diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-21 20:57:00 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-11-21 21:00:38 +0100 |
| commit | c781989b10e571b76d1a8c50d4a2f18c3b59677b (patch) | |
| tree | e6383319eb69503b6aed76bc6a9b588f3216201d | |
| parent | 86b0a21482e69268394efbd847cc078b77b07cde (diff) | |
| download | gnutls-c781989b10e571b76d1a8c50d4a2f18c3b59677b.tar.gz | |
updated parameters
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | doc/invoke-certtool.texi | 26 | ||||
| -rw-r--r-- | src/certtool-args.c | 536 | ||||
| -rw-r--r-- | src/certtool-args.def | 13 | ||||
| -rw-r--r-- | src/certtool-args.h | 56 | ||||
| -rw-r--r-- | src/certtool.c | 4 |
6 files changed, 353 insertions, 287 deletions
@@ -17,12 +17,11 @@ public key on generation. affected combined levels. Patch by Tim Kosse. ** certtool: The --pubkey-info option can be combined with the ---load-privkey in order to print the corresponding public key of a private -key. +--load-privkey or --load-request to print the corresponding public keys. ** certtool: It is able to set certificate policies via a template. -** certtool: Added --simple-numbers option which prints big numbers in +** certtool: Added --hex-numbers option which prints big numbers in an easier to parse format. ** p11tool: After key generation, outputs the public key (useful in diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi index 1ac06b673f..29a6eae6b4 100644 --- a/doc/invoke-certtool.texi +++ b/doc/invoke-certtool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-certtool.texi) # -# It has been AutoGen-ed November 20, 2012 at 05:51:14 PM by AutoGen 5.16 +# It has been AutoGen-ed November 21, 2012 at 09:00:30 PM by AutoGen 5.16 # From the definitions ../src/certtool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -71,7 +71,7 @@ USAGE: certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... --load-ca-privkey=str Loads the certificate authority's private key file --load-ca-certificate=str Loads the certificate authority's certificate file --password=str Password to use - --simple-numbers Print big number in an easier format to parse + --hex-numbers Print big number in an easier format to parse --null-password Enforce a NULL password -i, --certificate-info Print information on the given certificate --certificate-pubkey Print certificate's public key @@ -95,6 +95,7 @@ USAGE: certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... --rsa Generate RSA key --dsa Generate DSA key --ecc Generate ECC (ECDSA) key + --ecdsa This is an alias for 'ecc' --hash=str Hash algorithm to use for signing. --inder Use DER format for input certificates and private keys. - disabled as --no-inder @@ -224,6 +225,27 @@ load-certificate. @end itemize It requires a certificate, a private key and possibly a CA certificate to be specified. +@anchor{certtool rsa} +@subheading rsa option + +This is the ``generate rsa key'' option. +When combined with --generate-privkey generates an RSA private key. +@anchor{certtool dsa} +@subheading dsa option + +This is the ``generate dsa key'' option. +When combined with --generate-privkey generates a DSA private key. +@anchor{certtool ecc} +@subheading ecc option + +This is the ``generate ecc (ecdsa) key'' option. +When combined with --generate-privkey generates an elliptic curve private key to be used with ECDSA. +@anchor{certtool ecdsa} +@subheading ecdsa option + +This is an alias for the ecc option, +@pxref{certtool ecc, the ecc option documentation}. + @anchor{certtool hash} @subheading hash option diff --git a/src/certtool-args.c b/src/certtool-args.c index 9eee3b9120..436d5633a5 100644 --- a/src/certtool-args.c +++ b/src/certtool-args.c @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.c) * - * It has been AutoGen-ed November 20, 2012 at 05:51:05 PM by AutoGen 5.16 + * It has been AutoGen-ed November 21, 2012 at 09:00:25 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * @@ -67,7 +67,7 @@ extern FILE * option_usage_fp; /* * certtool option static const strings */ -static char const certtool_opt_strs[4767] = +static char const certtool_opt_strs[4794] = /* 0 */ "certtool @VERSION@\n" "Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" @@ -157,117 +157,119 @@ static char const certtool_opt_strs[4767] = /* 2309 */ "PASSWORD\0" /* 2318 */ "password\0" /* 2327 */ "Print big number in an easier format to parse\0" -/* 2373 */ "SIMPLE_NUMBERS\0" -/* 2388 */ "simple-numbers\0" -/* 2403 */ "Enforce a NULL password\0" -/* 2427 */ "NULL_PASSWORD\0" -/* 2441 */ "null-password\0" -/* 2455 */ "Print information on the given certificate\0" -/* 2498 */ "CERTIFICATE_INFO\0" -/* 2515 */ "certificate-info\0" -/* 2532 */ "Print certificate's public key\0" -/* 2563 */ "CERTIFICATE_PUBKEY\0" -/* 2582 */ "certificate-pubkey\0" -/* 2601 */ "Print information on the given OpenPGP certificate\0" -/* 2652 */ "PGP_CERTIFICATE_INFO\0" -/* 2673 */ "pgp-certificate-info\0" -/* 2694 */ "Print information on the given OpenPGP keyring structure\0" -/* 2751 */ "PGP_RING_INFO\0" -/* 2765 */ "pgp-ring-info\0" -/* 2779 */ "Print information on the given CRL structure\0" -/* 2824 */ "CRL_INFO\0" -/* 2833 */ "crl-info\0" -/* 2842 */ "Print information on the given certificate request\0" -/* 2893 */ "CRQ_INFO\0" -/* 2902 */ "crq-info\0" -/* 2911 */ "Do not use extensions in certificate requests\0" -/* 2957 */ "NO_CRQ_EXTENSIONS\0" -/* 2975 */ "no-crq-extensions\0" -/* 2993 */ "Print information on a PKCS #12 structure\0" -/* 3035 */ "P12_INFO\0" -/* 3044 */ "p12-info\0" -/* 3053 */ "Print information on a PKCS #7 structure\0" -/* 3094 */ "P7_INFO\0" -/* 3102 */ "p7-info\0" -/* 3110 */ "Convert S/MIME to PKCS #7 structure\0" -/* 3146 */ "SMIME_TO_P7\0" -/* 3158 */ "smime-to-p7\0" -/* 3170 */ "Print information on a private key\0" -/* 3205 */ "KEY_INFO\0" -/* 3214 */ "key-info\0" -/* 3223 */ "Print information on an OpenPGP private key\0" -/* 3267 */ "PGP_KEY_INFO\0" -/* 3280 */ "pgp-key-info\0" -/* 3293 */ "Print information on a public key\0" -/* 3327 */ "PUBKEY_INFO\0" -/* 3339 */ "pubkey-info\0" -/* 3351 */ "Generate an X.509 version 1 certificate (with no extensions)\0" -/* 3412 */ "V1\0" -/* 3415 */ "v1\0" -/* 3418 */ "Generate a PKCS #12 structure\0" -/* 3448 */ "TO_P12\0" -/* 3455 */ "to-p12\0" -/* 3462 */ "Generate a PKCS #8 structure\0" -/* 3491 */ "TO_P8\0" -/* 3497 */ "to-p8\0" -/* 3503 */ "Use PKCS #8 format for private keys\0" -/* 3539 */ "PKCS8\0" -/* 3545 */ "pkcs8\0" -/* 3551 */ "Generate RSA key\0" -/* 3568 */ "RSA\0" -/* 3572 */ "rsa\0" -/* 3576 */ "Generate DSA key\0" -/* 3593 */ "DSA\0" -/* 3597 */ "dsa\0" -/* 3601 */ "Generate ECC (ECDSA) key\0" -/* 3626 */ "ECC\0" -/* 3630 */ "ecc\0" -/* 3634 */ "Hash algorithm to use for signing.\0" -/* 3669 */ "HASH\0" -/* 3674 */ "hash\0" -/* 3679 */ "Use DER format for input certificates and private keys.\0" -/* 3735 */ "INDER\0" -/* 3741 */ "no-inder\0" -/* 3750 */ "no\0" -/* 3753 */ "This is an alias for 'inder'\0" -/* 3782 */ "inraw\0" -/* 3788 */ "Use DER format for output certificates and private keys\0" -/* 3844 */ "OUTDER\0" -/* 3851 */ "no-outder\0" -/* 3861 */ "This is an alias for 'outder'\0" -/* 3891 */ "outraw\0" -/* 3898 */ "Specify the number of bits for key generate\0" -/* 3942 */ "BITS\0" -/* 3947 */ "bits\0" -/* 3952 */ "Specify the security level [low, legacy, normal, high, ultra].\0" -/* 4015 */ "SEC_PARAM\0" -/* 4025 */ "sec-param\0" -/* 4035 */ "No effect\0" -/* 4045 */ "DISABLE_QUICK_RANDOM\0" -/* 4066 */ "disable-quick-random\0" -/* 4087 */ "Template file to use for non-interactive operation\0" -/* 4138 */ "TEMPLATE\0" -/* 4147 */ "template\0" -/* 4156 */ "Cipher to use for PKCS #8 and #12 operations\0" -/* 4201 */ "PKCS_CIPHER\0" -/* 4213 */ "pkcs-cipher\0" -/* 4225 */ "Display extended usage information and exit\0" -/* 4269 */ "help\0" -/* 4274 */ "Extended usage information passed thru pager\0" -/* 4319 */ "more-help\0" -/* 4329 */ "Output version information and exit\0" -/* 4365 */ "version\0" -/* 4373 */ "CERTTOOL\0" -/* 4382 */ "certtool - GnuTLS certificate tool - Ver. @VERSION@\n" +/* 2373 */ "HEX_NUMBERS\0" +/* 2385 */ "hex-numbers\0" +/* 2397 */ "Enforce a NULL password\0" +/* 2421 */ "NULL_PASSWORD\0" +/* 2435 */ "null-password\0" +/* 2449 */ "Print information on the given certificate\0" +/* 2492 */ "CERTIFICATE_INFO\0" +/* 2509 */ "certificate-info\0" +/* 2526 */ "Print certificate's public key\0" +/* 2557 */ "CERTIFICATE_PUBKEY\0" +/* 2576 */ "certificate-pubkey\0" +/* 2595 */ "Print information on the given OpenPGP certificate\0" +/* 2646 */ "PGP_CERTIFICATE_INFO\0" +/* 2667 */ "pgp-certificate-info\0" +/* 2688 */ "Print information on the given OpenPGP keyring structure\0" +/* 2745 */ "PGP_RING_INFO\0" +/* 2759 */ "pgp-ring-info\0" +/* 2773 */ "Print information on the given CRL structure\0" +/* 2818 */ "CRL_INFO\0" +/* 2827 */ "crl-info\0" +/* 2836 */ "Print information on the given certificate request\0" +/* 2887 */ "CRQ_INFO\0" +/* 2896 */ "crq-info\0" +/* 2905 */ "Do not use extensions in certificate requests\0" +/* 2951 */ "NO_CRQ_EXTENSIONS\0" +/* 2969 */ "no-crq-extensions\0" +/* 2987 */ "Print information on a PKCS #12 structure\0" +/* 3029 */ "P12_INFO\0" +/* 3038 */ "p12-info\0" +/* 3047 */ "Print information on a PKCS #7 structure\0" +/* 3088 */ "P7_INFO\0" +/* 3096 */ "p7-info\0" +/* 3104 */ "Convert S/MIME to PKCS #7 structure\0" +/* 3140 */ "SMIME_TO_P7\0" +/* 3152 */ "smime-to-p7\0" +/* 3164 */ "Print information on a private key\0" +/* 3199 */ "KEY_INFO\0" +/* 3208 */ "key-info\0" +/* 3217 */ "Print information on an OpenPGP private key\0" +/* 3261 */ "PGP_KEY_INFO\0" +/* 3274 */ "pgp-key-info\0" +/* 3287 */ "Print information on a public key\0" +/* 3321 */ "PUBKEY_INFO\0" +/* 3333 */ "pubkey-info\0" +/* 3345 */ "Generate an X.509 version 1 certificate (with no extensions)\0" +/* 3406 */ "V1\0" +/* 3409 */ "v1\0" +/* 3412 */ "Generate a PKCS #12 structure\0" +/* 3442 */ "TO_P12\0" +/* 3449 */ "to-p12\0" +/* 3456 */ "Generate a PKCS #8 structure\0" +/* 3485 */ "TO_P8\0" +/* 3491 */ "to-p8\0" +/* 3497 */ "Use PKCS #8 format for private keys\0" +/* 3533 */ "PKCS8\0" +/* 3539 */ "pkcs8\0" +/* 3545 */ "Generate RSA key\0" +/* 3562 */ "RSA\0" +/* 3566 */ "rsa\0" +/* 3570 */ "Generate DSA key\0" +/* 3587 */ "DSA\0" +/* 3591 */ "dsa\0" +/* 3595 */ "Generate ECC (ECDSA) key\0" +/* 3620 */ "ECC\0" +/* 3624 */ "ecc\0" +/* 3628 */ "This is an alias for 'ecc'\0" +/* 3655 */ "ecdsa\0" +/* 3661 */ "Hash algorithm to use for signing.\0" +/* 3696 */ "HASH\0" +/* 3701 */ "hash\0" +/* 3706 */ "Use DER format for input certificates and private keys.\0" +/* 3762 */ "INDER\0" +/* 3768 */ "no-inder\0" +/* 3777 */ "no\0" +/* 3780 */ "This is an alias for 'inder'\0" +/* 3809 */ "inraw\0" +/* 3815 */ "Use DER format for output certificates and private keys\0" +/* 3871 */ "OUTDER\0" +/* 3878 */ "no-outder\0" +/* 3888 */ "This is an alias for 'outder'\0" +/* 3918 */ "outraw\0" +/* 3925 */ "Specify the number of bits for key generate\0" +/* 3969 */ "BITS\0" +/* 3974 */ "bits\0" +/* 3979 */ "Specify the security level [low, legacy, normal, high, ultra].\0" +/* 4042 */ "SEC_PARAM\0" +/* 4052 */ "sec-param\0" +/* 4062 */ "No effect\0" +/* 4072 */ "DISABLE_QUICK_RANDOM\0" +/* 4093 */ "disable-quick-random\0" +/* 4114 */ "Template file to use for non-interactive operation\0" +/* 4165 */ "TEMPLATE\0" +/* 4174 */ "template\0" +/* 4183 */ "Cipher to use for PKCS #8 and #12 operations\0" +/* 4228 */ "PKCS_CIPHER\0" +/* 4240 */ "pkcs-cipher\0" +/* 4252 */ "Display extended usage information and exit\0" +/* 4296 */ "help\0" +/* 4301 */ "Extended usage information passed thru pager\0" +/* 4346 */ "more-help\0" +/* 4356 */ "Output version information and exit\0" +/* 4392 */ "version\0" +/* 4400 */ "CERTTOOL\0" +/* 4409 */ "certtool - GnuTLS certificate tool - Ver. @VERSION@\n" "USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" -/* 4492 */ "bug-gnutls@gnu.org\0" -/* 4511 */ "\n\n\0" -/* 4514 */ "\n" +/* 4519 */ "bug-gnutls@gnu.org\0" +/* 4538 */ "\n\n\0" +/* 4541 */ "\n" "Tool to parse and generate X.509 certificates, requests and private keys.\n" "It can be used interactively or non interactively by specifying the\n" "template command line option.\n\0" -/* 4688 */ "certtool @VERSION@\0" -/* 4707 */ "certtool [options]\n" +/* 4715 */ "certtool @VERSION@\0" +/* 4734 */ "certtool [options]\n" "certtool --help for usage instructions.\n"; /* @@ -479,140 +481,140 @@ static int const aVerify_CrlMustList[] = { | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* - * simple-numbers option description: + * hex-numbers option description: */ -#define SIMPLE_NUMBERS_DESC (certtool_opt_strs+2327) -#define SIMPLE_NUMBERS_NAME (certtool_opt_strs+2373) -#define SIMPLE_NUMBERS_name (certtool_opt_strs+2388) -#define SIMPLE_NUMBERS_FLAGS (OPTST_DISABLED) +#define HEX_NUMBERS_DESC (certtool_opt_strs+2327) +#define HEX_NUMBERS_NAME (certtool_opt_strs+2373) +#define HEX_NUMBERS_name (certtool_opt_strs+2385) +#define HEX_NUMBERS_FLAGS (OPTST_DISABLED) /* * null-password option description: */ -#define NULL_PASSWORD_DESC (certtool_opt_strs+2403) -#define NULL_PASSWORD_NAME (certtool_opt_strs+2427) -#define NULL_PASSWORD_name (certtool_opt_strs+2441) +#define NULL_PASSWORD_DESC (certtool_opt_strs+2397) +#define NULL_PASSWORD_NAME (certtool_opt_strs+2421) +#define NULL_PASSWORD_name (certtool_opt_strs+2435) #define NULL_PASSWORD_FLAGS (OPTST_DISABLED) /* * certificate-info option description: */ -#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2455) -#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2498) -#define CERTIFICATE_INFO_name (certtool_opt_strs+2515) +#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2449) +#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2492) +#define CERTIFICATE_INFO_name (certtool_opt_strs+2509) #define CERTIFICATE_INFO_FLAGS (OPTST_DISABLED) /* * certificate-pubkey option description: */ -#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2532) -#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2563) -#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2582) +#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2526) +#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2557) +#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2576) #define CERTIFICATE_PUBKEY_FLAGS (OPTST_DISABLED) /* * pgp-certificate-info option description: */ -#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2601) -#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2652) -#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2673) +#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2595) +#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2646) +#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2667) #define PGP_CERTIFICATE_INFO_FLAGS (OPTST_DISABLED) /* * pgp-ring-info option description: */ -#define PGP_RING_INFO_DESC (certtool_opt_strs+2694) -#define PGP_RING_INFO_NAME (certtool_opt_strs+2751) -#define PGP_RING_INFO_name (certtool_opt_strs+2765) +#define PGP_RING_INFO_DESC (certtool_opt_strs+2688) +#define PGP_RING_INFO_NAME (certtool_opt_strs+2745) +#define PGP_RING_INFO_name (certtool_opt_strs+2759) #define PGP_RING_INFO_FLAGS (OPTST_DISABLED) /* * crl-info option description: */ -#define CRL_INFO_DESC (certtool_opt_strs+2779) -#define CRL_INFO_NAME (certtool_opt_strs+2824) -#define CRL_INFO_name (certtool_opt_strs+2833) +#define CRL_INFO_DESC (certtool_opt_strs+2773) +#define CRL_INFO_NAME (certtool_opt_strs+2818) +#define CRL_INFO_name (certtool_opt_strs+2827) #define CRL_INFO_FLAGS (OPTST_DISABLED) /* * crq-info option description: */ -#define CRQ_INFO_DESC (certtool_opt_strs+2842) -#define CRQ_INFO_NAME (certtool_opt_strs+2893) -#define CRQ_INFO_name (certtool_opt_strs+2902) +#define CRQ_INFO_DESC (certtool_opt_strs+2836) +#define CRQ_INFO_NAME (certtool_opt_strs+2887) +#define CRQ_INFO_name (certtool_opt_strs+2896) #define CRQ_INFO_FLAGS (OPTST_DISABLED) /* * no-crq-extensions option description: */ -#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2911) -#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2957) -#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2975) +#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2905) +#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2951) +#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2969) #define NO_CRQ_EXTENSIONS_FLAGS (OPTST_DISABLED) /* * p12-info option description: */ -#define P12_INFO_DESC (certtool_opt_strs+2993) -#define P12_INFO_NAME (certtool_opt_strs+3035) -#define P12_INFO_name (certtool_opt_strs+3044) +#define P12_INFO_DESC (certtool_opt_strs+2987) +#define P12_INFO_NAME (certtool_opt_strs+3029) +#define P12_INFO_name (certtool_opt_strs+3038) #define P12_INFO_FLAGS (OPTST_DISABLED) /* * p7-info option description: */ -#define P7_INFO_DESC (certtool_opt_strs+3053) -#define P7_INFO_NAME (certtool_opt_strs+3094) -#define P7_INFO_name (certtool_opt_strs+3102) +#define P7_INFO_DESC (certtool_opt_strs+3047) +#define P7_INFO_NAME (certtool_opt_strs+3088) +#define P7_INFO_name (certtool_opt_strs+3096) #define P7_INFO_FLAGS (OPTST_DISABLED) /* * smime-to-p7 option description: */ -#define SMIME_TO_P7_DESC (certtool_opt_strs+3110) -#define SMIME_TO_P7_NAME (certtool_opt_strs+3146) -#define SMIME_TO_P7_name (certtool_opt_strs+3158) +#define SMIME_TO_P7_DESC (certtool_opt_strs+3104) +#define SMIME_TO_P7_NAME (certtool_opt_strs+3140) +#define SMIME_TO_P7_name (certtool_opt_strs+3152) #define SMIME_TO_P7_FLAGS (OPTST_DISABLED) /* * key-info option description: */ -#define KEY_INFO_DESC (certtool_opt_strs+3170) -#define KEY_INFO_NAME (certtool_opt_strs+3205) -#define KEY_INFO_name (certtool_opt_strs+3214) +#define KEY_INFO_DESC (certtool_opt_strs+3164) +#define KEY_INFO_NAME (certtool_opt_strs+3199) +#define KEY_INFO_name (certtool_opt_strs+3208) #define KEY_INFO_FLAGS (OPTST_DISABLED) /* * pgp-key-info option description: */ -#define PGP_KEY_INFO_DESC (certtool_opt_strs+3223) -#define PGP_KEY_INFO_NAME (certtool_opt_strs+3267) -#define PGP_KEY_INFO_name (certtool_opt_strs+3280) +#define PGP_KEY_INFO_DESC (certtool_opt_strs+3217) +#define PGP_KEY_INFO_NAME (certtool_opt_strs+3261) +#define PGP_KEY_INFO_name (certtool_opt_strs+3274) #define PGP_KEY_INFO_FLAGS (OPTST_DISABLED) /* * pubkey-info option description: */ -#define PUBKEY_INFO_DESC (certtool_opt_strs+3293) -#define PUBKEY_INFO_NAME (certtool_opt_strs+3327) -#define PUBKEY_INFO_name (certtool_opt_strs+3339) +#define PUBKEY_INFO_DESC (certtool_opt_strs+3287) +#define PUBKEY_INFO_NAME (certtool_opt_strs+3321) +#define PUBKEY_INFO_name (certtool_opt_strs+3333) #define PUBKEY_INFO_FLAGS (OPTST_DISABLED) /* * v1 option description: */ -#define V1_DESC (certtool_opt_strs+3351) -#define V1_NAME (certtool_opt_strs+3412) -#define V1_name (certtool_opt_strs+3415) +#define V1_DESC (certtool_opt_strs+3345) +#define V1_NAME (certtool_opt_strs+3406) +#define V1_name (certtool_opt_strs+3409) #define V1_FLAGS (OPTST_DISABLED) /* * to-p12 option description with * "Must also have options" and "Incompatible options": */ -#define TO_P12_DESC (certtool_opt_strs+3418) -#define TO_P12_NAME (certtool_opt_strs+3448) -#define TO_P12_name (certtool_opt_strs+3455) +#define TO_P12_DESC (certtool_opt_strs+3412) +#define TO_P12_NAME (certtool_opt_strs+3442) +#define TO_P12_name (certtool_opt_strs+3449) static int const aTo_P12MustList[] = { INDEX_OPT_LOAD_CERTIFICATE, NO_EQUIVALENT }; #define TO_P12_FLAGS (OPTST_DISABLED) @@ -620,140 +622,148 @@ static int const aTo_P12MustList[] = { /* * to-p8 option description: */ -#define TO_P8_DESC (certtool_opt_strs+3462) -#define TO_P8_NAME (certtool_opt_strs+3491) -#define TO_P8_name (certtool_opt_strs+3497) +#define TO_P8_DESC (certtool_opt_strs+3456) +#define TO_P8_NAME (certtool_opt_strs+3485) +#define TO_P8_name (certtool_opt_strs+3491) #define TO_P8_FLAGS (OPTST_DISABLED) /* * pkcs8 option description: */ -#define PKCS8_DESC (certtool_opt_strs+3503) -#define PKCS8_NAME (certtool_opt_strs+3539) -#define PKCS8_name (certtool_opt_strs+3545) +#define PKCS8_DESC (certtool_opt_strs+3497) +#define PKCS8_NAME (certtool_opt_strs+3533) +#define PKCS8_name (certtool_opt_strs+3539) #define PKCS8_FLAGS (OPTST_DISABLED) /* * rsa option description: */ -#define RSA_DESC (certtool_opt_strs+3551) -#define RSA_NAME (certtool_opt_strs+3568) -#define RSA_name (certtool_opt_strs+3572) +#define RSA_DESC (certtool_opt_strs+3545) +#define RSA_NAME (certtool_opt_strs+3562) +#define RSA_name (certtool_opt_strs+3566) #define RSA_FLAGS (OPTST_DISABLED) /* * dsa option description: */ -#define DSA_DESC (certtool_opt_strs+3576) -#define DSA_NAME (certtool_opt_strs+3593) -#define DSA_name (certtool_opt_strs+3597) +#define DSA_DESC (certtool_opt_strs+3570) +#define DSA_NAME (certtool_opt_strs+3587) +#define DSA_name (certtool_opt_strs+3591) #define DSA_FLAGS (OPTST_DISABLED) /* * ecc option description: */ -#define ECC_DESC (certtool_opt_strs+3601) -#define ECC_NAME (certtool_opt_strs+3626) -#define ECC_name (certtool_opt_strs+3630) +#define ECC_DESC (certtool_opt_strs+3595) +#define ECC_NAME (certtool_opt_strs+3620) +#define ECC_name (certtool_opt_strs+3624) #define ECC_FLAGS (OPTST_DISABLED) /* + * ecdsa option description: + */ +#define ECDSA_DESC (certtool_opt_strs+3628) +#define ECDSA_NAME NULL +#define ECDSA_name (certtool_opt_strs+3655) +#define ECDSA_FLAGS (ECC_FLAGS | OPTST_ALIAS) + +/* * hash option description: */ -#define HASH_DESC (certtool_opt_strs+3634) -#define HASH_NAME (certtool_opt_strs+3669) -#define HASH_name (certtool_opt_strs+3674) +#define HASH_DESC (certtool_opt_strs+3661) +#define HASH_NAME (certtool_opt_strs+3696) +#define HASH_name (certtool_opt_strs+3701) #define HASH_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * inder option description: */ -#define INDER_DESC (certtool_opt_strs+3679) -#define INDER_NAME (certtool_opt_strs+3735) -#define NOT_INDER_name (certtool_opt_strs+3741) -#define NOT_INDER_PFX (certtool_opt_strs+3750) +#define INDER_DESC (certtool_opt_strs+3706) +#define INDER_NAME (certtool_opt_strs+3762) +#define NOT_INDER_name (certtool_opt_strs+3768) +#define NOT_INDER_PFX (certtool_opt_strs+3777) #define INDER_name (NOT_INDER_name + 3) #define INDER_FLAGS (OPTST_DISABLED) /* * inraw option description: */ -#define INRAW_DESC (certtool_opt_strs+3753) +#define INRAW_DESC (certtool_opt_strs+3780) #define INRAW_NAME NULL -#define INRAW_name (certtool_opt_strs+3782) +#define INRAW_name (certtool_opt_strs+3809) #define INRAW_FLAGS (INDER_FLAGS | OPTST_ALIAS) /* * outder option description: */ -#define OUTDER_DESC (certtool_opt_strs+3788) -#define OUTDER_NAME (certtool_opt_strs+3844) -#define NOT_OUTDER_name (certtool_opt_strs+3851) -#define NOT_OUTDER_PFX (certtool_opt_strs+3750) +#define OUTDER_DESC (certtool_opt_strs+3815) +#define OUTDER_NAME (certtool_opt_strs+3871) +#define NOT_OUTDER_name (certtool_opt_strs+3878) +#define NOT_OUTDER_PFX (certtool_opt_strs+3777) #define OUTDER_name (NOT_OUTDER_name + 3) #define OUTDER_FLAGS (OPTST_DISABLED) /* * outraw option description: */ -#define OUTRAW_DESC (certtool_opt_strs+3861) +#define OUTRAW_DESC (certtool_opt_strs+3888) #define OUTRAW_NAME NULL -#define OUTRAW_name (certtool_opt_strs+3891) +#define OUTRAW_name (certtool_opt_strs+3918) #define OUTRAW_FLAGS (OUTDER_FLAGS | OPTST_ALIAS) /* * bits option description: */ -#define BITS_DESC (certtool_opt_strs+3898) -#define BITS_NAME (certtool_opt_strs+3942) -#define BITS_name (certtool_opt_strs+3947) +#define BITS_DESC (certtool_opt_strs+3925) +#define BITS_NAME (certtool_opt_strs+3969) +#define BITS_name (certtool_opt_strs+3974) #define BITS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) /* * sec-param option description: */ -#define SEC_PARAM_DESC (certtool_opt_strs+3952) -#define SEC_PARAM_NAME (certtool_opt_strs+4015) -#define SEC_PARAM_name (certtool_opt_strs+4025) +#define SEC_PARAM_DESC (certtool_opt_strs+3979) +#define SEC_PARAM_NAME (certtool_opt_strs+4042) +#define SEC_PARAM_name (certtool_opt_strs+4052) #define SEC_PARAM_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * disable-quick-random option description: */ -#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+4035) -#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+4045) -#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+4066) +#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+4062) +#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+4072) +#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+4093) #define DISABLE_QUICK_RANDOM_FLAGS (OPTST_DISABLED) /* * template option description: */ -#define TEMPLATE_DESC (certtool_opt_strs+4087) -#define TEMPLATE_NAME (certtool_opt_strs+4138) -#define TEMPLATE_name (certtool_opt_strs+4147) +#define TEMPLATE_DESC (certtool_opt_strs+4114) +#define TEMPLATE_NAME (certtool_opt_strs+4165) +#define TEMPLATE_name (certtool_opt_strs+4174) #define TEMPLATE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) /* * pkcs-cipher option description: */ -#define PKCS_CIPHER_DESC (certtool_opt_strs+4156) -#define PKCS_CIPHER_NAME (certtool_opt_strs+4201) -#define PKCS_CIPHER_name (certtool_opt_strs+4213) +#define PKCS_CIPHER_DESC (certtool_opt_strs+4183) +#define PKCS_CIPHER_NAME (certtool_opt_strs+4228) +#define PKCS_CIPHER_name (certtool_opt_strs+4240) #define PKCS_CIPHER_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /* * Help/More_Help/Version option descriptions: */ -#define HELP_DESC (certtool_opt_strs+4225) -#define HELP_name (certtool_opt_strs+4269) +#define HELP_DESC (certtool_opt_strs+4252) +#define HELP_name (certtool_opt_strs+4296) #ifdef HAVE_WORKING_FORK -#define MORE_HELP_DESC (certtool_opt_strs+4274) -#define MORE_HELP_name (certtool_opt_strs+4319) +#define MORE_HELP_DESC (certtool_opt_strs+4301) +#define MORE_HELP_name (certtool_opt_strs+4346) #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) #else #define MORE_HELP_DESC NULL @@ -766,8 +776,8 @@ static int const aTo_P12MustList[] = { # define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT) #endif -#define VER_DESC (certtool_opt_strs+4329) -#define VER_name (certtool_opt_strs+4365) +#define VER_DESC (certtool_opt_strs+4356) +#define VER_name (certtool_opt_strs+4392) /* * Declare option callback procedures */ @@ -777,9 +787,9 @@ extern tOptProc optionStackArg, optionTimeDate, optionTimeVal, optionUnstackArg, optionVendorOption; static tOptProc - doOptDebug, doOptInfile, doOptInraw, - doOptLoad_Request, doOptOutraw, doOptTemplate, - doUsageOpt; + doOptDebug, doOptEcdsa, doOptInfile, + doOptInraw, doOptLoad_Request, doOptOutraw, + doOptTemplate, doUsageOpt; #define VER_PROC optionPrintVersion /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ @@ -1077,16 +1087,16 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PASSWORD_DESC, PASSWORD_NAME, PASSWORD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 24, VALUE_OPT_SIMPLE_NUMBERS, - /* equiv idx, value */ 24, VALUE_OPT_SIMPLE_NUMBERS, + { /* entry idx, value */ 24, VALUE_OPT_HEX_NUMBERS, + /* equiv idx, value */ 24, VALUE_OPT_HEX_NUMBERS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, - /* opt state flags */ SIMPLE_NUMBERS_FLAGS, 0, - /* last opt argumnt */ { NULL }, /* --simple-numbers */ + /* opt state flags */ HEX_NUMBERS_FLAGS, 0, + /* last opt argumnt */ { NULL }, /* --hex-numbers */ /* arg list/cookie */ NULL, /* must/cannot opts */ NULL, NULL, /* option proc */ NULL, - /* desc, NAME, name */ SIMPLE_NUMBERS_DESC, SIMPLE_NUMBERS_NAME, SIMPLE_NUMBERS_name, + /* desc, NAME, name */ HEX_NUMBERS_DESC, HEX_NUMBERS_NAME, HEX_NUMBERS_name, /* disablement strs */ NULL, NULL }, { /* entry idx, value */ 25, VALUE_OPT_NULL_PASSWORD, @@ -1341,8 +1351,20 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ ECC_DESC, ECC_NAME, ECC_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 46, VALUE_OPT_HASH, - /* equiv idx, value */ 46, VALUE_OPT_HASH, + { /* entry idx, value */ 46, VALUE_OPT_ECDSA, + /* equiv idx, value */ 46, VALUE_OPT_ECDSA, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ ECDSA_FLAGS, 0, + /* last opt argumnt */ { NULL }, /* --ecdsa */ + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptEcdsa, + /* desc, NAME, name */ ECDSA_DESC, ECDSA_NAME, ECDSA_name, + /* disablement strs */ 0, 0 }, + + { /* entry idx, value */ 47, VALUE_OPT_HASH, + /* equiv idx, value */ 47, VALUE_OPT_HASH, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ HASH_FLAGS, 0, @@ -1353,8 +1375,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ HASH_DESC, HASH_NAME, HASH_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 47, VALUE_OPT_INDER, - /* equiv idx, value */ 47, VALUE_OPT_INDER, + { /* entry idx, value */ 48, VALUE_OPT_INDER, + /* equiv idx, value */ 48, VALUE_OPT_INDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INDER_FLAGS, 0, @@ -1365,8 +1387,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name, /* disablement strs */ NOT_INDER_name, NOT_INDER_PFX }, - { /* entry idx, value */ 48, VALUE_OPT_INRAW, - /* equiv idx, value */ 48, VALUE_OPT_INRAW, + { /* entry idx, value */ 49, VALUE_OPT_INRAW, + /* equiv idx, value */ 49, VALUE_OPT_INRAW, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INRAW_FLAGS, 0, @@ -1377,8 +1399,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INRAW_DESC, INRAW_NAME, INRAW_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 49, VALUE_OPT_OUTDER, - /* equiv idx, value */ 49, VALUE_OPT_OUTDER, + { /* entry idx, value */ 50, VALUE_OPT_OUTDER, + /* equiv idx, value */ 50, VALUE_OPT_OUTDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OUTDER_FLAGS, 0, @@ -1389,8 +1411,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name, /* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX }, - { /* entry idx, value */ 50, VALUE_OPT_OUTRAW, - /* equiv idx, value */ 50, VALUE_OPT_OUTRAW, + { /* entry idx, value */ 51, VALUE_OPT_OUTRAW, + /* equiv idx, value */ 51, VALUE_OPT_OUTRAW, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ OUTRAW_FLAGS, 0, @@ -1401,8 +1423,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OUTRAW_DESC, OUTRAW_NAME, OUTRAW_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 51, VALUE_OPT_BITS, - /* equiv idx, value */ 51, VALUE_OPT_BITS, + { /* entry idx, value */ 52, VALUE_OPT_BITS, + /* equiv idx, value */ 52, VALUE_OPT_BITS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BITS_FLAGS, 0, @@ -1413,8 +1435,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 52, VALUE_OPT_SEC_PARAM, - /* equiv idx, value */ 52, VALUE_OPT_SEC_PARAM, + { /* entry idx, value */ 53, VALUE_OPT_SEC_PARAM, + /* equiv idx, value */ 53, VALUE_OPT_SEC_PARAM, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SEC_PARAM_FLAGS, 0, @@ -1425,8 +1447,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 53, VALUE_OPT_DISABLE_QUICK_RANDOM, - /* equiv idx, value */ 53, VALUE_OPT_DISABLE_QUICK_RANDOM, + { /* entry idx, value */ 54, VALUE_OPT_DISABLE_QUICK_RANDOM, + /* equiv idx, value */ 54, VALUE_OPT_DISABLE_QUICK_RANDOM, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DISABLE_QUICK_RANDOM_FLAGS, 0, @@ -1437,8 +1459,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DISABLE_QUICK_RANDOM_DESC, DISABLE_QUICK_RANDOM_NAME, DISABLE_QUICK_RANDOM_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 54, VALUE_OPT_TEMPLATE, - /* equiv idx, value */ 54, VALUE_OPT_TEMPLATE, + { /* entry idx, value */ 55, VALUE_OPT_TEMPLATE, + /* equiv idx, value */ 55, VALUE_OPT_TEMPLATE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TEMPLATE_FLAGS, 0, @@ -1449,8 +1471,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TEMPLATE_DESC, TEMPLATE_NAME, TEMPLATE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 55, VALUE_OPT_PKCS_CIPHER, - /* equiv idx, value */ 55, VALUE_OPT_PKCS_CIPHER, + { /* entry idx, value */ 56, VALUE_OPT_PKCS_CIPHER, + /* equiv idx, value */ 56, VALUE_OPT_PKCS_CIPHER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PKCS_CIPHER_FLAGS, 0, @@ -1505,14 +1527,14 @@ static tOptDesc optDesc[OPTION_CT] = { * * Define the certtool Option Environment */ -#define zPROGNAME (certtool_opt_strs+4373) -#define zUsageTitle (certtool_opt_strs+4382) +#define zPROGNAME (certtool_opt_strs+4400) +#define zUsageTitle (certtool_opt_strs+4409) #define zRcName NULL #define apzHomeList NULL -#define zBugsAddr (certtool_opt_strs+4492) -#define zExplain (certtool_opt_strs+4511) -#define zDetail (certtool_opt_strs+4514) -#define zFullVersion (certtool_opt_strs+4688) +#define zBugsAddr (certtool_opt_strs+4519) +#define zExplain (certtool_opt_strs+4538) +#define zDetail (certtool_opt_strs+4541) +#define zFullVersion (certtool_opt_strs+4715) /* extracted from optcode.tlib near line 350 */ #if defined(ENABLE_NLS) @@ -1526,7 +1548,7 @@ static tOptDesc optDesc[OPTION_CT] = { #define certtool_full_usage (NULL) -#define certtool_short_usage (certtool_opt_strs+4707) +#define certtool_short_usage (certtool_opt_strs+4734) #endif /* not defined __doxygen__ */ @@ -1629,6 +1651,22 @@ doOptLoad_Request(tOptions* pOptions, tOptDesc* pOptDesc) /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ /** + * Code to handle the ecdsa option. + * + * @param pOptions the certtool options data structure + * @param pOptDesc the option descriptor for this option. + */ +static void +doOptEcdsa(tOptions* pOptions, tOptDesc* pOptDesc) +{ + int res = optionAlias(pOptions, pOptDesc, INDEX_OPT_ECC); + if ((res != 0) && ((pOptions->fOptSet & OPTPROC_ERRSTOP) != 0)) + USAGE(CERTTOOL_EXIT_FAILURE); + +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ +/** * Code to handle the inraw option. * * @param pOptions the certtool options data structure @@ -1743,7 +1781,7 @@ tOptions certtoolOptions = { NO_EQUIVALENT, /* '-#' option index */ NO_EQUIVALENT /* index of default opt */ }, - 59 /* full option count */, 56 /* user option count */, + 60 /* full option count */, 57 /* user option count */, certtool_full_usage, certtool_short_usage, NULL, NULL, PKGDATADIR, certtool_packager_info diff --git a/src/certtool-args.def b/src/certtool-args.def index 0cd94b5fcd..07afadc8bd 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -151,7 +151,7 @@ flag = { }; flag = { - name = simple-numbers; + name = hex-numbers; descrip = "Print big number in an easier format to parse"; doc = ""; }; @@ -273,19 +273,24 @@ flag = { flag = { name = rsa; descrip = "Generate RSA key"; - doc = ""; + doc = "When combined with --generate-privkey generates an RSA private key."; }; flag = { name = dsa; descrip = "Generate DSA key"; - doc = ""; + doc = "When combined with --generate-privkey generates a DSA private key."; }; flag = { name = ecc; descrip = "Generate ECC (ECDSA) key"; - doc = ""; + doc = "When combined with --generate-privkey generates an elliptic curve private key to be used with ECDSA."; +}; + +flag = { + name = ecdsa; + aliases = ecc; }; flag = { diff --git a/src/certtool-args.h b/src/certtool-args.h index 68166521e2..c82fc93f4c 100644 --- a/src/certtool-args.h +++ b/src/certtool-args.h @@ -2,7 +2,7 @@ * * DO NOT EDIT THIS FILE (certtool-args.h) * - * It has been AutoGen-ed November 20, 2012 at 05:51:05 PM by AutoGen 5.16 + * It has been AutoGen-ed November 21, 2012 at 09:00:25 PM by AutoGen 5.16 * From the definitions certtool-args.def * and the template file options * @@ -91,7 +91,7 @@ typedef enum { INDEX_OPT_LOAD_CA_PRIVKEY = 21, INDEX_OPT_LOAD_CA_CERTIFICATE = 22, INDEX_OPT_PASSWORD = 23, - INDEX_OPT_SIMPLE_NUMBERS = 24, + INDEX_OPT_HEX_NUMBERS = 24, INDEX_OPT_NULL_PASSWORD = 25, INDEX_OPT_CERTIFICATE_INFO = 26, INDEX_OPT_CERTIFICATE_PUBKEY = 27, @@ -113,22 +113,23 @@ typedef enum { INDEX_OPT_RSA = 43, INDEX_OPT_DSA = 44, INDEX_OPT_ECC = 45, - INDEX_OPT_HASH = 46, - INDEX_OPT_INDER = 47, - INDEX_OPT_INRAW = 48, - INDEX_OPT_OUTDER = 49, - INDEX_OPT_OUTRAW = 50, - INDEX_OPT_BITS = 51, - INDEX_OPT_SEC_PARAM = 52, - INDEX_OPT_DISABLE_QUICK_RANDOM = 53, - INDEX_OPT_TEMPLATE = 54, - INDEX_OPT_PKCS_CIPHER = 55, - INDEX_OPT_VERSION = 56, - INDEX_OPT_HELP = 57, - INDEX_OPT_MORE_HELP = 58 + INDEX_OPT_ECDSA = 46, + INDEX_OPT_HASH = 47, + INDEX_OPT_INDER = 48, + INDEX_OPT_INRAW = 49, + INDEX_OPT_OUTDER = 50, + INDEX_OPT_OUTRAW = 51, + INDEX_OPT_BITS = 52, + INDEX_OPT_SEC_PARAM = 53, + INDEX_OPT_DISABLE_QUICK_RANDOM = 54, + INDEX_OPT_TEMPLATE = 55, + INDEX_OPT_PKCS_CIPHER = 56, + INDEX_OPT_VERSION = 57, + INDEX_OPT_HELP = 58, + INDEX_OPT_MORE_HELP = 59 } teOptIndex; -#define OPTION_CT 59 +#define OPTION_CT 60 #define CERTTOOL_VERSION "@VERSION@" #define CERTTOOL_FULL_VERSION "certtool @VERSION@" @@ -192,7 +193,7 @@ typedef enum { #define VALUE_OPT_LOAD_CA_PRIVKEY 21 #define VALUE_OPT_LOAD_CA_CERTIFICATE 22 #define VALUE_OPT_PASSWORD 23 -#define VALUE_OPT_SIMPLE_NUMBERS 24 +#define VALUE_OPT_HEX_NUMBERS 24 #define VALUE_OPT_NULL_PASSWORD 25 #define VALUE_OPT_CERTIFICATE_INFO 'i' #define VALUE_OPT_CERTIFICATE_PUBKEY 27 @@ -214,18 +215,19 @@ typedef enum { #define VALUE_OPT_RSA 139 #define VALUE_OPT_DSA 140 #define VALUE_OPT_ECC 141 -#define VALUE_OPT_HASH 142 -#define VALUE_OPT_INDER 143 -#define VALUE_OPT_INRAW 144 -#define VALUE_OPT_OUTDER 145 -#define VALUE_OPT_OUTRAW 146 -#define VALUE_OPT_BITS 147 +#define VALUE_OPT_ECDSA 142 +#define VALUE_OPT_HASH 143 +#define VALUE_OPT_INDER 144 +#define VALUE_OPT_INRAW 145 +#define VALUE_OPT_OUTDER 146 +#define VALUE_OPT_OUTRAW 147 +#define VALUE_OPT_BITS 148 #define OPT_VALUE_BITS (DESC(BITS).optArg.argInt) -#define VALUE_OPT_SEC_PARAM 148 -#define VALUE_OPT_DISABLE_QUICK_RANDOM 149 -#define VALUE_OPT_TEMPLATE 150 -#define VALUE_OPT_PKCS_CIPHER 151 +#define VALUE_OPT_SEC_PARAM 149 +#define VALUE_OPT_DISABLE_QUICK_RANDOM 150 +#define VALUE_OPT_TEMPLATE 151 +#define VALUE_OPT_PKCS_CIPHER 152 #define VALUE_OPT_HELP 'h' #define VALUE_OPT_MORE_HELP '!' #define VALUE_OPT_VERSION 'v' diff --git a/src/certtool.c b/src/certtool.c index d858be2412..ab9c7bae2f 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -121,7 +121,7 @@ generate_private_key_int (common_info_st * cinfo) if (bits > 1024 && key_type == GNUTLS_PK_DSA) fprintf (stderr, - "Note that DSA keys with size over 1024 can only be used with TLS 1.2 or later.\n\n"); + "Note that DSA keys with size over 1024 may cause incompatibility problems when used with earlier than TLS 1.2 versions.\n\n"); ret = gnutls_x509_privkey_generate (key, key_type, bits, 0); if (ret < 0) @@ -887,7 +887,7 @@ cmd_parser (int argc, char **argv) HAVE_OPT(KEY_INFO) || HAVE_OPT(PGP_KEY_INFO)) privkey_op = 1; - if (HAVE_OPT(SIMPLE_NUMBERS)) + if (HAVE_OPT(HEX_NUMBERS)) full_format = GNUTLS_CRT_PRINT_FULL_NUMBERS; if (HAVE_OPT(OUTFILE)) |