diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-10-07 00:19:40 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-10-07 00:19:40 +0200 |
| commit | 5afff3b04637ee2d0fa29bf783428e7fc43ea722 (patch) | |
| tree | 2100f8775cba230aa904c5db21e5223acf12fefa | |
| parent | bf9dcee9d08fdce76306331f85ed48fa682fce09 (diff) | |
| download | gnutls-5afff3b04637ee2d0fa29bf783428e7fc43ea722.tar.gz | |
Added command-line option to disable CA verification.
| -rw-r--r-- | src/cli-args.c | 659 | ||||
| -rw-r--r-- | src/cli-args.def | 8 | ||||
| -rw-r--r-- | src/cli-args.h | 140 | ||||
| -rw-r--r-- | src/cli.c | 28 |
4 files changed, 437 insertions, 398 deletions
diff --git a/src/cli-args.c b/src/cli-args.c index 05f8af5e8f..585591836f 100644 --- a/src/cli-args.c +++ b/src/cli-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (cli-args.c) * - * It has been AutoGen-ed October 6, 2012 at 03:20:01 AM by AutoGen 5.16 + * It has been AutoGen-ed October 7, 2012 at 12:14:56 AM by AutoGen 5.16 * From the definitions cli-args.def * and the template file options * @@ -67,7 +67,7 @@ extern FILE * option_usage_fp; /* * gnutls-cli option static const strings */ -static char const gnutls_cli_opt_strs[3667] = +static char const gnutls_cli_opt_strs[3738] = /* 0 */ "gnutls-cli @VERSION@\n" "Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" @@ -97,131 +97,134 @@ static char const gnutls_cli_opt_strs[3667] = /* 1013 */ "Enable DANE certificate verification (DNSSEC)\0" /* 1059 */ "DANE\0" /* 1064 */ "no-dane\0" -/* 1072 */ "Enable OCSP certificate verification\0" -/* 1109 */ "OCSP\0" -/* 1114 */ "no-ocsp\0" -/* 1122 */ "Establish a session and resume\0" -/* 1153 */ "RESUME\0" -/* 1160 */ "resume\0" -/* 1167 */ "Activate heartbeat support\0" -/* 1194 */ "HEARTBEAT\0" -/* 1204 */ "heartbeat\0" -/* 1214 */ "Establish a session and rehandshake\0" -/* 1250 */ "REHANDSHAKE\0" -/* 1262 */ "rehandshake\0" -/* 1274 */ "Don't accept session tickets\0" -/* 1303 */ "NOTICKET\0" -/* 1312 */ "noticket\0" -/* 1321 */ "Enable OCSP status request\0" -/* 1348 */ "OCSP_STATUS_REQUEST\0" -/* 1368 */ "no-ocsp-status-request\0" -/* 1391 */ "Connect, establish a plain session and start TLS.\0" -/* 1441 */ "STARTTLS\0" -/* 1450 */ "starttls\0" -/* 1459 */ "Use DTLS (datagram TLS) over UDP\0" -/* 1492 */ "UDP\0" -/* 1496 */ "udp\0" -/* 1500 */ "Set MTU for datagram TLS\0" -/* 1525 */ "MTU\0" -/* 1529 */ "mtu\0" -/* 1533 */ "Send CR LF instead of LF\0" -/* 1558 */ "CRLF\0" -/* 1563 */ "crlf\0" -/* 1568 */ "Use DER format for certificates to read from\0" -/* 1613 */ "X509FMTDER\0" -/* 1624 */ "x509fmtder\0" -/* 1635 */ "Send the openpgp fingerprint, instead of the key\0" -/* 1684 */ "FINGERPRINT\0" -/* 1696 */ "fingerprint\0" -/* 1708 */ "Disable all the TLS extensions\0" -/* 1739 */ "DISABLE_EXTENSIONS\0" -/* 1758 */ "disable-extensions\0" -/* 1777 */ "Print peer's certificate in PEM format\0" -/* 1816 */ "PRINT_CERT\0" -/* 1827 */ "print-cert\0" -/* 1838 */ "The maximum record size to advertize\0" -/* 1875 */ "RECORDSIZE\0" -/* 1886 */ "recordsize\0" -/* 1897 */ "The minimum number of bits allowed for DH\0" -/* 1939 */ "DH_BITS\0" -/* 1947 */ "dh-bits\0" -/* 1955 */ "Priorities string\0" -/* 1973 */ "PRIORITY\0" -/* 1982 */ "priority\0" -/* 1991 */ "Certificate file or PKCS #11 URL to use\0" -/* 2031 */ "X509CAFILE\0" -/* 2042 */ "x509cafile\0" -/* 2053 */ "CRL file to use\0" -/* 2069 */ "X509CRLFILE\0" -/* 2081 */ "x509crlfile\0" -/* 2093 */ "PGP Key file to use\0" -/* 2113 */ "PGPKEYFILE\0" -/* 2124 */ "pgpkeyfile\0" -/* 2135 */ "PGP Key ring file to use\0" -/* 2160 */ "PGPKEYRING\0" -/* 2171 */ "pgpkeyring\0" -/* 2182 */ "PGP Public Key (certificate) file to use\0" -/* 2223 */ "PGPCERTFILE\0" -/* 2235 */ "pgpcertfile\0" -/* 2247 */ "X.509 key file or PKCS #11 URL to use\0" -/* 2285 */ "X509KEYFILE\0" -/* 2297 */ "x509keyfile\0" -/* 2309 */ "X.509 Certificate file or PKCS #11 URL to use\0" -/* 2355 */ "X509CERTFILE\0" -/* 2368 */ "x509certfile\0" -/* 2381 */ "PGP subkey to use (hex or auto)\0" -/* 2413 */ "PGPSUBKEY\0" -/* 2423 */ "pgpsubkey\0" -/* 2433 */ "SRP username to use\0" -/* 2453 */ "SRPUSERNAME\0" -/* 2465 */ "srpusername\0" -/* 2477 */ "SRP password to use\0" -/* 2497 */ "SRPPASSWD\0" -/* 2507 */ "srppasswd\0" -/* 2517 */ "PSK username to use\0" -/* 2537 */ "PSKUSERNAME\0" -/* 2549 */ "pskusername\0" -/* 2561 */ "PSK key (in hex) to use\0" -/* 2585 */ "PSKKEY\0" -/* 2592 */ "pskkey\0" -/* 2599 */ "The port or service to connect to\0" -/* 2633 */ "PORT\0" -/* 2638 */ "port\0" -/* 2643 */ "Don't abort program if server certificate can't be validated\0" -/* 2704 */ "INSECURE\0" -/* 2713 */ "insecure\0" -/* 2722 */ "Benchmark individual ciphers\0" -/* 2751 */ "BENCHMARK_CIPHERS\0" -/* 2769 */ "benchmark-ciphers\0" -/* 2787 */ "Benchmark individual software ciphers (no hw acceleration)\0" -/* 2846 */ "BENCHMARK_SOFT_CIPHERS\0" -/* 2869 */ "benchmark-soft-ciphers\0" -/* 2892 */ "Benchmark TLS key exchange methods\0" -/* 2927 */ "BENCHMARK_TLS_KX\0" -/* 2944 */ "benchmark-tls-kx\0" -/* 2961 */ "Benchmark TLS ciphers\0" -/* 2983 */ "BENCHMARK_TLS_CIPHERS\0" -/* 3005 */ "benchmark-tls-ciphers\0" -/* 3027 */ "Print a list of the supported algorithms and modes\0" -/* 3078 */ "LIST\0" -/* 3083 */ "list\0" -/* 3088 */ "Display extended usage information and exit\0" -/* 3132 */ "help\0" -/* 3137 */ "Extended usage information passed thru pager\0" -/* 3182 */ "more-help\0" -/* 3192 */ "Output version information and exit\0" -/* 3228 */ "version\0" -/* 3236 */ "GNUTLS_CLI\0" -/* 3247 */ "gnutls-cli - GnuTLS client - Ver. @VERSION@\n" +/* 1072 */ "Disable CA certificate verification\0" +/* 1108 */ "CA_VERIFICATION\0" +/* 1124 */ "no-ca-verification\0" +/* 1143 */ "Enable OCSP certificate verification\0" +/* 1180 */ "OCSP\0" +/* 1185 */ "no-ocsp\0" +/* 1193 */ "Establish a session and resume\0" +/* 1224 */ "RESUME\0" +/* 1231 */ "resume\0" +/* 1238 */ "Activate heartbeat support\0" +/* 1265 */ "HEARTBEAT\0" +/* 1275 */ "heartbeat\0" +/* 1285 */ "Establish a session and rehandshake\0" +/* 1321 */ "REHANDSHAKE\0" +/* 1333 */ "rehandshake\0" +/* 1345 */ "Don't accept session tickets\0" +/* 1374 */ "NOTICKET\0" +/* 1383 */ "noticket\0" +/* 1392 */ "Enable OCSP status request\0" +/* 1419 */ "OCSP_STATUS_REQUEST\0" +/* 1439 */ "no-ocsp-status-request\0" +/* 1462 */ "Connect, establish a plain session and start TLS.\0" +/* 1512 */ "STARTTLS\0" +/* 1521 */ "starttls\0" +/* 1530 */ "Use DTLS (datagram TLS) over UDP\0" +/* 1563 */ "UDP\0" +/* 1567 */ "udp\0" +/* 1571 */ "Set MTU for datagram TLS\0" +/* 1596 */ "MTU\0" +/* 1600 */ "mtu\0" +/* 1604 */ "Send CR LF instead of LF\0" +/* 1629 */ "CRLF\0" +/* 1634 */ "crlf\0" +/* 1639 */ "Use DER format for certificates to read from\0" +/* 1684 */ "X509FMTDER\0" +/* 1695 */ "x509fmtder\0" +/* 1706 */ "Send the openpgp fingerprint, instead of the key\0" +/* 1755 */ "FINGERPRINT\0" +/* 1767 */ "fingerprint\0" +/* 1779 */ "Disable all the TLS extensions\0" +/* 1810 */ "DISABLE_EXTENSIONS\0" +/* 1829 */ "disable-extensions\0" +/* 1848 */ "Print peer's certificate in PEM format\0" +/* 1887 */ "PRINT_CERT\0" +/* 1898 */ "print-cert\0" +/* 1909 */ "The maximum record size to advertize\0" +/* 1946 */ "RECORDSIZE\0" +/* 1957 */ "recordsize\0" +/* 1968 */ "The minimum number of bits allowed for DH\0" +/* 2010 */ "DH_BITS\0" +/* 2018 */ "dh-bits\0" +/* 2026 */ "Priorities string\0" +/* 2044 */ "PRIORITY\0" +/* 2053 */ "priority\0" +/* 2062 */ "Certificate file or PKCS #11 URL to use\0" +/* 2102 */ "X509CAFILE\0" +/* 2113 */ "x509cafile\0" +/* 2124 */ "CRL file to use\0" +/* 2140 */ "X509CRLFILE\0" +/* 2152 */ "x509crlfile\0" +/* 2164 */ "PGP Key file to use\0" +/* 2184 */ "PGPKEYFILE\0" +/* 2195 */ "pgpkeyfile\0" +/* 2206 */ "PGP Key ring file to use\0" +/* 2231 */ "PGPKEYRING\0" +/* 2242 */ "pgpkeyring\0" +/* 2253 */ "PGP Public Key (certificate) file to use\0" +/* 2294 */ "PGPCERTFILE\0" +/* 2306 */ "pgpcertfile\0" +/* 2318 */ "X.509 key file or PKCS #11 URL to use\0" +/* 2356 */ "X509KEYFILE\0" +/* 2368 */ "x509keyfile\0" +/* 2380 */ "X.509 Certificate file or PKCS #11 URL to use\0" +/* 2426 */ "X509CERTFILE\0" +/* 2439 */ "x509certfile\0" +/* 2452 */ "PGP subkey to use (hex or auto)\0" +/* 2484 */ "PGPSUBKEY\0" +/* 2494 */ "pgpsubkey\0" +/* 2504 */ "SRP username to use\0" +/* 2524 */ "SRPUSERNAME\0" +/* 2536 */ "srpusername\0" +/* 2548 */ "SRP password to use\0" +/* 2568 */ "SRPPASSWD\0" +/* 2578 */ "srppasswd\0" +/* 2588 */ "PSK username to use\0" +/* 2608 */ "PSKUSERNAME\0" +/* 2620 */ "pskusername\0" +/* 2632 */ "PSK key (in hex) to use\0" +/* 2656 */ "PSKKEY\0" +/* 2663 */ "pskkey\0" +/* 2670 */ "The port or service to connect to\0" +/* 2704 */ "PORT\0" +/* 2709 */ "port\0" +/* 2714 */ "Don't abort program if server certificate can't be validated\0" +/* 2775 */ "INSECURE\0" +/* 2784 */ "insecure\0" +/* 2793 */ "Benchmark individual ciphers\0" +/* 2822 */ "BENCHMARK_CIPHERS\0" +/* 2840 */ "benchmark-ciphers\0" +/* 2858 */ "Benchmark individual software ciphers (no hw acceleration)\0" +/* 2917 */ "BENCHMARK_SOFT_CIPHERS\0" +/* 2940 */ "benchmark-soft-ciphers\0" +/* 2963 */ "Benchmark TLS key exchange methods\0" +/* 2998 */ "BENCHMARK_TLS_KX\0" +/* 3015 */ "benchmark-tls-kx\0" +/* 3032 */ "Benchmark TLS ciphers\0" +/* 3054 */ "BENCHMARK_TLS_CIPHERS\0" +/* 3076 */ "benchmark-tls-ciphers\0" +/* 3098 */ "Print a list of the supported algorithms and modes\0" +/* 3149 */ "LIST\0" +/* 3154 */ "list\0" +/* 3159 */ "Display extended usage information and exit\0" +/* 3203 */ "help\0" +/* 3208 */ "Extended usage information passed thru pager\0" +/* 3253 */ "more-help\0" +/* 3263 */ "Output version information and exit\0" +/* 3299 */ "version\0" +/* 3307 */ "GNUTLS_CLI\0" +/* 3318 */ "gnutls-cli - GnuTLS client - Ver. @VERSION@\n" "USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostname]\n\0" -/* 3360 */ "bug-gnutls@gnu.org\0" -/* 3379 */ "\n\n\0" -/* 3382 */ "\n" +/* 3431 */ "bug-gnutls@gnu.org\0" +/* 3450 */ "\n\n\0" +/* 3453 */ "\n" "Simple client program to set up a TLS connection to some other computer. It\n" "sets up a TLS connection and forwards data from the standard input to the\n" "secured socket and vice versa.\n\0" -/* 3566 */ "gnutls-cli @VERSION@\0" -/* 3587 */ "Usage: gnutls-cli [options] hostname\n" +/* 3637 */ "gnutls-cli @VERSION@\0" +/* 3658 */ "Usage: gnutls-cli [options] hostname\n" "gnutls-cli --help for usage instructions.\n"; /* @@ -262,11 +265,21 @@ static char const gnutls_cli_opt_strs[3667] = #define DANE_FLAGS (OPTST_DISABLED) /* + * ca-verification option description: + */ +#define CA_VERIFICATION_DESC (gnutls_cli_opt_strs+1072) +#define CA_VERIFICATION_NAME (gnutls_cli_opt_strs+1108) +#define NOT_CA_VERIFICATION_name (gnutls_cli_opt_strs+1124) +#define NOT_CA_VERIFICATION_PFX (gnutls_cli_opt_strs+1010) +#define CA_VERIFICATION_name (NOT_CA_VERIFICATION_name + 3) +#define CA_VERIFICATION_FLAGS (OPTST_INITENABLED) + +/* * ocsp option description: */ -#define OCSP_DESC (gnutls_cli_opt_strs+1072) -#define OCSP_NAME (gnutls_cli_opt_strs+1109) -#define NOT_OCSP_name (gnutls_cli_opt_strs+1114) +#define OCSP_DESC (gnutls_cli_opt_strs+1143) +#define OCSP_NAME (gnutls_cli_opt_strs+1180) +#define NOT_OCSP_name (gnutls_cli_opt_strs+1185) #define NOT_OCSP_PFX (gnutls_cli_opt_strs+1010) #define OCSP_name (NOT_OCSP_name + 3) #define OCSP_FLAGS (OPTST_DISABLED) @@ -274,41 +287,41 @@ static char const gnutls_cli_opt_strs[3667] = /* * resume option description: */ -#define RESUME_DESC (gnutls_cli_opt_strs+1122) -#define RESUME_NAME (gnutls_cli_opt_strs+1153) -#define RESUME_name (gnutls_cli_opt_strs+1160) +#define RESUME_DESC (gnutls_cli_opt_strs+1193) +#define RESUME_NAME (gnutls_cli_opt_strs+1224) +#define RESUME_name (gnutls_cli_opt_strs+1231) #define RESUME_FLAGS (OPTST_DISABLED) /* * heartbeat option description: */ -#define HEARTBEAT_DESC (gnutls_cli_opt_strs+1167) -#define HEARTBEAT_NAME (gnutls_cli_opt_strs+1194) -#define HEARTBEAT_name (gnutls_cli_opt_strs+1204) +#define HEARTBEAT_DESC (gnutls_cli_opt_strs+1238) +#define HEARTBEAT_NAME (gnutls_cli_opt_strs+1265) +#define HEARTBEAT_name (gnutls_cli_opt_strs+1275) #define HEARTBEAT_FLAGS (OPTST_DISABLED) /* * rehandshake option description: */ -#define REHANDSHAKE_DESC (gnutls_cli_opt_strs+1214) -#define REHANDSHAKE_NAME (gnutls_cli_opt_strs+1250) -#define REHANDSHAKE_name (gnutls_cli_opt_strs+1262) +#define REHANDSHAKE_DESC (gnutls_cli_opt_strs+1285) +#define REHANDSHAKE_NAME (gnutls_cli_opt_strs+1321) +#define REHANDSHAKE_name (gnutls_cli_opt_strs+1333) #define REHANDSHAKE_FLAGS (OPTST_DISABLED) /* * noticket option description: */ -#define NOTICKET_DESC (gnutls_cli_opt_strs+1274) -#define NOTICKET_NAME (gnutls_cli_opt_strs+1303) -#define NOTICKET_name (gnutls_cli_opt_strs+1312) +#define NOTICKET_DESC (gnutls_cli_opt_strs+1345) +#define NOTICKET_NAME (gnutls_cli_opt_strs+1374) +#define NOTICKET_name (gnutls_cli_opt_strs+1383) #define NOTICKET_FLAGS (OPTST_DISABLED) /* * ocsp-status-request option description: */ -#define OCSP_STATUS_REQUEST_DESC (gnutls_cli_opt_strs+1321) -#define OCSP_STATUS_REQUEST_NAME (gnutls_cli_opt_strs+1348) -#define NOT_OCSP_STATUS_REQUEST_name (gnutls_cli_opt_strs+1368) +#define OCSP_STATUS_REQUEST_DESC (gnutls_cli_opt_strs+1392) +#define OCSP_STATUS_REQUEST_NAME (gnutls_cli_opt_strs+1419) +#define NOT_OCSP_STATUS_REQUEST_name (gnutls_cli_opt_strs+1439) #define NOT_OCSP_STATUS_REQUEST_PFX (gnutls_cli_opt_strs+1010) #define OCSP_STATUS_REQUEST_name (NOT_OCSP_STATUS_REQUEST_name + 3) #define OCSP_STATUS_REQUEST_FLAGS (OPTST_INITENABLED) @@ -316,268 +329,268 @@ static char const gnutls_cli_opt_strs[3667] = /* * starttls option description: */ -#define STARTTLS_DESC (gnutls_cli_opt_strs+1391) -#define STARTTLS_NAME (gnutls_cli_opt_strs+1441) -#define STARTTLS_name (gnutls_cli_opt_strs+1450) +#define STARTTLS_DESC (gnutls_cli_opt_strs+1462) +#define STARTTLS_NAME (gnutls_cli_opt_strs+1512) +#define STARTTLS_name (gnutls_cli_opt_strs+1521) #define STARTTLS_FLAGS (OPTST_DISABLED) /* * udp option description: */ -#define UDP_DESC (gnutls_cli_opt_strs+1459) -#define UDP_NAME (gnutls_cli_opt_strs+1492) -#define UDP_name (gnutls_cli_opt_strs+1496) +#define UDP_DESC (gnutls_cli_opt_strs+1530) +#define UDP_NAME (gnutls_cli_opt_strs+1563) +#define UDP_name (gnutls_cli_opt_strs+1567) #define UDP_FLAGS (OPTST_DISABLED) /* * mtu option description: */ -#define MTU_DESC (gnutls_cli_opt_strs+1500) -#define MTU_NAME (gnutls_cli_opt_strs+1525) -#define MTU_name (gnutls_cli_opt_strs+1529) +#define MTU_DESC (gnutls_cli_opt_strs+1571) +#define MTU_NAME (gnutls_cli_opt_strs+1596) +#define MTU_name (gnutls_cli_opt_strs+1600) #define MTU_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) /* * crlf option description: */ -#define CRLF_DESC (gnutls_cli_opt_strs+1533) -#define CRLF_NAME (gnutls_cli_opt_strs+1558) -#define CRLF_name (gnutls_cli_opt_strs+1563) +#define CRLF_DESC (gnutls_cli_opt_strs+1604) +#define CRLF_NAME (gnutls_cli_opt_strs+1629) +#define CRLF_name (gnutls_cli_opt_strs+1634) #define CRLF_FLAGS (OPTST_DISABLED) /* * x509fmtder option description: */ -#define X509FMTDER_DESC (gnutls_cli_opt_strs+1568) -#define X509FMTDER_NAME (gnutls_cli_opt_strs+1613) -#define X509FMTDER_name (gnutls_cli_opt_strs+1624) +#define X509FMTDER_DESC (gnutls_cli_opt_strs+1639) +#define X509FMTDER_NAME (gnutls_cli_opt_strs+1684) +#define X509FMTDER_name (gnutls_cli_opt_strs+1695) #define X509FMTDER_FLAGS (OPTST_DISABLED) /* * fingerprint option description: */ -#define FINGERPRINT_DESC (gnutls_cli_opt_strs+1635) -#define FINGERPRINT_NAME (gnutls_cli_opt_strs+1684) -#define FINGERPRINT_name (gnutls_cli_opt_strs+1696) +#define FINGERPRINT_DESC (gnutls_cli_opt_strs+1706) +#define FINGERPRINT_NAME (gnutls_cli_opt_strs+1755) +#define FINGERPRINT_name (gnutls_cli_opt_strs+1767) #define FINGERPRINT_FLAGS (OPTST_DISABLED) /* * disable-extensions option description: */ -#define DISABLE_EXTENSIONS_DESC (gnutls_cli_opt_strs+1708) -#define DISABLE_EXTENSIONS_NAME (gnutls_cli_opt_strs+1739) -#define DISABLE_EXTENSIONS_name (gnutls_cli_opt_strs+1758) +#define DISABLE_EXTENSIONS_DESC (gnutls_cli_opt_strs+1779) +#define DISABLE_EXTENSIONS_NAME (gnutls_cli_opt_strs+1810) +#define DISABLE_EXTENSIONS_name (gnutls_cli_opt_strs+1829) #define DISABLE_EXTENSIONS_FLAGS (OPTST_DISABLED) /* * print-cert option description: */ -#define PRINT_CERT_DESC (gnutls_cli_opt_strs+1777) -#define PRINT_CERT_NAME (gnutls_cli_opt_strs+1816) -#define PRINT_CERT_name (gnutls_cli_opt_strs+1827) +#define PRINT_CERT_DESC (gnutls_cli_opt_strs+1848) +#define PRINT_CERT_NAME (gnutls_cli_opt_strs+1887) +#define PRINT_CERT_name (gnutls_cli_opt_strs+1898) #define PRINT_CERT_FLAGS (OPTST_DISABLED) /* * recordsize option description: */ -#define RECORDSIZE_DESC (gnutls_cli_opt_strs+1838) -#define RECORDSIZE_NAME (gnutls_cli_opt_strs+1875) -#define RECORDSIZE_name (gnutls_cli_opt_strs+1886) +#define RECORDSIZE_DESC (gnutls_cli_opt_strs+1909) +#define RECORDSIZE_NAME (gnutls_cli_opt_strs+1946) +#define RECORDSIZE_name (gnutls_cli_opt_strs+1957) #define RECORDSIZE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) /* * dh-bits option description: */ -#define DH_BITS_DESC (gnutls_cli_opt_strs+1897) -#define DH_BITS_NAME (gnutls_cli_opt_strs+1939) -#define DH_BITS_name (gnutls_cli_opt_strs+1947) +#define DH_BITS_DESC (gnutls_cli_opt_strs+1968) +#define DH_BITS_NAME (gnutls_cli_opt_strs+2010) +#define DH_BITS_name (gnutls_cli_opt_strs+2018) #define DH_BITS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) /* * priority option description: */ -#define PRIORITY_DESC (gnutls_cli_opt_strs+1955) -#define PRIORITY_NAME (gnutls_cli_opt_strs+1973) -#define PRIORITY_name (gnutls_cli_opt_strs+1982) +#define PRIORITY_DESC (gnutls_cli_opt_strs+2026) +#define PRIORITY_NAME (gnutls_cli_opt_strs+2044) +#define PRIORITY_name (gnutls_cli_opt_strs+2053) #define PRIORITY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * x509cafile option description: */ -#define X509CAFILE_DESC (gnutls_cli_opt_strs+1991) -#define X509CAFILE_NAME (gnutls_cli_opt_strs+2031) -#define X509CAFILE_name (gnutls_cli_opt_strs+2042) +#define X509CAFILE_DESC (gnutls_cli_opt_strs+2062) +#define X509CAFILE_NAME (gnutls_cli_opt_strs+2102) +#define X509CAFILE_name (gnutls_cli_opt_strs+2113) #define X509CAFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * x509crlfile option description: */ -#define X509CRLFILE_DESC (gnutls_cli_opt_strs+2053) -#define X509CRLFILE_NAME (gnutls_cli_opt_strs+2069) -#define X509CRLFILE_name (gnutls_cli_opt_strs+2081) +#define X509CRLFILE_DESC (gnutls_cli_opt_strs+2124) +#define X509CRLFILE_NAME (gnutls_cli_opt_strs+2140) +#define X509CRLFILE_name (gnutls_cli_opt_strs+2152) #define X509CRLFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) /* * pgpkeyfile option description: */ -#define PGPKEYFILE_DESC (gnutls_cli_opt_strs+2093) -#define PGPKEYFILE_NAME (gnutls_cli_opt_strs+2113) -#define PGPKEYFILE_name (gnutls_cli_opt_strs+2124) +#define PGPKEYFILE_DESC (gnutls_cli_opt_strs+2164) +#define PGPKEYFILE_NAME (gnutls_cli_opt_strs+2184) +#define PGPKEYFILE_name (gnutls_cli_opt_strs+2195) #define PGPKEYFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) /* * pgpkeyring option description: */ -#define PGPKEYRING_DESC (gnutls_cli_opt_strs+2135) -#define PGPKEYRING_NAME (gnutls_cli_opt_strs+2160) -#define PGPKEYRING_name (gnutls_cli_opt_strs+2171) +#define PGPKEYRING_DESC (gnutls_cli_opt_strs+2206) +#define PGPKEYRING_NAME (gnutls_cli_opt_strs+2231) +#define PGPKEYRING_name (gnutls_cli_opt_strs+2242) #define PGPKEYRING_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) /* * pgpcertfile option description: */ -#define PGPCERTFILE_DESC (gnutls_cli_opt_strs+2182) -#define PGPCERTFILE_NAME (gnutls_cli_opt_strs+2223) -#define PGPCERTFILE_name (gnutls_cli_opt_strs+2235) +#define PGPCERTFILE_DESC (gnutls_cli_opt_strs+2253) +#define PGPCERTFILE_NAME (gnutls_cli_opt_strs+2294) +#define PGPCERTFILE_name (gnutls_cli_opt_strs+2306) #define PGPCERTFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) /* * x509keyfile option description: */ -#define X509KEYFILE_DESC (gnutls_cli_opt_strs+2247) -#define X509KEYFILE_NAME (gnutls_cli_opt_strs+2285) -#define X509KEYFILE_name (gnutls_cli_opt_strs+2297) +#define X509KEYFILE_DESC (gnutls_cli_opt_strs+2318) +#define X509KEYFILE_NAME (gnutls_cli_opt_strs+2356) +#define X509KEYFILE_name (gnutls_cli_opt_strs+2368) #define X509KEYFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * x509certfile option description: */ -#define X509CERTFILE_DESC (gnutls_cli_opt_strs+2309) -#define X509CERTFILE_NAME (gnutls_cli_opt_strs+2355) -#define X509CERTFILE_name (gnutls_cli_opt_strs+2368) +#define X509CERTFILE_DESC (gnutls_cli_opt_strs+2380) +#define X509CERTFILE_NAME (gnutls_cli_opt_strs+2426) +#define X509CERTFILE_name (gnutls_cli_opt_strs+2439) #define X509CERTFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * pgpsubkey option description: */ -#define PGPSUBKEY_DESC (gnutls_cli_opt_strs+2381) -#define PGPSUBKEY_NAME (gnutls_cli_opt_strs+2413) -#define PGPSUBKEY_name (gnutls_cli_opt_strs+2423) +#define PGPSUBKEY_DESC (gnutls_cli_opt_strs+2452) +#define PGPSUBKEY_NAME (gnutls_cli_opt_strs+2484) +#define PGPSUBKEY_name (gnutls_cli_opt_strs+2494) #define PGPSUBKEY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * srpusername option description: */ -#define SRPUSERNAME_DESC (gnutls_cli_opt_strs+2433) -#define SRPUSERNAME_NAME (gnutls_cli_opt_strs+2453) -#define SRPUSERNAME_name (gnutls_cli_opt_strs+2465) +#define SRPUSERNAME_DESC (gnutls_cli_opt_strs+2504) +#define SRPUSERNAME_NAME (gnutls_cli_opt_strs+2524) +#define SRPUSERNAME_name (gnutls_cli_opt_strs+2536) #define SRPUSERNAME_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * srppasswd option description: */ -#define SRPPASSWD_DESC (gnutls_cli_opt_strs+2477) -#define SRPPASSWD_NAME (gnutls_cli_opt_strs+2497) -#define SRPPASSWD_name (gnutls_cli_opt_strs+2507) +#define SRPPASSWD_DESC (gnutls_cli_opt_strs+2548) +#define SRPPASSWD_NAME (gnutls_cli_opt_strs+2568) +#define SRPPASSWD_name (gnutls_cli_opt_strs+2578) #define SRPPASSWD_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * pskusername option description: */ -#define PSKUSERNAME_DESC (gnutls_cli_opt_strs+2517) -#define PSKUSERNAME_NAME (gnutls_cli_opt_strs+2537) -#define PSKUSERNAME_name (gnutls_cli_opt_strs+2549) +#define PSKUSERNAME_DESC (gnutls_cli_opt_strs+2588) +#define PSKUSERNAME_NAME (gnutls_cli_opt_strs+2608) +#define PSKUSERNAME_name (gnutls_cli_opt_strs+2620) #define PSKUSERNAME_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * pskkey option description: */ -#define PSKKEY_DESC (gnutls_cli_opt_strs+2561) -#define PSKKEY_NAME (gnutls_cli_opt_strs+2585) -#define PSKKEY_name (gnutls_cli_opt_strs+2592) +#define PSKKEY_DESC (gnutls_cli_opt_strs+2632) +#define PSKKEY_NAME (gnutls_cli_opt_strs+2656) +#define PSKKEY_name (gnutls_cli_opt_strs+2663) #define PSKKEY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * port option description: */ -#define PORT_DESC (gnutls_cli_opt_strs+2599) -#define PORT_NAME (gnutls_cli_opt_strs+2633) -#define PORT_name (gnutls_cli_opt_strs+2638) +#define PORT_DESC (gnutls_cli_opt_strs+2670) +#define PORT_NAME (gnutls_cli_opt_strs+2704) +#define PORT_name (gnutls_cli_opt_strs+2709) #define PORT_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * insecure option description: */ -#define INSECURE_DESC (gnutls_cli_opt_strs+2643) -#define INSECURE_NAME (gnutls_cli_opt_strs+2704) -#define INSECURE_name (gnutls_cli_opt_strs+2713) +#define INSECURE_DESC (gnutls_cli_opt_strs+2714) +#define INSECURE_NAME (gnutls_cli_opt_strs+2775) +#define INSECURE_name (gnutls_cli_opt_strs+2784) #define INSECURE_FLAGS (OPTST_DISABLED) /* * benchmark-ciphers option description: */ -#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+2722) -#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+2751) -#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+2769) +#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+2793) +#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+2822) +#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+2840) #define BENCHMARK_CIPHERS_FLAGS (OPTST_DISABLED) /* * benchmark-soft-ciphers option description: */ -#define BENCHMARK_SOFT_CIPHERS_DESC (gnutls_cli_opt_strs+2787) -#define BENCHMARK_SOFT_CIPHERS_NAME (gnutls_cli_opt_strs+2846) -#define BENCHMARK_SOFT_CIPHERS_name (gnutls_cli_opt_strs+2869) +#define BENCHMARK_SOFT_CIPHERS_DESC (gnutls_cli_opt_strs+2858) +#define BENCHMARK_SOFT_CIPHERS_NAME (gnutls_cli_opt_strs+2917) +#define BENCHMARK_SOFT_CIPHERS_name (gnutls_cli_opt_strs+2940) #define BENCHMARK_SOFT_CIPHERS_FLAGS (OPTST_DISABLED) /* * benchmark-tls-kx option description: */ -#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+2892) -#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+2927) -#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+2944) +#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+2963) +#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+2998) +#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+3015) #define BENCHMARK_TLS_KX_FLAGS (OPTST_DISABLED) /* * benchmark-tls-ciphers option description: */ -#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+2961) -#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+2983) -#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3005) +#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+3032) +#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+3054) +#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3076) #define BENCHMARK_TLS_CIPHERS_FLAGS (OPTST_DISABLED) /* * list option description: */ -#define LIST_DESC (gnutls_cli_opt_strs+3027) -#define LIST_NAME (gnutls_cli_opt_strs+3078) -#define LIST_name (gnutls_cli_opt_strs+3083) +#define LIST_DESC (gnutls_cli_opt_strs+3098) +#define LIST_NAME (gnutls_cli_opt_strs+3149) +#define LIST_name (gnutls_cli_opt_strs+3154) #define LIST_FLAGS (OPTST_DISABLED) /* * Help/More_Help/Version option descriptions: */ -#define HELP_DESC (gnutls_cli_opt_strs+3088) -#define HELP_name (gnutls_cli_opt_strs+3132) +#define HELP_DESC (gnutls_cli_opt_strs+3159) +#define HELP_name (gnutls_cli_opt_strs+3203) #ifdef HAVE_WORKING_FORK -#define MORE_HELP_DESC (gnutls_cli_opt_strs+3137) -#define MORE_HELP_name (gnutls_cli_opt_strs+3182) +#define MORE_HELP_DESC (gnutls_cli_opt_strs+3208) +#define MORE_HELP_name (gnutls_cli_opt_strs+3253) #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) #else #define MORE_HELP_DESC NULL @@ -590,8 +603,8 @@ static char const gnutls_cli_opt_strs[3667] = # define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT) #endif -#define VER_DESC (gnutls_cli_opt_strs+3192) -#define VER_name (gnutls_cli_opt_strs+3228) +#define VER_DESC (gnutls_cli_opt_strs+3263) +#define VER_name (gnutls_cli_opt_strs+3299) /* * Declare option callback procedures */ @@ -660,8 +673,20 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DANE_DESC, DANE_NAME, DANE_name, /* disablement strs */ NOT_DANE_name, NOT_DANE_PFX }, - { /* entry idx, value */ 4, VALUE_OPT_OCSP, - /* equiv idx, value */ 4, VALUE_OPT_OCSP, + { /* entry idx, value */ 4, VALUE_OPT_CA_VERIFICATION, + /* equiv idx, value */ 4, VALUE_OPT_CA_VERIFICATION, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ CA_VERIFICATION_FLAGS, 0, + /* last opt argumnt */ { NULL }, /* --ca-verification */ + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ CA_VERIFICATION_DESC, CA_VERIFICATION_NAME, CA_VERIFICATION_name, + /* disablement strs */ NOT_CA_VERIFICATION_name, NOT_CA_VERIFICATION_PFX }, + + { /* entry idx, value */ 5, VALUE_OPT_OCSP, + /* equiv idx, value */ 5, VALUE_OPT_OCSP, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OCSP_FLAGS, 0, @@ -672,8 +697,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OCSP_DESC, OCSP_NAME, OCSP_name, /* disablement strs */ NOT_OCSP_name, NOT_OCSP_PFX }, - { /* entry idx, value */ 5, VALUE_OPT_RESUME, - /* equiv idx, value */ 5, VALUE_OPT_RESUME, + { /* entry idx, value */ 6, VALUE_OPT_RESUME, + /* equiv idx, value */ 6, VALUE_OPT_RESUME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ RESUME_FLAGS, 0, @@ -684,8 +709,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ RESUME_DESC, RESUME_NAME, RESUME_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 6, VALUE_OPT_HEARTBEAT, - /* equiv idx, value */ 6, VALUE_OPT_HEARTBEAT, + { /* entry idx, value */ 7, VALUE_OPT_HEARTBEAT, + /* equiv idx, value */ 7, VALUE_OPT_HEARTBEAT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ HEARTBEAT_FLAGS, 0, @@ -696,8 +721,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ HEARTBEAT_DESC, HEARTBEAT_NAME, HEARTBEAT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 7, VALUE_OPT_REHANDSHAKE, - /* equiv idx, value */ 7, VALUE_OPT_REHANDSHAKE, + { /* entry idx, value */ 8, VALUE_OPT_REHANDSHAKE, + /* equiv idx, value */ 8, VALUE_OPT_REHANDSHAKE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ REHANDSHAKE_FLAGS, 0, @@ -708,8 +733,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ REHANDSHAKE_DESC, REHANDSHAKE_NAME, REHANDSHAKE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 8, VALUE_OPT_NOTICKET, - /* equiv idx, value */ 8, VALUE_OPT_NOTICKET, + { /* entry idx, value */ 9, VALUE_OPT_NOTICKET, + /* equiv idx, value */ 9, VALUE_OPT_NOTICKET, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ NOTICKET_FLAGS, 0, @@ -720,8 +745,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ NOTICKET_DESC, NOTICKET_NAME, NOTICKET_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 9, VALUE_OPT_OCSP_STATUS_REQUEST, - /* equiv idx, value */ 9, VALUE_OPT_OCSP_STATUS_REQUEST, + { /* entry idx, value */ 10, VALUE_OPT_OCSP_STATUS_REQUEST, + /* equiv idx, value */ 10, VALUE_OPT_OCSP_STATUS_REQUEST, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OCSP_STATUS_REQUEST_FLAGS, 0, @@ -732,8 +757,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OCSP_STATUS_REQUEST_DESC, OCSP_STATUS_REQUEST_NAME, OCSP_STATUS_REQUEST_name, /* disablement strs */ NOT_OCSP_STATUS_REQUEST_name, NOT_OCSP_STATUS_REQUEST_PFX }, - { /* entry idx, value */ 10, VALUE_OPT_STARTTLS, - /* equiv idx, value */ 10, VALUE_OPT_STARTTLS, + { /* entry idx, value */ 11, VALUE_OPT_STARTTLS, + /* equiv idx, value */ 11, VALUE_OPT_STARTTLS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ STARTTLS_FLAGS, 0, @@ -744,8 +769,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ STARTTLS_DESC, STARTTLS_NAME, STARTTLS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 11, VALUE_OPT_UDP, - /* equiv idx, value */ 11, VALUE_OPT_UDP, + { /* entry idx, value */ 12, VALUE_OPT_UDP, + /* equiv idx, value */ 12, VALUE_OPT_UDP, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ UDP_FLAGS, 0, @@ -756,8 +781,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ UDP_DESC, UDP_NAME, UDP_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 12, VALUE_OPT_MTU, - /* equiv idx, value */ 12, VALUE_OPT_MTU, + { /* entry idx, value */ 13, VALUE_OPT_MTU, + /* equiv idx, value */ 13, VALUE_OPT_MTU, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ MTU_FLAGS, 0, @@ -768,8 +793,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ MTU_DESC, MTU_NAME, MTU_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 13, VALUE_OPT_CRLF, - /* equiv idx, value */ 13, VALUE_OPT_CRLF, + { /* entry idx, value */ 14, VALUE_OPT_CRLF, + /* equiv idx, value */ 14, VALUE_OPT_CRLF, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CRLF_FLAGS, 0, @@ -780,8 +805,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRLF_DESC, CRLF_NAME, CRLF_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 14, VALUE_OPT_X509FMTDER, - /* equiv idx, value */ 14, VALUE_OPT_X509FMTDER, + { /* entry idx, value */ 15, VALUE_OPT_X509FMTDER, + /* equiv idx, value */ 15, VALUE_OPT_X509FMTDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509FMTDER_FLAGS, 0, @@ -792,8 +817,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509FMTDER_DESC, X509FMTDER_NAME, X509FMTDER_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 15, VALUE_OPT_FINGERPRINT, - /* equiv idx, value */ 15, VALUE_OPT_FINGERPRINT, + { /* entry idx, value */ 16, VALUE_OPT_FINGERPRINT, + /* equiv idx, value */ 16, VALUE_OPT_FINGERPRINT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ FINGERPRINT_FLAGS, 0, @@ -804,8 +829,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ FINGERPRINT_DESC, FINGERPRINT_NAME, FINGERPRINT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 16, VALUE_OPT_DISABLE_EXTENSIONS, - /* equiv idx, value */ 16, VALUE_OPT_DISABLE_EXTENSIONS, + { /* entry idx, value */ 17, VALUE_OPT_DISABLE_EXTENSIONS, + /* equiv idx, value */ 17, VALUE_OPT_DISABLE_EXTENSIONS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DISABLE_EXTENSIONS_FLAGS, 0, @@ -816,8 +841,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DISABLE_EXTENSIONS_DESC, DISABLE_EXTENSIONS_NAME, DISABLE_EXTENSIONS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 17, VALUE_OPT_PRINT_CERT, - /* equiv idx, value */ 17, VALUE_OPT_PRINT_CERT, + { /* entry idx, value */ 18, VALUE_OPT_PRINT_CERT, + /* equiv idx, value */ 18, VALUE_OPT_PRINT_CERT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PRINT_CERT_FLAGS, 0, @@ -828,8 +853,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PRINT_CERT_DESC, PRINT_CERT_NAME, PRINT_CERT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 18, VALUE_OPT_RECORDSIZE, - /* equiv idx, value */ 18, VALUE_OPT_RECORDSIZE, + { /* entry idx, value */ 19, VALUE_OPT_RECORDSIZE, + /* equiv idx, value */ 19, VALUE_OPT_RECORDSIZE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ RECORDSIZE_FLAGS, 0, @@ -840,8 +865,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ RECORDSIZE_DESC, RECORDSIZE_NAME, RECORDSIZE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 19, VALUE_OPT_DH_BITS, - /* equiv idx, value */ 19, VALUE_OPT_DH_BITS, + { /* entry idx, value */ 20, VALUE_OPT_DH_BITS, + /* equiv idx, value */ 20, VALUE_OPT_DH_BITS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DH_BITS_FLAGS, 0, @@ -852,8 +877,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DH_BITS_DESC, DH_BITS_NAME, DH_BITS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 20, VALUE_OPT_PRIORITY, - /* equiv idx, value */ 20, VALUE_OPT_PRIORITY, + { /* entry idx, value */ 21, VALUE_OPT_PRIORITY, + /* equiv idx, value */ 21, VALUE_OPT_PRIORITY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PRIORITY_FLAGS, 0, @@ -864,8 +889,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PRIORITY_DESC, PRIORITY_NAME, PRIORITY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 21, VALUE_OPT_X509CAFILE, - /* equiv idx, value */ 21, VALUE_OPT_X509CAFILE, + { /* entry idx, value */ 22, VALUE_OPT_X509CAFILE, + /* equiv idx, value */ 22, VALUE_OPT_X509CAFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509CAFILE_FLAGS, 0, @@ -876,8 +901,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509CAFILE_DESC, X509CAFILE_NAME, X509CAFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 22, VALUE_OPT_X509CRLFILE, - /* equiv idx, value */ 22, VALUE_OPT_X509CRLFILE, + { /* entry idx, value */ 23, VALUE_OPT_X509CRLFILE, + /* equiv idx, value */ 23, VALUE_OPT_X509CRLFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509CRLFILE_FLAGS, 0, @@ -888,8 +913,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509CRLFILE_DESC, X509CRLFILE_NAME, X509CRLFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 23, VALUE_OPT_PGPKEYFILE, - /* equiv idx, value */ 23, VALUE_OPT_PGPKEYFILE, + { /* entry idx, value */ 24, VALUE_OPT_PGPKEYFILE, + /* equiv idx, value */ 24, VALUE_OPT_PGPKEYFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGPKEYFILE_FLAGS, 0, @@ -900,8 +925,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGPKEYFILE_DESC, PGPKEYFILE_NAME, PGPKEYFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 24, VALUE_OPT_PGPKEYRING, - /* equiv idx, value */ 24, VALUE_OPT_PGPKEYRING, + { /* entry idx, value */ 25, VALUE_OPT_PGPKEYRING, + /* equiv idx, value */ 25, VALUE_OPT_PGPKEYRING, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGPKEYRING_FLAGS, 0, @@ -912,8 +937,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGPKEYRING_DESC, PGPKEYRING_NAME, PGPKEYRING_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 25, VALUE_OPT_PGPCERTFILE, - /* equiv idx, value */ 25, VALUE_OPT_PGPCERTFILE, + { /* entry idx, value */ 26, VALUE_OPT_PGPCERTFILE, + /* equiv idx, value */ 26, VALUE_OPT_PGPCERTFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGPCERTFILE_FLAGS, 0, @@ -924,8 +949,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGPCERTFILE_DESC, PGPCERTFILE_NAME, PGPCERTFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 26, VALUE_OPT_X509KEYFILE, - /* equiv idx, value */ 26, VALUE_OPT_X509KEYFILE, + { /* entry idx, value */ 27, VALUE_OPT_X509KEYFILE, + /* equiv idx, value */ 27, VALUE_OPT_X509KEYFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509KEYFILE_FLAGS, 0, @@ -936,8 +961,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509KEYFILE_DESC, X509KEYFILE_NAME, X509KEYFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 27, VALUE_OPT_X509CERTFILE, - /* equiv idx, value */ 27, VALUE_OPT_X509CERTFILE, + { /* entry idx, value */ 28, VALUE_OPT_X509CERTFILE, + /* equiv idx, value */ 28, VALUE_OPT_X509CERTFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509CERTFILE_FLAGS, 0, @@ -948,8 +973,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509CERTFILE_DESC, X509CERTFILE_NAME, X509CERTFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 28, VALUE_OPT_PGPSUBKEY, - /* equiv idx, value */ 28, VALUE_OPT_PGPSUBKEY, + { /* entry idx, value */ 29, VALUE_OPT_PGPSUBKEY, + /* equiv idx, value */ 29, VALUE_OPT_PGPSUBKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PGPSUBKEY_FLAGS, 0, @@ -960,8 +985,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PGPSUBKEY_DESC, PGPSUBKEY_NAME, PGPSUBKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 29, VALUE_OPT_SRPUSERNAME, - /* equiv idx, value */ 29, VALUE_OPT_SRPUSERNAME, + { /* entry idx, value */ 30, VALUE_OPT_SRPUSERNAME, + /* equiv idx, value */ 30, VALUE_OPT_SRPUSERNAME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SRPUSERNAME_FLAGS, 0, @@ -972,8 +997,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SRPUSERNAME_DESC, SRPUSERNAME_NAME, SRPUSERNAME_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 30, VALUE_OPT_SRPPASSWD, - /* equiv idx, value */ 30, VALUE_OPT_SRPPASSWD, + { /* entry idx, value */ 31, VALUE_OPT_SRPPASSWD, + /* equiv idx, value */ 31, VALUE_OPT_SRPPASSWD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SRPPASSWD_FLAGS, 0, @@ -984,8 +1009,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SRPPASSWD_DESC, SRPPASSWD_NAME, SRPPASSWD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 31, VALUE_OPT_PSKUSERNAME, - /* equiv idx, value */ 31, VALUE_OPT_PSKUSERNAME, + { /* entry idx, value */ 32, VALUE_OPT_PSKUSERNAME, + /* equiv idx, value */ 32, VALUE_OPT_PSKUSERNAME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PSKUSERNAME_FLAGS, 0, @@ -996,8 +1021,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PSKUSERNAME_DESC, PSKUSERNAME_NAME, PSKUSERNAME_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 32, VALUE_OPT_PSKKEY, - /* equiv idx, value */ 32, VALUE_OPT_PSKKEY, + { /* entry idx, value */ 33, VALUE_OPT_PSKKEY, + /* equiv idx, value */ 33, VALUE_OPT_PSKKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PSKKEY_FLAGS, 0, @@ -1008,8 +1033,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PSKKEY_DESC, PSKKEY_NAME, PSKKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 33, VALUE_OPT_PORT, - /* equiv idx, value */ 33, VALUE_OPT_PORT, + { /* entry idx, value */ 34, VALUE_OPT_PORT, + /* equiv idx, value */ 34, VALUE_OPT_PORT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PORT_FLAGS, 0, @@ -1020,8 +1045,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PORT_DESC, PORT_NAME, PORT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 34, VALUE_OPT_INSECURE, - /* equiv idx, value */ 34, VALUE_OPT_INSECURE, + { /* entry idx, value */ 35, VALUE_OPT_INSECURE, + /* equiv idx, value */ 35, VALUE_OPT_INSECURE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INSECURE_FLAGS, 0, @@ -1032,8 +1057,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INSECURE_DESC, INSECURE_NAME, INSECURE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 35, VALUE_OPT_BENCHMARK_CIPHERS, - /* equiv idx, value */ 35, VALUE_OPT_BENCHMARK_CIPHERS, + { /* entry idx, value */ 36, VALUE_OPT_BENCHMARK_CIPHERS, + /* equiv idx, value */ 36, VALUE_OPT_BENCHMARK_CIPHERS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BENCHMARK_CIPHERS_FLAGS, 0, @@ -1044,8 +1069,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BENCHMARK_CIPHERS_DESC, BENCHMARK_CIPHERS_NAME, BENCHMARK_CIPHERS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 36, VALUE_OPT_BENCHMARK_SOFT_CIPHERS, - /* equiv idx, value */ 36, VALUE_OPT_BENCHMARK_SOFT_CIPHERS, + { /* entry idx, value */ 37, VALUE_OPT_BENCHMARK_SOFT_CIPHERS, + /* equiv idx, value */ 37, VALUE_OPT_BENCHMARK_SOFT_CIPHERS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BENCHMARK_SOFT_CIPHERS_FLAGS, 0, @@ -1056,8 +1081,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BENCHMARK_SOFT_CIPHERS_DESC, BENCHMARK_SOFT_CIPHERS_NAME, BENCHMARK_SOFT_CIPHERS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 37, VALUE_OPT_BENCHMARK_TLS_KX, - /* equiv idx, value */ 37, VALUE_OPT_BENCHMARK_TLS_KX, + { /* entry idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_KX, + /* equiv idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_KX, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BENCHMARK_TLS_KX_FLAGS, 0, @@ -1068,8 +1093,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BENCHMARK_TLS_KX_DESC, BENCHMARK_TLS_KX_NAME, BENCHMARK_TLS_KX_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_CIPHERS, - /* equiv idx, value */ 38, VALUE_OPT_BENCHMARK_TLS_CIPHERS, + { /* entry idx, value */ 39, VALUE_OPT_BENCHMARK_TLS_CIPHERS, + /* equiv idx, value */ 39, VALUE_OPT_BENCHMARK_TLS_CIPHERS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BENCHMARK_TLS_CIPHERS_FLAGS, 0, @@ -1080,8 +1105,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BENCHMARK_TLS_CIPHERS_DESC, BENCHMARK_TLS_CIPHERS_NAME, BENCHMARK_TLS_CIPHERS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 39, VALUE_OPT_LIST, - /* equiv idx, value */ 39, VALUE_OPT_LIST, + { /* entry idx, value */ 40, VALUE_OPT_LIST, + /* equiv idx, value */ 40, VALUE_OPT_LIST, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LIST_FLAGS, 0, @@ -1136,14 +1161,14 @@ static tOptDesc optDesc[OPTION_CT] = { * * Define the gnutls-cli Option Environment */ -#define zPROGNAME (gnutls_cli_opt_strs+3236) -#define zUsageTitle (gnutls_cli_opt_strs+3247) +#define zPROGNAME (gnutls_cli_opt_strs+3307) +#define zUsageTitle (gnutls_cli_opt_strs+3318) #define zRcName NULL #define apzHomeList NULL -#define zBugsAddr (gnutls_cli_opt_strs+3360) -#define zExplain (gnutls_cli_opt_strs+3379) -#define zDetail (gnutls_cli_opt_strs+3382) -#define zFullVersion (gnutls_cli_opt_strs+3566) +#define zBugsAddr (gnutls_cli_opt_strs+3431) +#define zExplain (gnutls_cli_opt_strs+3450) +#define zDetail (gnutls_cli_opt_strs+3453) +#define zFullVersion (gnutls_cli_opt_strs+3637) /* extracted from optcode.tlib near line 350 */ #if defined(ENABLE_NLS) @@ -1157,7 +1182,7 @@ static tOptDesc optDesc[OPTION_CT] = { #define gnutls_cli_full_usage (NULL) -#define gnutls_cli_short_usage (gnutls_cli_opt_strs+3587) +#define gnutls_cli_short_usage (gnutls_cli_opt_strs+3658) #endif /* not defined __doxygen__ */ @@ -1435,7 +1460,7 @@ tOptions gnutls_cliOptions = { NO_EQUIVALENT, /* '-#' option index */ NO_EQUIVALENT /* index of default opt */ }, - 43 /* full option count */, 40 /* user option count */, + 44 /* full option count */, 41 /* user option count */, gnutls_cli_full_usage, gnutls_cli_short_usage, NULL, NULL, PKGDATADIR, gnutls_cli_packager_info diff --git a/src/cli-args.def b/src/cli-args.def index 954faeaf6e..a23e0a58cc 100644 --- a/src/cli-args.def +++ b/src/cli-args.def @@ -31,6 +31,14 @@ available via DNSSEC."; }; flag = { + name = ca-verification; + descrip = "Disable CA certificate verification"; + enabled; + disable = "no"; + doc = "This option will disable CA certificate verification. It is to be used with the --dane or --tofu options."; +}; + +flag = { name = ocsp; descrip = "Enable OCSP certificate verification"; disabled; diff --git a/src/cli-args.h b/src/cli-args.h index adc0730296..55d213812f 100644 --- a/src/cli-args.h +++ b/src/cli-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (cli-args.h) * - * It has been AutoGen-ed October 6, 2012 at 03:20:01 AM by AutoGen 5.16 + * It has been AutoGen-ed October 7, 2012 at 12:14:56 AM by AutoGen 5.16 * From the definitions cli-args.def * and the template file options * @@ -71,48 +71,49 @@ typedef enum { INDEX_OPT_VERBOSE = 1, INDEX_OPT_TOFU = 2, INDEX_OPT_DANE = 3, - INDEX_OPT_OCSP = 4, - INDEX_OPT_RESUME = 5, - INDEX_OPT_HEARTBEAT = 6, - INDEX_OPT_REHANDSHAKE = 7, - INDEX_OPT_NOTICKET = 8, - INDEX_OPT_OCSP_STATUS_REQUEST = 9, - INDEX_OPT_STARTTLS = 10, - INDEX_OPT_UDP = 11, - INDEX_OPT_MTU = 12, - INDEX_OPT_CRLF = 13, - INDEX_OPT_X509FMTDER = 14, - INDEX_OPT_FINGERPRINT = 15, - INDEX_OPT_DISABLE_EXTENSIONS = 16, - INDEX_OPT_PRINT_CERT = 17, - INDEX_OPT_RECORDSIZE = 18, - INDEX_OPT_DH_BITS = 19, - INDEX_OPT_PRIORITY = 20, - INDEX_OPT_X509CAFILE = 21, - INDEX_OPT_X509CRLFILE = 22, - INDEX_OPT_PGPKEYFILE = 23, - INDEX_OPT_PGPKEYRING = 24, - INDEX_OPT_PGPCERTFILE = 25, - INDEX_OPT_X509KEYFILE = 26, - INDEX_OPT_X509CERTFILE = 27, - INDEX_OPT_PGPSUBKEY = 28, - INDEX_OPT_SRPUSERNAME = 29, - INDEX_OPT_SRPPASSWD = 30, - INDEX_OPT_PSKUSERNAME = 31, - INDEX_OPT_PSKKEY = 32, - INDEX_OPT_PORT = 33, - INDEX_OPT_INSECURE = 34, - INDEX_OPT_BENCHMARK_CIPHERS = 35, - INDEX_OPT_BENCHMARK_SOFT_CIPHERS = 36, - INDEX_OPT_BENCHMARK_TLS_KX = 37, - INDEX_OPT_BENCHMARK_TLS_CIPHERS = 38, - INDEX_OPT_LIST = 39, - INDEX_OPT_VERSION = 40, - INDEX_OPT_HELP = 41, - INDEX_OPT_MORE_HELP = 42 + INDEX_OPT_CA_VERIFICATION = 4, + INDEX_OPT_OCSP = 5, + INDEX_OPT_RESUME = 6, + INDEX_OPT_HEARTBEAT = 7, + INDEX_OPT_REHANDSHAKE = 8, + INDEX_OPT_NOTICKET = 9, + INDEX_OPT_OCSP_STATUS_REQUEST = 10, + INDEX_OPT_STARTTLS = 11, + INDEX_OPT_UDP = 12, + INDEX_OPT_MTU = 13, + INDEX_OPT_CRLF = 14, + INDEX_OPT_X509FMTDER = 15, + INDEX_OPT_FINGERPRINT = 16, + INDEX_OPT_DISABLE_EXTENSIONS = 17, + INDEX_OPT_PRINT_CERT = 18, + INDEX_OPT_RECORDSIZE = 19, + INDEX_OPT_DH_BITS = 20, + INDEX_OPT_PRIORITY = 21, + INDEX_OPT_X509CAFILE = 22, + INDEX_OPT_X509CRLFILE = 23, + INDEX_OPT_PGPKEYFILE = 24, + INDEX_OPT_PGPKEYRING = 25, + INDEX_OPT_PGPCERTFILE = 26, + INDEX_OPT_X509KEYFILE = 27, + INDEX_OPT_X509CERTFILE = 28, + INDEX_OPT_PGPSUBKEY = 29, + INDEX_OPT_SRPUSERNAME = 30, + INDEX_OPT_SRPPASSWD = 31, + INDEX_OPT_PSKUSERNAME = 32, + INDEX_OPT_PSKKEY = 33, + INDEX_OPT_PORT = 34, + INDEX_OPT_INSECURE = 35, + INDEX_OPT_BENCHMARK_CIPHERS = 36, + INDEX_OPT_BENCHMARK_SOFT_CIPHERS = 37, + INDEX_OPT_BENCHMARK_TLS_KX = 38, + INDEX_OPT_BENCHMARK_TLS_CIPHERS = 39, + INDEX_OPT_LIST = 40, + INDEX_OPT_VERSION = 41, + INDEX_OPT_HELP = 42, + INDEX_OPT_MORE_HELP = 43 } teOptIndex; -#define OPTION_CT 43 +#define OPTION_CT 44 #define GNUTLS_CLI_VERSION "@VERSION@" #define GNUTLS_CLI_FULL_VERSION "gnutls-cli @VERSION@" @@ -156,47 +157,48 @@ typedef enum { #define VALUE_OPT_VERBOSE 'V' #define VALUE_OPT_TOFU 2 #define VALUE_OPT_DANE 3 -#define VALUE_OPT_OCSP 4 +#define VALUE_OPT_CA_VERIFICATION 4 +#define VALUE_OPT_OCSP 5 #define VALUE_OPT_RESUME 'r' #define VALUE_OPT_HEARTBEAT 'b' #define VALUE_OPT_REHANDSHAKE 'e' -#define VALUE_OPT_NOTICKET 8 -#define VALUE_OPT_OCSP_STATUS_REQUEST 9 +#define VALUE_OPT_NOTICKET 9 +#define VALUE_OPT_OCSP_STATUS_REQUEST 10 #define VALUE_OPT_STARTTLS 's' #define VALUE_OPT_UDP 'u' -#define VALUE_OPT_MTU 12 +#define VALUE_OPT_MTU 13 #define OPT_VALUE_MTU (DESC(MTU).optArg.argInt) -#define VALUE_OPT_CRLF 13 -#define VALUE_OPT_X509FMTDER 14 +#define VALUE_OPT_CRLF 14 +#define VALUE_OPT_X509FMTDER 15 #define VALUE_OPT_FINGERPRINT 'f' -#define VALUE_OPT_DISABLE_EXTENSIONS 16 -#define VALUE_OPT_PRINT_CERT 17 -#define VALUE_OPT_RECORDSIZE 18 +#define VALUE_OPT_DISABLE_EXTENSIONS 17 +#define VALUE_OPT_PRINT_CERT 18 +#define VALUE_OPT_RECORDSIZE 19 #define OPT_VALUE_RECORDSIZE (DESC(RECORDSIZE).optArg.argInt) -#define VALUE_OPT_DH_BITS 19 +#define VALUE_OPT_DH_BITS 20 #define OPT_VALUE_DH_BITS (DESC(DH_BITS).optArg.argInt) -#define VALUE_OPT_PRIORITY 20 -#define VALUE_OPT_X509CAFILE 21 -#define VALUE_OPT_X509CRLFILE 22 -#define VALUE_OPT_PGPKEYFILE 23 -#define VALUE_OPT_PGPKEYRING 24 -#define VALUE_OPT_PGPCERTFILE 25 -#define VALUE_OPT_X509KEYFILE 26 -#define VALUE_OPT_X509CERTFILE 27 -#define VALUE_OPT_PGPSUBKEY 28 -#define VALUE_OPT_SRPUSERNAME 29 -#define VALUE_OPT_SRPPASSWD 30 -#define VALUE_OPT_PSKUSERNAME 31 -#define VALUE_OPT_PSKKEY 32 +#define VALUE_OPT_PRIORITY 21 +#define VALUE_OPT_X509CAFILE 22 +#define VALUE_OPT_X509CRLFILE 23 +#define VALUE_OPT_PGPKEYFILE 24 +#define VALUE_OPT_PGPKEYRING 25 +#define VALUE_OPT_PGPCERTFILE 26 +#define VALUE_OPT_X509KEYFILE 27 +#define VALUE_OPT_X509CERTFILE 28 +#define VALUE_OPT_PGPSUBKEY 29 +#define VALUE_OPT_SRPUSERNAME 30 +#define VALUE_OPT_SRPPASSWD 31 +#define VALUE_OPT_PSKUSERNAME 32 +#define VALUE_OPT_PSKKEY 129 #define VALUE_OPT_PORT 'p' -#define VALUE_OPT_INSECURE 130 -#define VALUE_OPT_BENCHMARK_CIPHERS 131 -#define VALUE_OPT_BENCHMARK_SOFT_CIPHERS 132 -#define VALUE_OPT_BENCHMARK_TLS_KX 133 -#define VALUE_OPT_BENCHMARK_TLS_CIPHERS 134 +#define VALUE_OPT_INSECURE 131 +#define VALUE_OPT_BENCHMARK_CIPHERS 132 +#define VALUE_OPT_BENCHMARK_SOFT_CIPHERS 133 +#define VALUE_OPT_BENCHMARK_TLS_KX 134 +#define VALUE_OPT_BENCHMARK_TLS_CIPHERS 135 #define VALUE_OPT_LIST 'l' #define VALUE_OPT_HELP 'h' #define VALUE_OPT_MORE_HELP '!' @@ -399,28 +399,32 @@ cert_verify_callback (gnutls_session_t session) unsigned int status = 0; int ssh = ENABLED_OPT(TOFU); int dane = ENABLED_OPT(DANE); + int ca_verify = ENABLED_OPT(CA_VERIFICATION); const char* txt_service; print_cert_info (session, verbose, print_cert); - rc = cert_verify(session, hostname); - if (rc == 0) + if (ca_verify) { - printf ("*** Verifying server certificate failed...\n"); - if (!insecure && !ssh) - return -1; - } - else if (ENABLED_OPT(OCSP)) - { /* off-line verification succeeded. Try OCSP */ - rc = cert_verify_ocsp(session); + rc = cert_verify(session, hostname); if (rc == 0) { - printf ("*** Verifying (with OCSP) server certificate failed...\n"); + printf ("*** Verifying server certificate failed...\n"); if (!insecure && !ssh) return -1; } - else if (rc == -1) - printf("*** OCSP response ignored\n"); + else if (ENABLED_OPT(OCSP)) + { /* off-line verification succeeded. Try OCSP */ + rc = cert_verify_ocsp(session); + if (rc == 0) + { + printf ("*** Verifying (with OCSP) server certificate failed...\n"); + if (!insecure && !ssh) + return -1; + } + else if (rc == -1) + printf("*** OCSP response ignored\n"); + } } if (ssh) /* try ssh auth */ |