remove DEFAULT_CA_FILE patch, since libtls handles this by default

2016-08-13 11:42:21 -05:00 · 2016-08-13 11:42:21 -05:00 · 9e25f75800
commit 9e25f75800
parent 36aafbb241
2 changed files with 14 additions and 41 deletions
--- a/apps/nc/Makefile.am
+++ b/apps/nc/Makefile.am
@ -17,11 +17,6 @@ nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
 nc_LDADD += $(abs_top_builddir)/tls/libtls.la

 AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
-if OPENSSLDIR_DEFINED
-AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
-else
-AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
-endif

 nc_SOURCES = atomicio.c
 nc_SOURCES += netcat.c
--- a/patches/netcat.c.patch
+++ b/patches/netcat.c.patch
@ -1,16 +1,6 @@
--- apps/nc/netcat.c.orig	Thu Jun 30 19:56:49 2016
-+++ apps/nc/netcat.c	Thu Jun 30 19:59:09 2016
-@@ -65,7 +65,9 @@
- #define POLL_NETIN 2
- #define POLL_STDOUT 3
- #define BUFSIZE 16384
-+#ifndef DEFAULT_CA_FILE
- #define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-+#endif
- 
- #define TLS_LEGACY	(1 << 1)
- #define TLS_NOVERIFY	(1 << 2)
-@@ -92,9 +94,13 @@
+--- apps/nc/netcat.c.orig	Thu Jul  7 07:25:23 2016
+++ apps/nc/netcat.c	Thu Jul  7 07:25:37 2016
+@@ -91,9 +91,13 @@
 int	Dflag;					/* sodebug */
 int	Iflag;					/* TCP receive buffer size */
 int	Oflag;					/* TCP send buffer size */
@ -24,7 +14,7 @@
 
 int	usetls;					/* use TLS */
 char    *Cflag;					/* Public cert file */
-@@ -152,7 +158,7 @@
+@@ -145,7 +149,7 @@
 	struct servent *sv;
 	socklen_t len;
 	struct sockaddr_storage cliaddr;
@ -33,7 +23,7 @@
 	const char *errstr, *proxyhost = "", *proxyport = NULL;
 	struct addrinfo proxyhints;
 	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
-@@ -262,12 +268,14 @@
+@@ -255,12 +259,14 @@
 		case 'u':
 			uflag = 1;
 			break;
@ -48,7 +38,7 @@
 		case 'v':
 			vflag = 1;
 			break;
-@@ -300,9 +308,11 @@
+@@ -293,9 +299,11 @@
 				errx(1, "TCP send window %s: %s",
 				    errstr, optarg);
 			break;
@ -60,7 +50,7 @@
 		case 'T':
 			errstr = NULL;
 			errno = 0;
-@@ -326,9 +336,11 @@
+@@ -319,9 +327,11 @@
 	argc -= optind;
 	argv += optind;
 
@ -72,19 +62,7 @@
 
 	if (family == AF_UNIX) {
 		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
-@@ -480,7 +492,10 @@
- 				errx(1, "-H and -T noverify may not be used"
- 				    "together");
- 			tls_config_insecure_noverifycert(tls_cfg);
-		}
-+		} else {
-+                        if (Rflag && access(Rflag, R_OK) == -1)
-+                                errx(1, "unable to find root CA file %s", Rflag);
-+                }
- 	}
- 	if (lflag) {
- 		struct tls *tls_cctx = NULL;
-@@ -832,7 +847,10 @@
+@@ -824,7 +834,10 @@
 remote_connect(const char *host, const char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
@ -96,7 +74,7 @@
 
 	if ((error = getaddrinfo(host, port, &hints, &res)))
 		errx(1, "getaddrinfo: %s", gai_strerror(error));
-@@ -847,8 +865,10 @@
+@@ -839,8 +852,10 @@
 		if (sflag || pflag) {
 			struct addrinfo ahints, *ares;
 
@ -107,7 +85,7 @@
 			memset(&ahints, 0, sizeof(struct addrinfo));
 			ahints.ai_family = res0->ai_family;
 			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
-@@ -919,7 +939,10 @@
+@@ -911,7 +926,10 @@
 local_listen(char *host, char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
@ -119,7 +97,7 @@
 	int error;
 
 	/* Allow nodename to be null. */
-@@ -941,9 +964,11 @@
+@@ -933,9 +951,11 @@
 		    res0->ai_protocol)) < 0)
 			continue;
 
@ -131,7 +109,7 @@
 
 		set_common_sockopts(s, res0->ai_family);
 
-@@ -1401,11 +1426,13 @@
+@@ -1393,11 +1413,13 @@
 {
 	int x = 1;
 
@ -145,7 +123,7 @@
 	if (Dflag) {
 		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
 			&x, sizeof(x)) == -1)
-@@ -1442,13 +1469,17 @@
+@@ -1434,13 +1456,17 @@
 	}
 
 	if (minttl != -1) {
@ -164,7 +142,7 @@
 	}
 }
 
-@@ -1605,14 +1636,22 @@
+@@ -1597,14 +1623,22 @@
 	\t-P proxyuser\tUsername for proxy authentication\n\
 	\t-p port\t	Specify local port for remote connects\n\
 	\t-R CAfile	CA bundle\n\