Hello, the use of certificates for TLS didn't work with nc(1). Fix is attached.
Best regards Andreas
Index: netcat.c =================================================================== RCS file: /cvs/src/usr.bin/nc/netcat.c,v retrieving revision 1.149 diff -u -p -u -r1.149 netcat.c --- netcat.c 28 Dec 2015 14:17:47 -0000 1.149 +++ netcat.c 4 Jan 2016 00:52:22 -0000 @@ -429,9 +429,9 @@ main(int argc, char *argv[]) if (usetls) { if (Rflag && (cacert=tls_load_file(Rflag, &cacertlen, NULL)) == NULL) errx(1, "unable to load root CA file %s", Rflag); - if (Cflag && (pubcert=tls_load_file(Rflag, &pubcertlen, NULL)) == NULL) + if (Cflag && (pubcert=tls_load_file(Cflag, &pubcertlen, NULL)) == NULL) errx(1, "unable to load TLS certificate file %s", Cflag); - if (Kflag && (privkey=tls_load_file(Rflag, &privkeylen, NULL)) == NULL) + if (Kflag && (privkey=tls_load_file(Kflag, &privkeylen, NULL)) == NULL) errx(1, "unable to load TLS key file %s", Kflag); if (pledge("stdio inet dns", NULL) == -1) @@ -443,7 +443,7 @@ main(int argc, char *argv[]) errx(1, "unable to allocate TLS config"); if (Rflag && tls_config_set_ca_mem(tls_cfg, cacert, cacertlen) == -1) errx(1, "unable to set root CA file %s", Rflag); - if (Cflag && tls_config_set_cert_mem(tls_cfg, cacert, cacertlen) == -1) + if (Cflag && tls_config_set_cert_mem(tls_cfg, pubcert, pubcertlen) == -1) errx(1, "unable to set TLS certificate file %s", Cflag); if (Kflag && tls_config_set_key_mem(tls_cfg, privkey, privkeylen) == -1) errx(1, "unable to set TLS key file %s", Kflag);