0040-nc-Add-option-to-disable-certificate-time-checking.patch (1885B)
1 From 506272f64ba252c562e3036d14713de780817d1a Mon Sep 17 00:00:00 2001 2 From: Michael Forney <mforney@mforney.org> 3 Date: Thu, 20 May 2021 13:44:35 -0700 4 Subject: [PATCH] nc: Add option to disable certificate time checking 5 6 --- 7 usr.bin/nc/nc.1 | 2 ++ 8 usr.bin/nc/netcat.c | 8 ++++++-- 9 2 files changed, 8 insertions(+), 2 deletions(-) 10 11 diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1 12 index 0ef318e0e6f..5858ef763dc 100644 13 --- a/usr.bin/nc/nc.1 14 +++ b/usr.bin/nc/nc.1 15 @@ -249,6 +249,8 @@ may be one of: 16 which disables certificate verification; 17 .Cm noname , 18 which disables certificate name checking; 19 +.Cm notime , 20 +which disables certificate validity time checking; 21 .Cm clientcert , 22 which requires a client certificate on incoming connections; or 23 .Cm muststaple , 24 diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c 25 index 7369ed85619..29d2cb3bf29 100644 26 --- a/usr.bin/nc/netcat.c 27 +++ b/usr.bin/nc/netcat.c 28 @@ -70,8 +70,9 @@ 29 30 #define TLS_NOVERIFY (1 << 1) 31 #define TLS_NONAME (1 << 2) 32 -#define TLS_CCERT (1 << 3) 33 -#define TLS_MUSTSTAPLE (1 << 4) 34 +#define TLS_NOTIME (1 << 3) 35 +#define TLS_CCERT (1 << 4) 36 +#define TLS_MUSTSTAPLE (1 << 5) 37 38 /* Command Line Options */ 39 int dflag; /* detached, no stdin */ 40 @@ -546,6 +547,8 @@ main(int argc, char *argv[]) 41 errx(1, "clientcert is only valid with -l"); 42 if (TLSopt & TLS_NONAME) 43 tls_config_insecure_noverifyname(tls_cfg); 44 + if (TLSopt & TLS_NOTIME) 45 + tls_config_insecure_noverifytime(tls_cfg); 46 if (TLSopt & TLS_NOVERIFY) { 47 if (tls_expecthash != NULL) 48 errx(1, "-H and -T noverify may not be used " 49 @@ -1705,6 +1708,7 @@ process_tls_opt(char *s, int *flags) 50 { "muststaple", TLS_MUSTSTAPLE, NULL }, 51 { "noverify", TLS_NOVERIFY, NULL }, 52 { "noname", TLS_NONAME, NULL }, 53 + { "notime", TLS_NOTIME, NULL }, 54 { "protocols", -1, &tls_protocols }, 55 { NULL, -1, NULL }, 56 }; 57 -- 58 2.37.3 59