This is very useful when checking expiry dates for legacy web certificates.
beck@ has this in his local tree. I'm just trying to draw it out of him... :)
Fix some white space and remove unused variables while here.
Rob
Index: netcat.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.140
diff -u -p -r1.140 netcat.c
--- netcat.c 23 Oct 2015 05:27:17 -0000 1.140
+++ netcat.c 1 Nov 2015 00:28:38 -0000
@@ -676,7 +676,6 @@ unix_bind(char *path, int flags)
void
tls_setup_client(struct tls *tls_ctx, int s, char *host)
-
{
int i;
@@ -696,6 +695,7 @@ tls_setup_client(struct tls *tls_ctx, in
strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
errx(1, "peer certificate is not %s", tls_expecthash);
}
+
struct tls *
tls_setup_server(struct tls *tls_ctx, int connfd, char *host)
{
@@ -735,6 +735,7 @@ tls_setup_server(struct tls *tls_ctx, in
}
return NULL;
}
+
/*
* unix_connect()
* Returns a socket connected to a local unix socket. Returns -1 on failure.
@@ -1161,7 +1162,6 @@ drainbuf(int fd, unsigned char *buf, siz
return n;
}
-
ssize_t
fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
{
@@ -1468,7 +1468,11 @@ map_tls(char *s, int *val)
void
report_tls(struct tls * tls_ctx, char * host, char *tls_expectname)
{
- char *subject = NULL, *issuer = NULL;
+ char *format = NULL;
+ time_t notbefore, notafter;
+ struct tm *tmnb, *tmna;
+ char buf_nb[1024], buf_na[1024];
+
fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n",
tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host);
fprintf(stderr, "Peer name %s\n",
@@ -1479,12 +1483,26 @@ report_tls(struct tls * tls_ctx, char *
if (tls_peer_cert_issuer(tls_ctx))
fprintf(stderr, "Issuer: %s\n",
tls_peer_cert_issuer(tls_ctx));
+
+ format = "%a %b %e %H:%M:%S %Z %Y";
+
+ notbefore = tls_peer_cert_notbefore(tls_ctx);
+ if (tmnb = localtime(¬before)) {
+ (void)strftime(buf_nb, sizeof(buf_nb), format, tmnb);
+ (void)printf("Not valid before: %s\n", buf_nb);
+ }
+
+ notafter = tls_peer_cert_notafter(tls_ctx);
+ if (tmna = localtime(¬after)) {
+ (void)strftime(buf_na, sizeof(buf_na), format, tmna);
+ (void)printf("Not valid after: %s\n", buf_na);
+ }
+
if (tls_peer_cert_hash(tls_ctx))
fprintf(stderr, "Cert Hash: %s\n",
tls_peer_cert_hash(tls_ctx));
- free(subject);
- free(issuer);
}
+
void
report_connect(const struct sockaddr *sa, socklen_t salen)
{