requires --.Fl c . --.It Fl c --Use TLS to connect or listen. --Cannot be used together with any of the options --.Fl FuU . - .It Fl D - Enable debugging on the socket. - .It Fl d - Do not attempt to read from stdin. --.It Fl e Ar name --Only accept the TLS peer certificate if it contains the --.Ar name . --Requires --.Fl c . --If not specified, --.Ar destination --is used. - .It Fl F - Pass the first connected socket using - .Xr sendmsg 2 -@@ -137,18 +112,7 @@ using the - .Cm ProxyUseFdpass - option). - Cannot be used with --.Fl c --or - .Fl U . --.It Fl H Ar hash --Only accept the TLS peer certificate if its hash returned from --.Xr tls_peer_cert_hash 3 --matches --.Ar hash . --Requires --.Fl c --and cannot be used with --.Fl T Cm noverify . - .It Fl h - Print out the - .Nm -@@ -160,12 +124,6 @@ Sleep for - .Ar interval - seconds between lines of text sent and received. - Also causes a delay time between connections to multiple ports. --.It Fl K Ar keyfile --Load the TLS private key from --.Ar keyfile , --in PEM format. --Requires --.Fl c . - .It Fl k - When a connection is completed, listen for another one. - Requires -@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on - hostnames or ports. - .It Fl O Ar length - Specify the size of the TCP send buffer. --.It Fl o Ar staplefile --During the TLS handshake, load data to be stapled from --.Ar staplefile , --which is expected to contain an OCSP response from an OCSP server in --DER format. --Requires --.Fl c --and --.Fl C . - .It Fl P Ar proxy_username - Specifies a username to present to a proxy server that requires authentication. - If no username is specified then authentication will not be attempted. -@@ -213,13 +162,6 @@ Proxy authentication is only supported f - Specify the source port - .Nm - should use, subject to privilege restrictions and availability. --.It Fl R Ar CAfile --Load the root CA bundle for TLS certificate verification from --.Ar CAfile , --in PEM format, instead of --.Pa /etc/ssl/cert.pem . --Requires --.Fl c . - .It Fl r - Choose source and/or destination ports randomly - instead of sequentially within a range or in the order that the system -@@ -239,35 +181,7 @@ Cannot be used together with - or - .Fl x . - .It Fl T Ar keyword --Change the IPv4 TOS/IPv6 traffic class value or the TLS options. --.Pp --For TLS options, --.Ar keyword --may be one of: --.Cm noverify , --which disables certificate verification; --.Cm noname , --which disables certificate name checking; --.Cm clientcert , --which requires a client certificate on incoming connections; or --.Cm muststaple , --which requires the peer to provide a valid stapled OCSP response --with the handshake. --The following TLS options specify a value in the form of a --.Ar key Ns = Ns Ar value --pair: --.Cm ciphers , --which allows the supported TLS ciphers to be specified (see --.Xr tls_config_set_ciphers 3 --for further details); --.Cm protocols , --which allows the supported TLS protocols to be specified (see --.Xr tls_config_parse_protocols 3 --for further details). --Specifying TLS options requires --.Fl c . --.Pp --For the IPv4 TOS/IPv6 traffic class value, -+Change the IPv4 TOS/IPv6 traffic class value. - .Ar keyword - may be one of - .Cm critical , -@@ -291,13 +205,13 @@ to script telnet sessions. - Use - .Ux Ns -domain - sockets. --Cannot be used together with any of the options --.Fl cFx . -+Cannot be used together with -+.Fl F -+or -+.Fl x . - .It Fl u - Use UDP instead of TCP. - Cannot be used together with --.Fl c --or - .Fl x . - For - .Ux Ns -domain -@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig - in square brackets. - A proxy cannot be used with any of the options - .Fl lsuU . --.It Fl Z Ar peercertfile --Save the peer certificates to --.Ar peercertfile , --in PEM format. --Requires --.Fl c . - .It Fl z - Only scan for listening daemons, without sending any data to them. - Cannot be used together with -@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec - .Pp - .Dl $ nc -p 31337 -w 5 host.example.com 42 - .Pp --Open a TCP connection to port 443 of www.example.com, and negotiate TLS with --any supported TLS protocol version and "compat" ciphers: --.Pp --.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443 --.Pp --Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. --Check for a different name in the certificate for validation: --.Pp --.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443 --.Pp - Open a UDP connection to port 53 of host.example.com: - .Pp - .Dl $ nc -u host.example.com 53 ---- a/netcat.c -+++ b/netcat.c -@@ -99,7 +99,9 @@ - #include <stdlib.h> - #include <string.h> - #include <time.h> --#include <tls.h> -+#ifdef TLS -+# include <tls.h> -+#endif - #include <unistd.h> - #include <bsd/stdlib.h> - #include <bsd/string.h> -@@ -115,10 +117,12 @@ - #define POLL_STDOUT 3 - #define BUFSIZE 16384 - --#define TLS_NOVERIFY (1 << 1) --#define TLS_NONAME (1 << 2) --#define TLS_CCERT (1 << 3) --#define TLS_MUSTSTAPLE (1 << 4) -+#ifdef TLS -+# define TLS_NOVERIFY (1 << 1) -+# define TLS_NONAME (1 << 2) -+# define TLS_CCERT (1 << 3) -+# define TLS_MUSTSTAPLE (1 << 4) -+#endif - - /* Command Line Options */ - int dflag; /* detached, no stdin */ -@@ -144,6 +148,7 @@ int Sflag; /* TCP MD5 signature opti - int Tflag = -1; /* IP Type of Service */ - int rtableid = -1; - -+# if defined(TLS) - int usetls; /* use TLS */ - const char *Cflag; /* Public cert file */ - const char *Kflag; /* Private key file */ -@@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash - char *tls_ciphers; /* TLS ciphers */ - char *tls_protocols; /* TLS protocols */ - FILE *Zflag; /* file to save peer cert */ -+# endif - - int recvcount, recvlimit; - int timeout = -1; -@@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp); - void build_ports(char *); - void help(void) __attribute__((noreturn)); - int local_listen(const char *, const char *, struct addrinfo); -+# if defined(TLS) - void readwrite(int, struct tls *); -+# else -+void readwrite(int); -+# endif - void fdpass(int nfd) __attribute__((noreturn)); - int remote_connect(const char *, const char *, struct addrinfo); -+# if defined(TLS) - int timeout_tls(int, struct tls *, int (*)(struct tls *)); -+# endif - int timeout_connect(int, const struct sockaddr *, socklen_t); - int socks_connect(const char *, const char *, struct addrinfo, - const char *, const char *, struct addrinfo, int, const char *); -@@ -183,15 +195,24 @@ int unix_connect(char *); - int unix_listen(char *); - void set_common_sockopts(int, int); - int process_tos_opt(char *, int *); -+# if defined(TLS) - int process_tls_opt(char *, int *); - void save_peer_cert(struct tls *_tls_ctx, FILE *_fp); -+# endif - void report_sock(const char *, const struct sockaddr *, socklen_t, char *); -+# if defined(TLS) - void report_tls(struct tls *tls_ctx, char * host); -+# endif - void usage(int); -+# if defined(TLS) - ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *); - ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *); - void tls_setup_client(struct tls *, int, char *); - struct tls *tls_setup_server(struct tls *, int, char *); -+# else -+ssize_t drainbuf(int, unsigned char *, size_t *); -+ssize_t fillbuf(int, unsigned char *, size_t *); -+# endif - - int - main(int argc, char *argv[]) -@@ -206,8 +227,10 @@ main(int argc, char *argv[]) - const char *errstr; - struct addrinfo proxyhints; - char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; -+# if defined(TLS) - struct tls_config *tls_cfg = NULL; - struct tls *tls_ctx = NULL; -+# endif - uint32_t protocols; - - ret = 1; -@@ -215,12 +238,18 @@ main(int argc, char *argv[]) - host = NULL; - uport = NULL; - sv = NULL; -+# if defined(TLS) - Rflag = tls_default_ca_cert_file(); -+# endif - - signal(SIGPIPE, SIG_IGN); - - while ((ch = getopt(argc, argv, -+# if defined(TLS) - "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) -+# else -+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) -+# endif - != -1) { - switch (ch) { - case '4': -@@ -242,24 +271,30 @@ main(int argc, char *argv[]) - else - errx(1, "unsupported proxy protocol"); - break; -+# if defined(TLS) - case 'C': - Cflag = optarg; - break; - case 'c': - usetls = 1; - break; -+# endif - case 'd': - dflag = 1; - break; -+# if defined(TLS) - case 'e': - tls_expectname = optarg; - break; -+# endif - case 'F': - Fflag = 1; - break; -+# if defined(TLS) - case 'H': - tls_expecthash = optarg; - break; -+# endif - case 'h': - help(); - break; -@@ -268,9 +303,11 @@ main(int argc, char *argv[]) - if (errstr) - errx(1, "interval %s: %s", errstr, optarg); - break; -+# if defined(TLS) - case 'K': - Kflag = optarg; - break; -+# endif - case 'k': - kflag = 1; - break; -@@ -299,10 +336,12 @@ main(int argc, char *argv[]) - case 'p': - pflag = optarg; - break; -+# if defined(TLS) - case 'R': - tls_cachanged = 1; - Rflag = optarg; - break; -+# endif - case 'r': - rflag = 1; - break; -@@ -344,12 +383,14 @@ main(int argc, char *argv[]) - if ((proxy = strdup(optarg)) == NULL) - err(1, NULL); - break; -+# if defined(TLS) - case 'Z': - if (strcmp(optarg, "-") == 0) - Zflag = stderr; - else if ((Zflag = fopen(optarg, "w")) == NULL) - err(1, "can't open %s", optarg); - break; -+# endif - case 'z': - zflag = 1; - break; -@@ -368,9 +409,11 @@ main(int argc, char *argv[]) - errx(1, "TCP send window %s: %s", - errstr, optarg); - break; -+# if defined(TLS) - case 'o': - oflag = optarg; - break; -+# endif - case 'S': - # if defined(TCP_MD5SIG) - Sflag = 1; -@@ -381,8 +424,10 @@ main(int argc, char *argv[]) - case 'T': - errstr = NULL; - errno = 0; -+# if defined(TLS) - if (process_tls_opt(optarg, &TLSopt)) - break; -+# endif - if (process_tos_opt(optarg, &Tflag)) - break; - if (strlen(optarg) > 1 && optarg[0] == '0' && -@@ -392,7 +437,11 @@ main(int argc, char *argv[]) - Tflag = (int)strtonum(optarg, 0, 255, - &errstr); - if (Tflag < 0 || Tflag > 255 || errstr || errno) -+# if defined(TLS) - errx(1, "illegal tos/tls value %s", optarg); -+# else -+ errx(1, "illegal tos value %s", optarg); -+# endif - break; - default: - usage(1); -@@ -429,6 +478,7 @@ main(int argc, char *argv[]) - } else - usage(1); - -+# if defined(TLS) - if (usetls) { - if (Cflag && unveil(Cflag, "r") == -1) - err(1, "unveil"); -@@ -452,15 +502,19 @@ main(int argc, char *argv[]) - err(1, "unveil"); - } - } -+# endif - - if (!lflag && kflag) - errx(1, "must use -l with -k"); -+# if defined(TLS) - if (uflag && usetls) - errx(1, "cannot use -c and -u"); - if ((family == AF_UNIX) && usetls) - errx(1, "cannot use -c and -U"); -+# endif - if ((family == AF_UNIX) && Fflag) - errx(1, "cannot use -F and -U"); -+# if defined(TLS) - if (Fflag && usetls) - errx(1, "cannot use -c and -F"); - if (TLSopt && !usetls) -@@ -479,6 +533,7 @@ main(int argc, char *argv[]) - errx(1, "you must specify -c to use -H"); - if (tls_expectname && !usetls) - errx(1, "you must specify -c to use -e"); -+# endif - - /* Get name of temporary socket for unix datagram client */ - if ((family == AF_UNIX) && uflag && !lflag) { -@@ -545,6 +600,7 @@ main(int argc, char *argv[]) - proxyhints.ai_flags |= AI_NUMERICHOST; - } - -+# if defined(TLS) - if (usetls) { - if ((tls_cfg = tls_config_new()) == NULL) - errx(1, "unable to allocate TLS config"); -@@ -580,7 +636,8 @@ main(int argc, char *argv[]) - err(1, "pledge"); - } else if (pledge("stdio inet dns", NULL) == -1) - err(1, "pledge"); -- } -+ } -+# endif - if (lflag) { - ret = 0; - -@@ -591,6 +648,7 @@ main(int argc, char *argv[]) - s = unix_listen(host); - } - -+# if defined(TLS) - if (usetls) { - tls_config_verify_client_optional(tls_cfg); - if ((tls_ctx = tls_server()) == NULL) -@@ -599,6 +657,7 @@ main(int argc, char *argv[]) - errx(1, "tls configuration failed (%s)", - tls_error(tls_ctx)); - } -+# endif - /* Allow only one connection at a time, but stay alive. */ - for (;;) { - if (family != AF_UNIX) { -@@ -614,7 +673,11 @@ main(int argc, char *argv[]) - * let it receive datagrams from multiple - * socket pairs. - */ -+# if defined(TLS) - readwrite(s, NULL); -+# else -+ readwrite(s); -+# endif - } else if (uflag && !kflag) { - /* - * For UDP and not -k, we will use recvfrom() -@@ -639,9 +702,14 @@ main(int argc, char *argv[]) - report_sock("Connection received", - (struct sockaddr *)&z, len, NULL); - -+# if defined(TLS) - readwrite(s, NULL); - } else { - struct tls *tls_cctx = NULL; -+# else -+ readwrite(s); -+ } else { -+# endif - int connfd; - - len = sizeof(cliaddr); -@@ -655,6 +723,7 @@ main(int argc, char *argv[]) - report_sock("Connection received", - (struct sockaddr *)&cliaddr, len, - family == AF_UNIX ? host : NULL); -+# if defined(TLS) - if ((usetls) && - (tls_cctx = tls_setup_server(tls_ctx, connfd, host))) - readwrite(connfd, tls_cctx); -@@ -664,6 +733,10 @@ main(int argc, char *argv[]) - timeout_tls(s, tls_cctx, tls_close); - close(connfd); - tls_free(tls_cctx); -+# else -+ readwrite(connfd); -+ close(connfd); -+# endif - } - if (family == AF_UNIX && uflag) { - if (connect(s, NULL, 0) == -1) -@@ -678,7 +751,11 @@ main(int argc, char *argv[]) - - if ((s = unix_connect(host)) > 0) { - if (!zflag) -+# if defined(TLS) - readwrite(s, NULL); -+# else -+ readwrite(s); -+# endif - close(s); - } else { - warn("%s", host); -@@ -699,6 +776,7 @@ main(int argc, char *argv[]) - for (s = -1, i = 0; portlist[i] != NULL; i++) { - if (s != -1) - close(s); -+# if defined(TLS) - tls_free(tls_ctx); - tls_ctx = NULL; - -@@ -709,6 +787,7 @@ main(int argc, char *argv[]) - errx(1, "tls configuration failed (%s)", - tls_error(tls_ctx)); - } -+# endif - if (xflag) - s = socks_connect(host, portlist[i], hints, - proxy, proxyport, proxyhints, socksv, -@@ -746,6 +825,7 @@ main(int argc, char *argv[]) - } - if (Fflag) - fdpass(s); -+# if defined(TLS) - else { - if (usetls) - tls_setup_client(tls_ctx, s, host); -@@ -754,13 +834,19 @@ main(int argc, char *argv[]) - if (tls_ctx) - timeout_tls(s, tls_ctx, tls_close); - } -+# else -+ else if (!zflag) -+ readwrite(s); -+# endif - } - } - - if (s != -1) - close(s); -+# if defined(TLS) - tls_free(tls_ctx); - tls_config_free(tls_cfg); -+# endif - - return ret; - } -@@ -802,6 +888,7 @@ unix_bind(char *path, int flags) - return s; - } - -+# if defined(TLS) - int - timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *)) - { -@@ -888,6 +975,7 @@ tls_setup_server(struct tls *tls_ctx, in - } - return NULL; - } -+# endif - - /* - * unix_connect() -@@ -1113,7 +1201,11 @@ local_listen(const char *host, const cha - * Loop that polls on the network file descriptor and stdin. - */ - void -+# if defined(TLS) - readwrite(int net_fd, struct tls *tls_ctx) -+# else -+readwrite(int net_fd) -+# endif - { - struct pollfd pfd[4]; - int stdin_fd = STDIN_FILENO; -@@ -1213,12 +1305,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to read from stdin */ - if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) { - ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf, -+# if defined(TLS) - &stdinbufpos, NULL); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_STDIN].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_STDIN].events = POLLOUT; -- else if (ret == 0 || ret == -1) -+ else -+# else -+ &stdinbufpos); -+# endif -+ if (ret == 0 || ret == -1) - pfd[POLL_STDIN].fd = -1; - /* read something - poll net out */ - if (stdinbufpos > 0) -@@ -1230,12 +1327,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to write to network */ - if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) { - ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf, -+# if defined(TLS) - &stdinbufpos, tls_ctx); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_NETOUT].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_NETOUT].events = POLLOUT; -- else if (ret == -1) -+ else -+# else -+ &stdinbufpos); -+# endif -+ if (ret == -1) - pfd[POLL_NETOUT].fd = -1; - /* buffer empty - remove self from polling */ - if (stdinbufpos == 0) -@@ -1247,12 +1349,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to read from network */ - if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) { - ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf, -+# if defined(TLS) - &netinbufpos, tls_ctx); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_NETIN].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_NETIN].events = POLLOUT; -- else if (ret == -1) -+ else -+# else -+ &netinbufpos); -+# endif -+ if (ret == -1) - pfd[POLL_NETIN].fd = -1; - /* eof on net in - remove from pfd */ - if (ret == 0) { -@@ -1279,12 +1386,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to write to stdout */ - if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) { - ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf, -+# if defined(TLS) - &netinbufpos, NULL); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_STDOUT].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_STDOUT].events = POLLOUT; -- else if (ret == -1) -+ else -+# else -+ &netinbufpos); -+# endif -+ if (ret == -1) - pfd[POLL_STDOUT].fd = -1; - /* buffer empty - remove self from polling */ - if (netinbufpos == 0) -@@ -1308,21 +1420,31 @@ readwrite(int net_fd, struct tls *tls_ct - } - - ssize_t -+# if defined(TLS) - drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) -+# else -+drainbuf(int fd, unsigned char *buf, size_t *bufpos) -+# endif - { - ssize_t n; - ssize_t adjust; - -+# if defined(TLS) - if (tls) { - n = tls_write(tls, buf, *bufpos); - if (n == -1) - errx(1, "tls write failed (%s)", tls_error(tls)); - } else { -+# endif - n = write(fd, buf, *bufpos); - /* don't treat EAGAIN, EINTR as error */ - if (n == -1 && (errno == EAGAIN || errno == EINTR)) -+# if defined(TLS) - n = TLS_WANT_POLLOUT; - } -+# else -+ n = -2; -+# endif - if (n <= 0) - return n; - /* adjust buffer */ -@@ -1334,21 +1456,31 @@ drainbuf(int fd, unsigned char *buf, siz - } - - ssize_t -+# if defined(TLS) - fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) -+# else -+fillbuf(int fd, unsigned char *buf, size_t *bufpos) -+# endif - { - size_t num = BUFSIZE - *bufpos; - ssize_t n; - -+# if defined(TLS) - if (tls) { - n = tls_read(tls, buf + *bufpos, num); - if (n == -1) - errx(1, "tls read failed (%s)", tls_error(tls)); - } else { -+# endif - n = read(fd, buf + *bufpos, num); - /* don't treat EAGAIN, EINTR as error */ - if (n == -1 && (errno == EAGAIN || errno == EINTR)) -+# if defined(TLS) - n = TLS_WANT_POLLIN; - } -+# else -+ n = -2; -+# endif - if (n <= 0) - return n; - *bufpos += n; -@@ -1666,6 +1798,7 @@ process_tos_opt(char *s, int *val) - return 0; - } - -+# if defined(TLS) - int - process_tls_opt(char *s, int *flags) - { -@@ -1779,6 +1912,7 @@ report_tls(struct tls * tls_ctx, char * - - } - } -+# endif - - void - report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen, -@@ -1817,17 +1951,12 @@ help(void) - fprintf(stderr, "\tCommand Summary:\n\ - \t-4 Use IPv4\n\ - \t-6 Use IPv6\n\ -- \t-C certfile Public key file\n\ -- \t-c Use TLS\n\ - \t-D Enable the debug socket option\n\ - \t-d Detach from stdin\n\ -- \t-e name\t Required name in peer certificate\n\ - \t-F Pass socket fd\n\ -- \t-H hash\t Hash string of peer certificate\n\ - \t-h This help text\n\ - \t-I length TCP receive buffer length\n\ - \t-i interval Delay interval for lines sent, ports scanned\n\ -- \t-K keyfile Private key file\n\ - \t-k Keep inbound sockets open for multiple connects\n\ - \t-l Listen mode, for inbound connects\n\ - \t-M ttl Outgoing TTL / Hop Limit\n\ -@@ -1835,14 +1964,12 @@ help(void) - \t-N Shutdown the network socket after EOF on stdin\n\ - \t-n Suppress name/port resolutions\n\ - \t-O length TCP send buffer length\n\ -- \t-o staplefile Staple file\n\ - \t-P proxyuser\tUsername for proxy authentication\n\ - \t-p port\t Specify local port for remote connects\n\ -- \t-R CAfile CA bundle\n\ - \t-r Randomize remote ports\n\ - \t-S Enable the TCP MD5 signature option\n\ - \t-s source Local source address\n\ -- \t-T keyword TOS value or TLS options\n\ -+ \t-T keyword TOS value\n\ - \t-t Answer TELNET negotiation\n\ - \t-U Use UNIX domain socket\n\ - \t-u UDP mode\n\ -@@ -1852,7 +1979,6 @@ help(void) - \t-w timeout Timeout for connects and final net reads\n\ - \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ - \t-x addr[:port]\tSpecify proxy address and port\n\ -- \t-Z Peer certificate file\n\ - \t-z Zero-I/O mode [used for scanning]\n\ - Port numbers can be individual or ranges: lo-hi [inclusive]\n"); - exit(0); -@@ -1862,15 +1988,11 @@ void - usage(int ret) - { - fprintf(stderr, -- "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] " -- "[-H hash] [-I length]\n" -- "\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n" -- "\t [-o staplefile] [-P proxy_username] [-p source_port] " -- "[-R CAfile]\n" -+ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" -+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" - "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " - "[-w timeout]\n" - "\t [-X proxy_protocol] [-x proxy_address[:port]] " -- "[-Z peercertfile]\n" - "\t [destination] [port]\n"); - if (ret) - exit(1); |