display notbefore and notafter for netcat -vc

Sat, 31 Oct 2015 17:36:00 -0700 

This is very useful when checking expiry dates for legacy web certificates.

beck@ has this in his local tree. I'm just trying to draw it out of him... :)

Fix some white space and remove unused variables while here.

Rob

Index: netcat.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.140
diff -u -p -r1.140 netcat.c
--- netcat.c    23 Oct 2015 05:27:17 -0000      1.140
+++ netcat.c    1 Nov 2015 00:28:38 -0000
@@ -676,7 +676,6 @@ unix_bind(char *path, int flags)
 
 void
 tls_setup_client(struct tls *tls_ctx, int s, char *host)
-
 {
        int i;
 
@@ -696,6 +695,7 @@ tls_setup_client(struct tls *tls_ctx, in
            strcmp(tls_expecthash, tls_peer_cert_hash(tls_ctx)) != 0)
                errx(1, "peer certificate is not %s", tls_expecthash);
 }
+
 struct tls *
 tls_setup_server(struct tls *tls_ctx, int connfd, char *host)
 {
@@ -735,6 +735,7 @@ tls_setup_server(struct tls *tls_ctx, in
        }
        return NULL;
 }
+
 /*
  * unix_connect()
  * Returns a socket connected to a local unix socket. Returns -1 on failure.
@@ -1161,7 +1162,6 @@ drainbuf(int fd, unsigned char *buf, siz
        return n;
 }
 
-
 ssize_t
 fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
 {
@@ -1468,7 +1468,11 @@ map_tls(char *s, int *val)
 void
 report_tls(struct tls * tls_ctx, char * host, char *tls_expectname)
 {
-       char *subject = NULL, *issuer = NULL;
+       char *format = NULL;
+       time_t notbefore, notafter;
+       struct tm *tmnb, *tmna;
+       char buf_nb[1024], buf_na[1024];
+
        fprintf(stderr, "TLS handshake negotiated %s/%s with host %s\n",
            tls_conn_version(tls_ctx), tls_conn_cipher(tls_ctx), host);
        fprintf(stderr, "Peer name %s\n",
@@ -1479,12 +1483,26 @@ report_tls(struct tls * tls_ctx, char * 
        if (tls_peer_cert_issuer(tls_ctx))
                fprintf(stderr, "Issuer: %s\n",
                    tls_peer_cert_issuer(tls_ctx));
+
+       format = "%a %b %e %H:%M:%S %Z %Y";
+
+       notbefore = tls_peer_cert_notbefore(tls_ctx);
+       if (tmnb = localtime(&notbefore)) {
+               (void)strftime(buf_nb, sizeof(buf_nb), format, tmnb);
+               (void)printf("Not valid before: %s\n", buf_nb);
+       }
+
+       notafter = tls_peer_cert_notafter(tls_ctx);
+       if (tmna = localtime(&notafter)) {
+               (void)strftime(buf_na, sizeof(buf_na), format, tmna);
+               (void)printf("Not valid after:  %s\n", buf_na);
+       }
+
        if (tls_peer_cert_hash(tls_ctx))
                fprintf(stderr, "Cert Hash: %s\n",
                    tls_peer_cert_hash(tls_ctx));
-       free(subject);
-       free(issuer);
 }
+
 void
 report_connect(const struct sockaddr *sa, socklen_t salen)
 {

Reply via email to