add ifdef to support legacy ciphers - hurl - Gopher/HTTP/HTTPS file grabber
(HTM) git clone git://git.codemadness.org/hurl
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 102c200727ea0e943ea3b793b0e7894bc1078f6c
(DIR) parent a09813538d85a05d7eb5adf470834eb996391a07
(HTM) Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sun, 17 Feb 2019 15:02:49 +0100
add ifdef to support legacy ciphers
By default this is off. NOTE: OpenBSD ftp has legacy on by default, with
OpenBSD netcat this is off.
Noticed on the feed:
https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss.xml
other changes:
also change die() to errx(1, ...)
Diffstat:
M hurl.c | 61 +++++++++++++++----------------
1 file changed, 29 insertions(+), 32 deletions(-)
---
(DIR) diff --git a/hurl.c b/hurl.c
@@ -49,18 +49,8 @@ static char *config_custom;
static struct uri u;
/* raw command-line argument */
static char *url;
-
-void
-die(const char *fmt, ...)
-{
- va_list ap;
-
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
- va_end(ap);
-
- exit(1);
-}
+/* TLS config */
+static struct tls_config *tls_config;
int
parseuri(const char *s, struct uri *u)
@@ -143,7 +133,7 @@ edial(const char *host, const char *port)
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_NUMERICSERV; /* numeric port only */
if ((error = getaddrinfo(host, port, &hints, &res0)))
- die("%s: %s: %s:%s\n", __func__, gai_strerror(error), host, port);
+ errx(1, "%s: %s: %s:%s", __func__, gai_strerror(error), host, port);
s = -1;
for (res = res0; res; res = res->ai_next) {
s = socket(res->ai_family, res->ai_socktype,
@@ -156,12 +146,12 @@ edial(const char *host, const char *port)
timeout.tv_sec = config_timeout;
timeout.tv_usec = 0;
if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)) == -1)
- die("%s: setsockopt: %s\n", __func__, strerror(errno));
+ err(1, "%s: setsockopt", __func__);
timeout.tv_sec = config_timeout;
timeout.tv_usec = 0;
if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) == -1)
- die("%s: setsockopt: %s\n", __func__, strerror(errno));
+ err(1, "%s: setsockopt", __func__);
if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
cause = "connect";
@@ -174,7 +164,7 @@ edial(const char *host, const char *port)
break;
}
if (s == -1)
- die("%s: %s: %s:%s\n", __func__, cause, host, port);
+ errx(1, "%s: %s: %s:%s", __func__, cause, host, port);
freeaddrinfo(res0);
return s;
@@ -202,10 +192,14 @@ https_request(void)
fprintf(stderr, "tls_client: %s\n", tls_error(t));
goto err;
}
+ if (tls_configure(t, tls_config) != 0) {
+ fprintf(stderr, "tls_configure: %s\n", tls_error(t));
+ goto err;
+ }
fd = edial(u.host, u.port);
if (tls_connect_socket(t, fd, u.host) == -1)
- die("tls_connect: %s\n", tls_error(t));
+ errx(1, "tls_connect: %s", tls_error(t));
if (pledge("stdio", NULL) == -1)
err(1, "pledge");
@@ -495,12 +489,20 @@ main(int argc, char **argv)
usage();
url = argv[0];
- if (parseuri(url, &u) == -1) {
- fprintf(stderr, "invalid url: %s\n", url);
- exit(1);
- }
+ if (parseuri(url, &u) == -1)
+ errx(1, "invalid url: %s", url);
if (!strcmp(u.proto, "https")) {
+ if (tls_init())
+ errx(1, "tls_init failed");
+ if (!(tls_config = tls_config_new()))
+ errx(1, "tls config failed");
+#ifdef SUPPORT_LEGACY
+ /* enable legacy cipher and negotiation. */
+ if (tls_config_set_ciphers(tls_config, "legacy"))
+ errx(1, "tls set ciphers failed: %s",
+ tls_config_error(tls_config));
+#endif
if (!strcmp(u.proto, "https"))
memcpy(u.port, "443", 4);
statuscode = https_request();
@@ -509,26 +511,21 @@ main(int argc, char **argv)
memcpy(u.port, "80", 3);
statuscode = http_request();
} else if (!strcmp(u.proto, "gopher")) {
- if (config_custom) {
- fprintf(stderr, "no custom header supported with gopher protocol\n");
- exit(1);
- }
+ if (config_custom)
+ errx(1, "no custom header supported with gopher protocol");
if (!u.port[0])
memcpy(u.port, "70", 3);
- if (u.path[0] != '/' || u.path[1] == '\0') {
- fprintf(stderr, "must specify type\n");
- exit(1);
- }
+ if (u.path[0] != '/' || u.path[1] == '\0')
+ errx(1, "must specify type");
statuscode = gopher_request();
} else {
if (u.proto[0])
- fprintf(stderr, "unsupported protocol specified: %s\n", u.proto);
+ errx(1, "unsupported protocol specified: %s", u.proto);
else
- fprintf(stderr, "no protocol specified\n");
- exit(1);
+ errx(1, "no protocol specified");
}
return statuscode;