hurl

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE
commit 102c200727ea0e943ea3b793b0e7894bc1078f6c
parent a09813538d85a05d7eb5adf470834eb996391a07
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Sun, 17 Feb 2019 15:02:49 +0100

add ifdef to support legacy ciphers

By default this is off. NOTE: OpenBSD ftp has legacy on by default, with
OpenBSD netcat this is off.

Noticed on the feed:
https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss.xml

other changes:
also change die() to errx(1, ...)

Diffstat:

Mhurl.c | 61+++++++++++++++++++++++++++++--------------------------------


1 file changed, 29 insertions(+), 32 deletions(-)

diff --git a/hurl.c b/hurl.c
@@ -49,18 +49,8 @@ static char *config_custom;
 static struct uri u;
 /* raw command-line argument */
 static char *url;
-
-void
-die(const char *fmt, ...)
-{
-	va_list ap;
-
-	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
-	va_end(ap);
-
-	exit(1);
-}
+/* TLS config */
+static struct tls_config *tls_config;
 
 int
 parseuri(const char *s, struct uri *u)
@@ -143,7 +133,7 @@ edial(const char *host, const char *port)
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_flags = AI_NUMERICSERV; /* numeric port only */
 	if ((error = getaddrinfo(host, port, &hints, &res0)))
-		die("%s: %s: %s:%s\n", __func__, gai_strerror(error), host, port);
+		errx(1, "%s: %s: %s:%s", __func__, gai_strerror(error), host, port);
 	s = -1;
 	for (res = res0; res; res = res->ai_next) {
 		s = socket(res->ai_family, res->ai_socktype,
@@ -156,12 +146,12 @@ edial(const char *host, const char *port)
 		timeout.tv_sec = config_timeout;
 		timeout.tv_usec = 0;
 		if (setsockopt(s, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)) == -1)
-			die("%s: setsockopt: %s\n", __func__, strerror(errno));
+			err(1, "%s: setsockopt", __func__);
 
 		timeout.tv_sec = config_timeout;
 		timeout.tv_usec = 0;
 		if (setsockopt(s, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) == -1)
-			die("%s: setsockopt: %s\n", __func__, strerror(errno));
+			err(1, "%s: setsockopt", __func__);
 
 		if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
 			cause = "connect";
@@ -174,7 +164,7 @@ edial(const char *host, const char *port)
 		break;
 	}
 	if (s == -1)
-		die("%s: %s: %s:%s\n", __func__, cause, host, port);
+		errx(1, "%s: %s: %s:%s", __func__, cause, host, port);
 	freeaddrinfo(res0);
 
 	return s;
@@ -202,10 +192,14 @@ https_request(void)
 		fprintf(stderr, "tls_client: %s\n", tls_error(t));
 		goto err;
 	}
+	if (tls_configure(t, tls_config) != 0) {
+		fprintf(stderr, "tls_configure: %s\n", tls_error(t));
+		goto err;
+	}
 
 	fd = edial(u.host, u.port);
 	if (tls_connect_socket(t, fd, u.host) == -1)
-		die("tls_connect: %s\n", tls_error(t));
+		errx(1, "tls_connect: %s", tls_error(t));
 
 	if (pledge("stdio", NULL) == -1)
 		err(1, "pledge");
@@ -495,12 +489,20 @@ main(int argc, char **argv)
 		usage();
 
 	url = argv[0];
-	if (parseuri(url, &u) == -1) {
-		fprintf(stderr, "invalid url: %s\n", url);
-		exit(1);
-	}
+	if (parseuri(url, &u) == -1)
+		errx(1, "invalid url: %s", url);
 
 	if (!strcmp(u.proto, "https")) {
+		if (tls_init())
+			errx(1, "tls_init failed");
+		if (!(tls_config = tls_config_new()))
+			errx(1, "tls config failed");
+#ifdef SUPPORT_LEGACY
+		/* enable legacy cipher and negotiation. */
+		if (tls_config_set_ciphers(tls_config, "legacy"))
+			errx(1, "tls set ciphers failed: %s",
+			     tls_config_error(tls_config));
+#endif
 		if (!strcmp(u.proto, "https"))
 			memcpy(u.port, "443", 4);
 		statuscode = https_request();
@@ -509,26 +511,21 @@ main(int argc, char **argv)
 			memcpy(u.port, "80", 3);
 		statuscode = http_request();
 	} else if (!strcmp(u.proto, "gopher")) {
-		if (config_custom) {
-			fprintf(stderr, "no custom header supported with gopher protocol\n");
-			exit(1);
-		}
+		if (config_custom)
+			errx(1, "no custom header supported with gopher protocol");
 
 		if (!u.port[0])
 			memcpy(u.port, "70", 3);
 
-		if (u.path[0] != '/' || u.path[1] == '\0') {
-			fprintf(stderr, "must specify type\n");
-			exit(1);
-		}
+		if (u.path[0] != '/' || u.path[1] == '\0')
+			errx(1, "must specify type");
 
 		statuscode = gopher_request();
 	} else {
 		if (u.proto[0])
-			fprintf(stderr, "unsupported protocol specified: %s\n", u.proto);
+			errx(1, "unsupported protocol specified: %s", u.proto);
 		else
-			fprintf(stderr, "no protocol specified\n");
-		exit(1);
+			errx(1, "no protocol specified");
 	}
 
 	return statuscode;