diff options
author | Rich Salz <rsalz@akamai.com> | 2014-07-14 23:28:55 -0400 |
---|---|---|
committer | Rich Salz <rsalz@akamai.com> | 2014-07-16 15:12:58 -0400 |
commit | 677a7c67b85af230a6e4f3a4e99b2b6e33821d77 (patch) | |
tree | 790b8dedbca619105435e1fbdc423da1a8c80d5c | |
parent | 77a2a0e1421521f04fecfd7c0d6297d74ffbf394 (diff) | |
download | openssl-new-677a7c67b85af230a6e4f3a4e99b2b6e33821d77.tar.gz |
final opt/help merge
-rw-r--r-- | apps/apps.h | 1 | ||||
-rw-r--r-- | apps/openssl.c | 6 | ||||
-rw-r--r-- | apps/rsa.c | 92 | ||||
-rw-r--r-- | apps/rsautl.c | 72 | ||||
-rw-r--r-- | apps/s_client.c | 245 | ||||
-rw-r--r-- | apps/s_server.c | 296 | ||||
-rw-r--r-- | apps/s_time.c | 94 | ||||
-rw-r--r-- | apps/sess_id.c | 35 | ||||
-rw-r--r-- | apps/smime.c | 137 | ||||
-rw-r--r-- | apps/speed.c | 157 | ||||
-rw-r--r-- | apps/spkac.c | 46 | ||||
-rw-r--r-- | apps/srp.c | 76 | ||||
-rw-r--r-- | apps/ts.c | 34 | ||||
-rw-r--r-- | apps/verify.c | 41 | ||||
-rw-r--r-- | apps/version.c | 33 | ||||
-rw-r--r-- | apps/x509.c | 198 |
16 files changed, 469 insertions, 1094 deletions
diff --git a/apps/apps.h b/apps/apps.h index 3e6d995407..20a841f362 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -330,7 +330,6 @@ extern char* opt_reset(void); extern char** opt_rest(void); extern int opt_num_rest(void); extern int opt_verify(int i, X509_VERIFY_PARAM* vpm); -extern void printhelp(const char**); extern void opt_help(const OPTIONS* list); typedef struct args_st diff --git a/apps/openssl.c b/apps/openssl.c index 6bb98ceca9..33d10e4285 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -152,12 +152,6 @@ BIO *bio_in=NULL; BIO *bio_out=NULL; BIO *bio_err=NULL; -void printhelp(const char** cpp) - { - for ( ; *cpp; cpp++) - BIO_printf(bio_err, "%s\n", *cpp); - } - static void apps_startup() { #ifdef SIGPIPE diff --git a/apps/rsa.c b/apps/rsa.c index fde641fc6c..4c7088981f 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -71,43 +71,6 @@ #include <openssl/pem.h> #include <openssl/bn.h> - -const char* rsa_help[] = { - "-inform arg input format - one of DER NET PEM", - "-outform arg output format - one of DER NET PEM", - "-in arg input file", - "-sgckey Use IIS SGC key format", - "-passin arg input file pass phrase source", - "-out arg output file", - "-passout arg output file pass phrase source", - "-des encrypt PEM output with cbc des", - "-des3 encrypt PEM output with ede cbc des using 168 bit key", -#ifndef OPENSSL_NO_IDEA - "-idea encrypt PEM output with cbc idea", -#endif -#ifndef OPENSSL_NO_SEED - "-seed encrypt PEM output with cbc seed", -#endif -#ifndef OPENSSL_NO_AES - "-aes128, -aes192, -aes256", - " encrypt PEM output with cbc aes", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "-camellia128, -camellia192, -camellia256", - " encrypt PEM output with cbc camellia", -#endif - "-text print the key in text", - "-noout don't print key out", - "-modulus print the RSA key modulus", - "-check verify key consistency", - "-pubin expect a public key in input file", - "-pubout output a public key", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, @@ -115,25 +78,26 @@ enum options { OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT, OPT_PVK_STRONG, OPT_PVK_WEAK, OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "sgckey", OPT_SGCKEY, '-' }, - { "pubin", OPT_PUBIN, '-' }, - { "pubout", OPT_PUBOUT, '-' }, - { "passout", OPT_PASSOUT, 's' }, - { "passin", OPT_PASSIN, 's' }, - { "RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-' }, - { "RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-' }, + +OPTIONS rsa_options[] = { + { "inform", OPT_INFORM, 'f', "Input format - one of DER NET PEM" }, + { "outform", OPT_OUTFORM, 'f', "Output format - one of DER NET PEM" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "sgckey", OPT_SGCKEY, '-', "Use IIS SGC key format" }, + { "pubin", OPT_PUBIN, '-', "Expect a public key in input file" }, + { "pubout", OPT_PUBOUT, '-', "Output a public key" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKye" }, + { "RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKye" }, { "pvk-strong", OPT_PVK_STRONG, '-' }, { "pvk-weak", OPT_PVK_WEAK, '-' }, { "pvk-none", OPT_PVK_NONE, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "text", OPT_TEXT, '-' }, - { "modulus", OPT_MODULUS, '-' }, - { "check", OPT_CHECK, '-' }, + { "noout", OPT_NOOUT, '-', "Don't print key out" }, + { "text", OPT_TEXT, '-', "Print the key in text" }, + { "modulus", OPT_MODULUS, '-', "Print the RSA key modulus" }, + { "check", OPT_CHECK, '-', "Verify key consistency" }, { "", OPT_CIPHER, '-', "Any supported cipher" }, #ifndef OPENSSL_NO_ENGINE { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, @@ -144,29 +108,23 @@ static OPTIONS options[] = { int rsa_main(int argc, char **argv) { ENGINE *e = NULL; - int ret=1; + BIO *out; RSA *rsa=NULL; - int i, sgckey=0; const EVP_CIPHER *enc=NULL; - BIO *out; - int informat=FORMAT_PEM,outformat=FORMAT_PEM,text=0,check=0,noout=0; - int pubin = 0, pubout = 0; - char *infile=NULL,*outfile=NULL,*prog; - char *passinarg = NULL, *passoutarg = NULL; - char *passin = NULL, *passout = NULL; - char *engine=NULL; - int modulus=0; - int pvk_encr = 2; + char *engine=NULL, *infile=NULL, *outfile=NULL, *prog; + char *passin=NULL, *passout=NULL, *passinarg=NULL, *passoutarg=NULL; + int i, sgckey=0; + int informat=FORMAT_PEM, outformat=FORMAT_PEM, text=0, check=0; + int noout=0, modulus=0, pubin=0, pubout=0, pvk_encr=2, ret=1; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, rsa_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(rsa_help); + opt_help(rsa_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/rsautl.c b/apps/rsautl.c index c6e26022ef..7060555ade 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -74,29 +74,6 @@ #define KEY_PUBKEY 2 #define KEY_CERT 3 -const char* rsautl_help[] = { - "-in file input file", - "-out file output file", - "-inkey file input key", - "-keyform arg private key format - default PEM", - "-pubin input is an RSA public", - "-certin input is a certificate carrying an RSA public key", - "-ssl use SSL v2 padding", - "-raw use no padding", - "-pkcs use PKCS#1 v1.5 padding (default)", - "-oaep use PKCS#1 OAEP", - "-sign sign with private key", - "-verify verify with public key", - "-encrypt encrypt with public key", - "-decrypt decrypt with private key", - "-hexdump hex dump output", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-passin arg pass phrase source", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, @@ -104,33 +81,33 @@ enum options { OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, }; -static OPTIONS options[] = { - { "keyform", OPT_KEYFORM, 'F' }, -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, + +OPTIONS rsautl_options[] = { + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "inkey", OPT_INKEY, '<', "Input key" }, + { "keyform", OPT_KEYFORM, 'F', "Private key format - default PEM" }, + { "pubin", OPT_PUBIN, '-', "Input is an RSA public" }, + { "certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key" }, + { "ssl", OPT_SSL, '-', "Use SSL v2 padding" }, + { "raw", OPT_RAW, '-', "Use no padding" }, + { "pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)" }, + { "oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP" }, + { "sign", OPT_SIGN, '-', "Sign with private key" }, + { "verify", OPT_VERIFY, '-', "Verify with public key" }, { "asn1parse", OPT_ASN1PARSE, '-' }, - { "hexdump", OPT_HEXDUMP, '-' }, - { "raw", OPT_RAW, '-' }, - { "oaep", OPT_OAEP, '-' }, - { "ssl", OPT_SSL, '-' }, - { "pkcs", OPT_PKCS, '-' }, - { "x931", OPT_X931, '-' }, - { "sign", OPT_SIGN, '-' }, - { "verify", OPT_VERIFY, '-' }, + { "hexdump", OPT_HEXDUMP, '-', "Hex dump output" }, + { "x931", OPT_X931, '-', "Use ANSI X9.31 padding" }, { "rev", OPT_REV, '-' }, - { "encrypt", OPT_ENCRYPT, '-' }, - { "decrypt", OPT_DECRYPT, '-' }, - { "pubin", OPT_PUBIN, '-' }, - { "certin", OPT_CERTIN, '-' }, - { "inkey", OPT_INKEY, '<' }, - { "passin", OPT_PASSIN, 's' }, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt with public key" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt with private key" }, + { "passin", OPT_PASSIN, 's', "Pass phrase source" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; - int rsautl_main(int argc, char **argv) { ENGINE *e=NULL; @@ -153,13 +130,12 @@ int rsautl_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, rsautl_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(rsautl_help); + opt_help(rsautl_options); goto end; case OPT_KEYFORM: opt_format(opt_arg(), 1, &keyformat); diff --git a/apps/s_client.c b/apps/s_client.c index 88440dd2c2..8ef5c249d3 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -467,8 +467,7 @@ static int serverinfo_cli_cb(SSL* s, unsigned short ext_type, #endif -enum -{ +enum protocols { PROTO_OFF, PROTO_SMTP, PROTO_POP3, @@ -477,92 +476,6 @@ enum PROTO_XMPP }; -const char* s_client_help[] = { - "-host host use -connect instead", - "-port port use -connect instead", - "-connect host:port connect over TCP/IP (default is " SSL_HOST_NAME ":" PORT_STR ")", - "-unix path connect over unix domain sockets", - "-verify arg turn on peer certificate verification", - "-cert arg certificate file to use, PEM format assumed", - "-certform arg certificate format (PEM or DER) PEM default", - "-key arg private key file to use, in cert file if", - " not specified but cert file is", - "-keyform arg key format (PEM or DER) PEM default", - "-pass arg private key file pass phrase source", - "-CApath arg PEM format directory of CA's", - "-CAfile arg PEM format file of CA's", - "-trusted_first use local CA's first when building trust chain", - "-reconnect drop and re-make the connection with the same Session-ID", - "-pause sleep(1) after each read(2) and write(2) system call", - "-showcerts show all certificates in the chain", - "-debug extra output", - "-msg show protocol messages", - "-nbio_test more ssl protocol testing", - "-state print the 'ssl' states", - "-crlf convert LF from terminal into CRLF", - "-quiet no s_client output", - "-ign_eof ignore input eof (default when -quiet)", - "-no_ign_eof don't ignore input eof", - "-ssl2 just use SSLv2", - "-ssl3 just use SSLv3", - "-tls1_2 just use TLSv1.2", - "-tls1_1 just use TLSv1.1", - "-tls1 just use TLSv1", - "-dtls1 just use DTLSv1", - "-mtu set the link layer MTU", - "-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 turn off that protocol", - "-bugs switch on all SSL implementation bug workarounds", - "-serverpref use server's cipher preferences (only SSLv2)", - "-cipher preferred cipher to use; see 'openssl ciphers'", - "-starttls prot use the STARTTLS command before starting TLS", - " prot must be: smtp pop3 imap ftp or xmpp", - "-xmpphost host when used with \"-starttls xmpp\" specifies the virtual host", - "-rand file... load the file(s) into the random number generator", - "-sess_out arg file to write SSL session to", - "-sess_in arg file to read SSL session from", - "-legacy_renegotiation enable use of legacy renegotiation (dangerous)", - "-use_srtp profiles offer SRTP key management with a colon-separated profile list", - "-keymatexport label export keying material using label", - "-keymatexportlen len export len bytes of keying material (default 20)", -#ifdef WATT32 - "-wdebug WATT-32 tcp debugging", -#endif -#ifdef FIONBIO - "-nbio use non-blocking IO", -#endif -#ifndef OPENSSL_NO_PSK - "-psk_identity arg PSK identity", - "-psk arg PSK in hex (without 0x)", -# ifndef OPENSSL_NO_JPAKE - "-jpake arg JPAKE secret to use", -# endif -#endif -#ifndef OPENSSL_NO_SRP - "-srpuser user SRP authentification for 'user'", - "-srppass arg password for 'user'", - "-srp_lateuser SRP username into second ClientHello message", - "-srp_moregroups tolerate other than the known g N values.", - "-srp_strength int minimal mength in bits for N (default %d).", -#endif -#ifndef OPENSSL_NO_ENGINE - "-engine id initialise and use the specified engine", -#endif -#ifndef OPENSSL_NO_TLSEXT - "-servername host set TLS extension servername in ClientHello", - "-tlsextdebug hex dump of all TLS extensions received", - "-status request certificate status from server", - "-no_ticket disable use of RFC4507bis session tickets", - "-serverinfo types send empty ClientHello extensions (comma-separated numbers)", - "-auth send and receive RFC 5878 TLS auth extensions and supplemental data", - "-auth_require_reneg do not send TLS auth extensions until renegotiation", - "-alpn arg enable ALPN extension, considering named protocols supported (comma-separated list)", -# ifndef OPENSSL_NO_NEXTPROTONEG - "-nextprotoneg arg enable NPN extension, considering named protocols supported (comma-separated list)", -# endif -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_UNIX, OPT_XMPPHOST, OPT_VERIFY, @@ -587,91 +500,106 @@ enum options { OPT_S_ENUM, }; -static OPTIONS options[] = { - { "host", OPT_HOST, 's' }, - { "port", OPT_PORT, 'p' }, - { "connect", OPT_CONNECT, 's' }, - { "unix", OPT_UNIX, 's' }, - { "xmpphost", OPT_XMPPHOST, 's' }, - { "verify", OPT_VERIFY, 'p' }, - { "cert", OPT_CERT, '<' }, +OPTIONS s_client_options[] = { + { "host", OPT_HOST, 's', "Use -connect instead" }, + { "port", OPT_PORT, 'p', "Use -connect instead" }, + { "connect", OPT_CONNECT, 's', "TCP/IP where to connect (default is " SSL_HOST_NAME ":" PORT_STR ")" }, + { "unix", OPT_UNIX, 's', "Connect over unix domain sockets" }, + { "verify", OPT_VERIFY, 'p', "Turn on peer certificate verification" }, + { "cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed" }, + { "certform", OPT_CERTFORM, 'F', "Certificate format (PEM or DER) PEM default" }, + { "key", OPT_KEY, '<', "Private key file to use, if not in -cert file" }, + { "keyform", OPT_KEYFORM, 'F', "Key format (PEM or DER) PEM default" }, + { "pass", OPT_PASS, 's', "Private key file pass phrase source" }, + { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" }, + { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "reconnect", OPT_RECONNECT, '-', "Drop and re-make the connection with the same Session-ID" }, + { "pause", OPT_PAUSE, '-', "Sleep after each read and write system call" }, + { "showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain" }, + { "debug", OPT_DEBUG, '-', "Extra output" }, + { "msg", OPT_MSG, '-', "Show protocol messages" }, + { "msgfile", OPT_MSGFILE, '>' }, + { "nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing" }, + { "state", OPT_STATE, '-', "Print the ssl states" }, + { "crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF" }, + { "quiet", OPT_QUIET, '-', "No s_client output" }, + { "ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)" }, + { "no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof" }, +#ifndef OPENSSL_NO_SSL2 + { "ssl2", OPT_SSL2, '-', "Just use SSLv2" }, +#endif +#ifndef OPENSSL_NO_SSL3 + { "ssl3", OPT_SSL3, '-', "Just use SSLv3" }, +#endif +#ifndef OPENSSL_NO_TLS1 + { "tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2" }, + { "tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1" }, + { "tls1", OPT_TLS1, '-', "Just use TLSv1" }, + { "dtls", OPT_DTLS, '-' }, + { "dtls1", OPT_DTLS1, '-', "Just use DTLSv1" }, + { "dtls1_2", OPT_DTLS1_2, '-' }, + { "timeout", OPT_TIMEOUT, '-' }, + { "mtu", OPT_MTU, 'p', "Set the link layer MTU" }, +#endif + /* "-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 turn off that protocol", */ + { "starttls", OPT_STARTTLS, 's', "Use the STARTTLS command before starting TLS" }, + { "xmpphost", OPT_XMPPHOST, 's', "When used with \"-starttls xmpp\" specifies the virtual host" }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "sess_out", OPT_SESS_OUT, '>', "File to write SSL session to" }, + { "sess_in", OPT_SESS_IN, '<', "File to read SSL session from" }, + { "use_srtp", OPT_USE_SRTP, '<', "Offer SRTP key management with a colon-separated profile list" }, + { "keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label" }, + { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)" }, +#ifdef WATT32 + { "wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging" }, +#endif +#ifdef FIONBIO + { "nbio", OPT_NBIO, '-', "Use non-blocking IO" }, +#endif +#ifndef OPENSSL_NO_PSK + { "psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity" }, + { "psk", OPT_PSK, 's', "PSK in hex (without 0x)" }, +# ifndef OPENSSL_NO_JPAKE + { "jpake", OPT_JPAKE, 's', "JPAKE secret to use" }, +# endif +#endif +#ifndef OPENSSL_NO_SRP + { "srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'" }, + { "srppass", OPT_SRPPASS, 's', "Password for 'user'" }, + { "srp_lateuser", OPT_SRP_LATEUSER, '-', "SRP username into second ClientHello message" }, + { "srp_moregroups", OPT_SRP_MOREGROUPS, '-', "Tolerate other than the known g N values." }, + { "srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N" }, +#endif +#ifndef OPENSSL_NO_TLSEXT + { "servername", OPT_SERVERNAME, 's', "Set TLS extension servername in ClientHello" }, + { "tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received" }, + { "status", OPT_STATUS, '-', "Request certificate status from server" }, + { "serverinfo", OPT_SERVERINFO, 's', "types Send empty ClientHello extensions (comma-separated numbers)" }, + { "alpn", OPT_ALPN, 's', "Enable ALPN extension, considering named protocols supported (comma-separated list)" }, +# ifndef OPENSSL_NO_NEXTPROTONEG + { "nextprotoneg", OPT_NEXTPROTONEG, 's', "Enable NPN extension, considering named protocols supported (comma-separated list)" }, +# endif +#endif { "CRL", OPT_CRL, '<' }, { "crl_download", OPT_CRL_DOWNLOAD, '-' }, - { "sess_out", OPT_SESS_OUT, '>' }, - { "sess_in", OPT_SESS_IN, '<' }, - { "certform", OPT_CERTFORM, 'F' }, { "CRLform", OPT_CRLFORM, 'F' }, { "verify_return_error", OPT_VERIFY_RET_ERROR, '-' }, { "verify_quiet", OPT_VERIFY_QUIET, '-' }, { "brief", OPT_BRIEF, '-' }, { "prexit", OPT_PREXIT, '-' }, - { "crlf", OPT_CRLF, '-' }, - { "quiet", OPT_QUIET, '-' }, - { "nbio", OPT_NBIO, '-' }, { "ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's' }, - { "rand", OPT_RAND, 's' }, - { "ign_eof", OPT_IGN_EOF, '-' }, - { "no_ign_eof", OPT_NO_IGN_EOF, '-' }, - { "pause", OPT_PAUSE, '-' }, - { "debug", OPT_DEBUG, '-' }, - { "tlsextdebug", OPT_TLSEXTDEBUG, '-' }, - { "status", OPT_STATUS, '-' }, - { "wdebug", OPT_WDEBUG, '-' }, - { "msg", OPT_MSG, '-' }, - { "msgfile", OPT_MSGFILE, '>' }, -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif { "trace", OPT_TRACE, '-' }, { "security_debug", OPT_SECURITY_DEBUG, '-' }, { "security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-' }, - { "showcerts", OPT_SHOWCERTS, '-' }, - { "nbio_test", OPT_NBIO_TEST, '-' }, - { "state", OPT_STATE, '-' }, - { "psk_identity", OPT_PSK_IDENTITY, 's' }, - { "psk", OPT_PSK, 's' }, - { "srpuser", OPT_SRPUSER, 's' }, - { "srppass", OPT_SRPPASS, 's' }, - { "srp_strength", OPT_SRP_STRENGTH, 'p' }, - { "srp_lateuser", OPT_SRP_LATEUSER, '-' }, - { "srp_moregroups", OPT_SRP_MOREGROUPS, '-' }, -#ifndef OPENSSL_NO_SSL2 - { "ssl2", OPT_SSL2, '-' }, -#endif -#ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-' }, -#endif -#ifndef OPENSSL_NO_TLS1 - { "tls1_2", OPT_TLS1_2, '-' }, - { "tls1_1", OPT_TLS1_1, '-' }, - { "tls1", OPT_TLS1, '-' }, - { "dtls", OPT_DTLS, '-' }, - { "dtls1", OPT_DTLS1, '-' }, - { "dtls1_2", OPT_DTLS1_2, '-' }, - { "timeout", OPT_TIMEOUT, '-' }, - { "mtu", OPT_MTU, 'p' }, -#endif - { "keyform", OPT_KEYFORM, 'F' }, - { "pass", OPT_PASS, 's' }, { "cert_chain", OPT_CERT_CHAIN, '<' }, - { "CApath", OPT_CAPATH, '/' }, { "chainCApath", OPT_CHAINCAPATH, '/' }, { "verifyCApath", OPT_VERIFYCAPATH, '/' }, - { "key", OPT_KEY, '<' }, - { "reconnect", OPT_RECONNECT, '-' }, { "build_chain", OPT_BUILD_CHAIN, '-' }, - { "CAfile", OPT_CAFILE, '<' }, { "chainCAfile", OPT_CHAINCAFILE, '<' }, { "verifyCAfile", OPT_VERIFYCAFILE, '<' }, - { "nextprotoneg", OPT_NEXTPROTONEG, 's' }, - { "alpn", OPT_ALPN, 's' }, - { "serverinfo", OPT_SERVERINFO, 's' }, - { "starttls", OPT_STARTTLS, 's' }, - { "servername", OPT_SERVERNAME, 's' }, - { "jpake", OPT_JPAKE, 's' }, - { "use_srtp", OPT_USE_SRTP, '<' }, - { "keymatexport", OPT_KEYMATEXPORT, 's' }, - { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p' }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, @@ -780,7 +708,7 @@ int s_client_main(int argc, char **argv) SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, s_client_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { #ifndef WATT32 @@ -794,8 +722,7 @@ int s_client_main(int argc, char **argv) #endif case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(s_client_help); + opt_help(s_client_options); goto end; case OPT_HOST: host = opt_arg(); diff --git a/apps/s_server.c b/apps/s_server.c index 34a09d722a..59a75ef6f1 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -833,123 +833,6 @@ static srpsrvparm srp_callback_parm; #endif static char *srtp_profiles = NULL; -const char* s_server_help[]={ - "-accept port TCP/IP port to accept on (default is " PORT_STR ")", - "-unix path unix domain socket to accept on", - "-unlink for -unix, unlink existing socket first", - "-context arg set session ID context", - "-verify arg turn on peer certificate verification", - "-Verify arg turn on peer certificate verification, must have a cert.", - "-cert arg certificate file to use (default is ", TEST_CERT ")", - "-naccept arg terminate after 'arg' connections", -#ifndef OPENSSL_NO_TLSEXT - "-serverinfo arg PEM serverinfo file for certificate", - "-auth send and receive RFC 5878 TLS auth extensions and supplemental data", - "-auth_require_reneg do not send TLS auth extensions until renegotiation", -#endif - "-no_resumption_on_reneg set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag", - "-crl_check check the peer certificate has not been revoked by its CA.", - " the CRL(s) are appended to the certificate file", - "-crl_check_all check the peer certificate has not been revoked by its CA", - " or any other CRL in the CA chain. CRL(s) are appened to the", - " the certificate file.", - "-certform arg certificate format (PEM or DER) PEM default", - "-key arg private Key file to use, in cert file if", - " not specified (default is " TEST_CERT ")", - "-keyform arg key format (PEM, DER or ENGINE) PEM default", - "-pass arg private key file pass phrase source", - "-dcert arg second certificate file to use (usually for DSA)", - "-dcertform x second certificate format (PEM or DER) PEM default", - "-dkey arg second private key file to use (usually for DSA)", - "-dkeyform arg second key format (PEM, DER or ENGINE) PEM default", - "-dpass arg second private key file pass phrase source", - "-dhparam arg DH parameter file to use, in cert file if not specified", - " or a default set of parameters is used", -#ifndef OPENSSL_NO_ECDH - "-named_curve arg elliptic curve name to use for ephemeral ECDH keys", - " use \"openssl ecparam -list_curves\" for all names" \ - " (default is nistp256).", -#endif -#ifdef FIONBIO - "-nbio use non-blocking IO", -#endif - "-nbio_test test with the non-blocking test bio", - "-crlf convert LF from terminal into CRLF", - "-debug print more output", - "-msg show protocol messages", - "-state print the SSL states", - "-CApath arg PEM format directory of CA's", - "-CAfile arg PEM format file of CA's", - "-trusted_first use locally trusted CA's first when building trust chain", - "-nocert don't use any certificates (Anon-DH)", - "-cipher arg play with 'openssl ciphers' to see what goes here", - "-serverpref use server's cipher preferences", - "-quiet no server output", - "-no_tmp_rsa do not generate a tmp RSA key", -#ifndef OPENSSL_NO_PSK - "-psk_hint arg PSK identity hint to use", - "-psk arg PSK in hex (without 0x)", -# ifndef OPENSSL_NO_JPAKE - "-jpake arg JPAKE secret to use", -# endif -#endif -#ifndef OPENSSL_NO_SRP - "-srpvfile file the verifier file for SRP", - "-srpuserseed string a seed string for a default user salt", -#endif - "-ssl2 just talk SSLv2", - "-ssl3 just talk SSLv3", - "-tls1_2 just talk TLSv1.2", - "-tls1_1 just talk TLSv1.1", - "-tls1 just talk TLSv1", - "-dtls1 just talk DTLSv1", - "-dtls1_2 just talk DTLSv1.2", - "-timeout enable timeouts", - "-mtu set link layer MTU", - "-chain read a certificate chain", - "-no_ssl2 just disable SSLv2", - "-no_ssl3 just disable SSLv3", - "-no_tls1 just disable TLSv1", - "-no_tls1_1 just disable TLSv1.1", - "-no_tls1_2 just disable TLSv1.2", -#ifndef OPENSSL_NO_DH - "-no_dhe disable ephemeral DH", -#endif -#ifndef OPENSSL_NO_ECDH - "-no_ecdhe disable ephemeral ECDH", -#endif - "-no_resume_ephemeral disable caching and tickets if ephemeral (EC)DH is used", - "-bugs turn on SSL bug compatibility", - "-www respond to a 'GET /' with a status page", - "-WWW respond to a 'GET /<path> HTTP/1.0' with file ./<path>", - "-HTTP respond to a 'GET /<path> HTTP/1.0' with file ./<path>", - " with the assumption it contains a complete HTTP response", -#ifndef OPENSSL_NO_ENGINE - "-engine id initialise and use the specified engine", -#endif - "-id_prefix arg generate SSL/TLS session IDs prefixed by arg", - "-rand file... load the file(s) into the random number generator", -#ifndef OPENSSL_NO_TLSEXT - "-servername host servername for HostName TLS extension", - "-servername_fatal on mismatch send fatal alert (default warning alert)", - "-cert2 arg certificate file to use for servername", - " (default is ", TEST_CERT2 ")", - "-key2 arg private Key file to use for servername, in cert file if", - " not specified (default is " TEST_CERT2 ")", - "-tlsextdebug hex dump of all TLS extensions received", - "-no_ticket disable use of RFC4507bis session tickets", - "-legacy_renegotiation enable use of legacy renegotiation (dangerous)", -#ifndef OPENSSL_NO_NEXTPROTONEG - "-nextprotoneg arg set the advertised protocols for the NPN extension (comma-separated list)", -#endif - "-use_srtp profiles offer SRTP key management with a colon-separated profile list", - "-alpn arg set the advertised protocols for the ALPN extension (comma-separated list)", -#endif - "-keymatexport label export keying material using label", - "-keymatexportlen len export len bytes of keying material (default 20)", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_ENGINE, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, @@ -985,36 +868,109 @@ enum options { OPT_X_ENUM, }; -static OPTIONS options[] = { -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif +OPTIONS s_server_options[] = { + { "port", OPT_PORT, 'p' }, - { "accept", OPT_PORT, 'p' }, - { "unix", OPT_UNIX, 's' }, - { "unlink", OPT_UNLINK, '-' }, - { "naccept", OPT_NACCEPT, 'n' }, - { "verify", OPT_VERIFY, 'n' }, - { "Verify", OPT_UPPER_V_VERIFY, 'n' }, - { "context", OPT_CONTEXT, 's' }, - { "cert", OPT_CERT, '<' }, + { "accept", OPT_PORT, 'p', "TCP/IP port to accept on (default is " PORT_STR ")" }, + { "unix", OPT_UNIX, 's', "Unix domain socket to accept on" }, + { "unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first" }, + { "context", OPT_CONTEXT, 's', "Set session ID context" }, + { "verify", OPT_VERIFY, 'n', "Turn on peer certificate verification" }, + { "Verify", OPT_UPPER_V_VERIFY, 'n', "Turn on peer certificate verification, must have a cert" }, + { "cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT }, + { "naccept", OPT_NACCEPT, 'n', "-Terminate after pnum connections" }, +#ifndef OPENSSL_NO_TLSEXT + { "serverinfo", OPT_SERVERINFO, 's', "PEM serverinfo file for certificate" }, +#endif + { "certform", OPT_CERTFORM, 'F', "Certificate format (PEM or DER) PEM default" }, + { "key", OPT_KEY, '<', "Private Key if not in -cert; default is " TEST_CERT }, + { "keyform", OPT_KEYFORM, 'f', "Key format (PEM, DER or ENGINE) PEM default" }, + { "pass", OPT_PASS, 's', "Private key file pass phrase source" }, + { "dcert", OPT_DCERT, '<', "Second certificate file to use (usually for DSA)" }, + { "dcertform", OPT_DCERTFORM, 'F', "Second certificate format (PEM or DER) PEM default" }, + { "dkey", OPT_DKEY, '<', "Second private key file to use (usually for DSA)" }, + { "dkeyform", OPT_DKEYFORM, 'F', "Second key format (PEM, DER or ENGINE) PEM default" }, + { "dpass", OPT_DPASS, 's', "Second private key file pass phrase source" }, + { "dhparam", OPT_DHPARAM, '<', "DH parameters, or in cert file or defaults used" }, +#ifdef FIONBIO + { "nbio", OPT_NBIO, '-', "Use non-blocking IO" }, +#endif + { "nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio" }, + { "crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF" }, + { "debug", OPT_DEBUG, '-', "Print more output" }, + { "msg", OPT_MSG, '-', "Show protocol messages" }, + { "msgfile", OPT_MSGFILE, '>' }, + { "state", OPT_STATE, '-', "Print the SSL states" }, + { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" }, + { "CAfile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)" }, + { "quiet", OPT_QUIET, '-', "No server output" }, + { "no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key" }, +#ifndef OPENSSL_NO_PSK + { "psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use" }, + { "psk", OPT_PSK, 's', "PSK in hex (without 0x)" }, +# ifndef OPENSSL_NO_JPAKE + { "jpake", OPT_JPAKE, 's', "JPAKE secret to use" }, +# endif +#endif +#ifndef OPENSSL_NO_SRP + { "srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP" }, + { "srpuserseed", OPT_SRPUSERSEED, 's', "A seed string for a default user salt" }, +#endif +#ifndef OPENSSL_NO_SSL2 + { "ssl2", OPT_SSL2, '-', "Just talk SSLv2" }, +#endif +#ifndef OPENSSL_NO_SSL3 + { "ssl3", OPT_SSL3, '-', "Just talk SSLv3" }, +#endif +#ifndef OPENSSL_NO_TLS1 + { "tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2" }, + { "tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1" }, + { "tls1", OPT_TLS1, '-', "Just talk TLSv1" }, + { "dtls", OPT_DTLS, '-' }, + { "dtls1", OPT_DTLS1, '-', "Just talk DTLSv1" }, + { "dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2" }, + { "timeout", OPT_TIMEOUT, '-', "Enable timeouts" }, + { "mtu", OPT_MTU, 'p', "Set link layer MTU" }, + { "chain", OPT_CHAIN, '-', "Read a certificate chain" }, +#endif +#if 0 /* XXX RSALZ */ + "-no_ssl2 Just disable SSLv2", + "-no_ssl3 Just disable SSLv3", + "-no_tls1 Just disable TLSv1", + "-no_tls1_1 Just disable TLSv1.1", + "-no_tls1_2 Just disable TLSv1.2", +#endif +#ifndef OPENSSL_NO_DH + { "no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH" }, +#endif +#ifndef OPENSSL_NO_ECDH + { "no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH" }, +#endif + { "no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', "Disable caching and tickets if ephemeral (EC)DH is used" }, + { "www", OPT_WWW, '-', "Respond to a 'GET /' with a status page" }, + { "WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path" }, + { "HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers" }, + { "id_prefix", OPT_ID_PREFIX, 's', "Generate SSL/TLS session IDs prefixed by arg" }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, +#ifndef OPENSSL_NO_TLSEXT + { "servername", OPT_SERVERNAME, 's', "Servername for HostName TLS extension" }, + { "servername_fatal", OPT_SERVERNAME_FATAL, '-', "mismatch send fatal alert (default warning alert)" }, + { "cert2", OPT_CERT2, '<', "Certificate file to use for servername; default is" TEST_CERT2 }, + { "key2", OPT_KEY2, '<', "-Private Key file to use for servername if not in -cert2" }, + { "tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received" }, +#ifndef OPENSSL_NO_NEXTPROTONEG + { "nextprotoneg", OPT_NEXTPROTONEG, 's', "Set the advertised protocols for the NPN extension (comma-separated list)" }, +#endif + { "use_srtp", OPT_SRTP_PROFILES, '<', "Offer SRTP key management with a colon-separated profile list" }, + { "alpn", OPT_ALPN, 's', "Set the advertised protocols for the ALPN extension (comma-separated list)" }, +#endif + { "keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label" }, + { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)" }, { "CRL", OPT_CRL, '<' }, { "crl_download", OPT_CRL_DOWNLOAD, '-' }, - { "serverinfo", OPT_SERVERINFO, 's' }, - { "certform", OPT_CERTFORM, 'F' }, - { "key", OPT_KEY, '<' }, - { "keyform", OPT_KEYFORM, 'F' }, - { "pass", OPT_PASS, 's' }, { "cert_chain", OPT_CERT_CHAIN, '<' }, - { "dhparam", OPT_DHPARAM, '<' }, - { "dcertform", OPT_DCERTFORM, 'F' }, - { "dcert", OPT_DCERT, '<' }, - { "dkeyform", OPT_DKEYFORM, 'F' }, - { "dpass", OPT_DPASS, 's' }, - { "dkey", OPT_DKEY, '<' }, { "dcert_chain", OPT_DCERT_CHAIN, '<' }, - { "nocert", OPT_NOCERT, '-' }, - { "CApath", OPT_CAPATH, '/' }, { "chainCApath", OPT_CHAINCAPATH, '/' }, { "verifyCApath", OPT_VERIFYCAPATH, '/' }, { "no_cache", OPT_NO_CACHE, '-' }, @@ -1023,70 +979,23 @@ static OPTIONS options[] = { { "verify_return_error", OPT_VERIFY_RET_ERROR, '-' }, { "verify_quiet", OPT_VERIFY_QUIET, '-' }, { "build_chain", OPT_BUILD_CHAIN, '-' }, - { "CAfile", OPT_CAFILE, '<' }, { "chainCAfile", OPT_CHAINCAFILE, '<' }, { "verifyCAfile", OPT_VERIFYCAFILE, '<' }, - { "nbio", OPT_NBIO, '-' }, - { "nbio_test", OPT_NBIO_TEST, '-' }, { "ign_eof", OPT_IGN_EOF, '-' }, { "no_ign_eof", OPT_NO_IGN_EOF, '-' }, - { "debug", OPT_DEBUG, '-' }, - { "tlsextdebug", OPT_TLSEXTDEBUG, '-' }, { "status", OPT_STATUS, '-' }, { "status_verbose", OPT_STATUS_VERBOSE, '-' }, { "status_timeout", OPT_STATUS_TIMEOUT, 'n' }, { "status_url", OPT_STATUS_URL, 's' }, - { "msg", OPT_MSG, '-' }, - { "msgfile", OPT_MSGFILE, '>' }, { "trace", OPT_TRACE, '-' }, { "security_debug", OPT_SECURITY_DEBUG, '-' }, { "security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-' }, { "hack", OPT_HACK, '-' }, - { "state", OPT_STATE, '-' }, - { "crlf", OPT_CRLF, '-' }, - { "quiet", OPT_QUIET, '-' }, { "brief", OPT_BRIEF, '-' }, - { "no_tmp_rsa", OPT_NO_TMP_RSA, '-' }, - { "no_dhe", OPT_NO_DHE, '-' }, - { "no_ecdhe", OPT_NO_ECDHE, '-' }, - { "no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-' }, - { "psk_hint", OPT_PSK_HINT, 's' }, - { "psk", OPT_PSK, 's' }, - { "srpvfile", OPT_SRPVFILE, '<' }, - { "srpuserseed", OPT_SRPUSERSEED, 's' }, { "rev", OPT_REV, '-' }, - { "www", OPT_WWW, '-' }, - { "WWW", OPT_UPPER_WWW, '-' }, - { "HTTP", OPT_HTTP, '-' }, -#ifndef OPENSSL_NO_SSL2 - { "ssl2", OPT_SSL2, '-' }, -#endif -#ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-' }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's' }, #endif -#ifndef OPENSSL_NO_TLS1 - { "tls1_2", OPT_TLS1_2, '-' }, - { "tls1_1", OPT_TLS1_1, '-' }, - { "tls1", OPT_TLS1, '-' }, - { "dtls", OPT_DTLS, '-' }, - { "dtls1", OPT_DTLS1, '-' }, - { "dtls1_2", OPT_DTLS1_2, '-' }, - { "timeout", OPT_TIMEOUT, '-' }, - { "mtu", OPT_MTU, 'p' }, - { "chain", OPT_CHAIN, '-' }, -#endif - { "id_prefix", OPT_ID_PREFIX, 's' }, - { "rand", OPT_RAND, 's' }, - { "servername", OPT_SERVERNAME, 's' }, - { "servername_fatal", OPT_SERVERNAME_FATAL, '-' }, - { "cert2", OPT_CERT2, '<' }, - { "key2", OPT_KEY2, '<' }, - { "nextprotoneg", OPT_NEXTPROTONEG, 's' }, - { "alpn", OPT_ALPN, 's' }, - { "jpake", OPT_JPAKE, 's' }, - { "use_srtp", OPT_SRTP_PROFILES, '<' }, - { "keymatexport", OPT_KEYMATEXPORT, 's' }, - { "keymatexportlen", OPT_KEYMATEXPORTLEN, 'p' }, OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, @@ -1152,14 +1061,13 @@ int s_server_main(int argc, char *argv[]) SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CMDLINE); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, s_server_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(s_server_help); + opt_help(s_server_options); goto end; case OPT_PORT: diff --git a/apps/s_time.c b/apps/s_time.c index 9e5298b520..81e433f464 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -112,33 +112,6 @@ extern int verify_error; static SSL *doConnection(SSL *scon, const char* host, SSL_CTX* ctx); -const char* s_time_help[] = { - "-time arg max number of seconds to collect data, default" SECONDSSTR, - "-verify arg turn on peer certificate verification, arg == depth", - "-cert arg certificate file to use, PEM format assumed", - "-key arg RSA file to use, PEM format assumed, key is in cert file", - " file if not specified by this option", - "-CApath arg PEM format directory of CA's", - "-CAfile arg PEM format file of CA's", - "-cipher preferred cipher to use, play with 'openssl ciphers'", - - "-connect host:port where to connect to (default is "SSL_CONNECT_NAME ")", -#ifndef OPENSSL_NO_SSL2 - "-ssl2 just use SSLv2", -#endif -#ifndef OPENSSL_NO_SSL3 - "-ssl3 just use SSLv3", -#endif - "-bugs turn on SSL bug compatibility", - "-new just time new connections", - "-reuse just time connection reuse", - "-www page retrieve 'page' from the site", -#ifdef FIONBIO - "-nbio use non-blocking IO", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH, OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, @@ -154,27 +127,27 @@ enum options { #endif }; -static OPTIONS options[] = { - { "connect", OPT_CONNECT, 's' }, - { "cipher", OPT_CIPHER, 's' }, - { "cert", OPT_CERT, '<' }, - { "key", OPT_KEY, '<' }, - { "CApath", OPT_CAPATH, '/' }, - { "cafile", OPT_CAFILE, '<' }, - { "new", OPT_NEW, '-' }, - { "reuse", OPT_REUSE, '-' }, - { "bugs", OPT_BUGS, '-' }, - { "verify", OPT_VERIFY, 'p' }, - { "time", OPT_TIME, 'p' }, - { "www", OPT_WWW, 's' }, +OPTIONS s_time_options[] = { + { "connect", OPT_CONNECT, 's', "Where to connect as post:port (default is "SSL_CONNECT_NAME ")" }, + { "cipher", OPT_CIPHER, 's', "Cipher to use, see 'openssl ciphers'" }, + { "cert", OPT_CERT, '<', "Cert file to use, PEM format assumed" }, + { "key", OPT_KEY, '<', "File with key, PEM; default is -cert file" }, + { "CApath", OPT_CAPATH, '/', "PEM format directory of CA's" }, + { "cafile", OPT_CAFILE, '<', "PEM format file of CA's" }, + { "new", OPT_NEW, '-', "Just time new connections" }, + { "reuse", OPT_REUSE, '-', "Just time connection reuse" }, + { "bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility" }, + { "verify", OPT_VERIFY, 'p', "Turn on peer certificate verification, set depth" }, + { "time", OPT_TIME, 'p', "Sf seconds to collect data, default" SECONDSSTR }, + { "www", OPT_WWW, 's', "Fetch specified page from the site" }, #ifndef OPENSSL_NO_SSL2 - { "ssl2", OPT_SSL2, '-' }, + { "ssl2", OPT_SSL2, '-', "Just use SSLv2" }, #endif #ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-' }, + { "ssl3", OPT_SSL3, '-', "Just use SSLv3" }, #endif #ifdef FIONBIO - { "nbio", OPT_NBIO, '-' }, + { "nbio", OPT_NBIO, '-', "Use non-blocking IO" }, #endif { NULL } }; @@ -190,23 +163,15 @@ static double tm_Time_F(int s) int s_time_main(int argc, char **argv) { - double totalTime=0.0; - int nConn=0; - SSL *scon=NULL; - long finishtime=0; - int ret=1,i; MS_STATIC char buf[1024*8]; - int ver; - char* prog; - char *host=SSL_CONNECT_NAME, *certfile =NULL, *keyfile=NULL; - char *CApath=NULL, *CAfile=NULL, *cipher=NULL; - int maxtime=SECONDS; - const SSL_METHOD *meth=NULL; + SSL *scon=NULL; SSL_CTX *ctx=NULL; - char *www_path=NULL; - long bytes_read=0; - int st_bugs=0; - int perform=3; + const SSL_METHOD *meth=NULL; + char *CApath=NULL, *CAfile=NULL, *cipher=NULL, *www_path=NULL; + char *host=SSL_CONNECT_NAME, *certfile =NULL, *keyfile=NULL, *prog; + double totalTime=0.0; + int maxtime=SECONDS, nConn=0, perform=3, ret=1, i, st_bugs=0, ver; + long bytes_read=0, finishtime=0; enum options o; #ifdef FIONBIO int t_nbio=0; @@ -227,28 +192,27 @@ int s_time_main(int argc, char **argv) verify_depth=0; verify_error=X509_V_OK; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, s_time_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(s_time_help); + opt_help(s_time_options); goto end; case OPT_CONNECT: - host= opt_arg(); + host = opt_arg(); break; case OPT_REUSE: - perform=2; + perform = 2; break; case OPT_NEW: - perform=1; + perform = 1; break; case OPT_VERIFY: if (!opt_int(opt_arg(), &verify_depth)) goto err; - BIO_printf(bio_err, "%s verify depth is %d\n", + BIO_printf(bio_err, "%s: verify depth is %d\n", prog, verify_depth); break; case OPT_CERT: diff --git a/apps/sess_id.c b/apps/sess_id.c index 5ded2676f4..0a6d26865d 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -66,31 +66,21 @@ #include <openssl/pem.h> #include <openssl/ssl.h> -const char *sess_id_help[]={ - "-inform arg input format - default PEM (DER or PEM)", - "-outform arg output format - default PEM (PEM, DER or NSS)", - "-in arg input file - default stdin", - "-out arg output file - default stdout", - "-text print ssl session id details", - "-cert output certificate ", - "-noout no output of encoded session info", - "-context arg set the session ID context", - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, 's' }, - { "out", OPT_OUT, 's' }, - { "text", OPT_TEXT, '-' }, - { "cert", OPT_CERT, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "context", OPT_CONTEXT, 's' }, + +OPTIONS sess_id_options[] = { + { "inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)" }, + { "outform", OPT_OUTFORM, 'F', "Output format - default PEM (PEM, DER or NSS)" }, + { "in", OPT_IN, 's', "Input file - default stdin" }, + { "out", OPT_OUT, 's', "Output file - default stdout" }, + { "text", OPT_TEXT, '-', "Print ssl session id details" }, + { "cert", OPT_CERT, '-', "Output certificate " }, + { "noout", OPT_NOOUT, '-', "Don't output of encoded session info" }, + { "context", OPT_CONTEXT, 's', "Set the session ID context" }, { NULL } }; @@ -107,13 +97,12 @@ int sess_id_main(int argc, char **argv) int cert=0,noout=0,text=0; enum options o; - opt_init(argc, argv, options); + opt_init(argc, argv, sess_id_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(sess_id_help); + opt_help(sess_id_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/smime.c b/apps/smime.c index c9ec99bf16..652a56a8f6 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -80,67 +80,6 @@ static int smime_cb(int ok, X509_STORE_CTX *ctx); #define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) #define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) -const char* smime_help[] = { - "-encrypt encrypt message", - "-decrypt decrypt encrypted message", - "-sign sign message", - "-verify verify signed message", - "-pk7out output PKCS#7 structure", -#ifndef OPENSSL_NO_DES - "-des3 encrypt with triple DES", - "-des encrypt with DES", -#endif -#ifndef OPENSSL_NO_SEED - "-seed encrypt with SEED", -#endif -#ifndef OPENSSL_NO_RC2 - "-rc2-40 encrypt with RC2-40 (default)", - "-rc2-64 encrypt with RC2-64", - "-rc2-128 encrypt with RC2-128", -#endif -#ifndef OPENSSL_NO_AES - "-aes128, -aes192, -aes256", - " encrypt PEM output with cbc aes", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "-camellia128, -camellia192, -camellia256", - " encrypt PEM output with cbc camellia", -#endif - "-nointern don't search certificates in message for signer", - "-nosigs don't verify message signature", - "-noverify don't verify signers certificate", - "-nocerts don't include signers certificate when signing", - "-nodetach use opaque signing", - "-noattr don't include any signed attributes", - "-binary don't translate message to text", - "-certfile file other certificates file", - "-signer file signer certificate file", - "-recip file recipient certificate file for decryption", - "-in file input file", - "-inform arg input format SMIME (default), PEM or DER", - "-inkey file input private key (if not signer or recipient)", - "-keyform arg input private key format (PEM or ENGINE)", - "-out file output file", - "-outform arg output format SMIME (default), PEM or DER", - "-content file supply or override content for detached signature", - "-to addr to address", - "-from addr from address", - "-subject s subject", - "-text include or delete text MIME headers", - "-CApath dir trusted certificates directory", - "-CAfile file trusted certificates file", - "-trusted_first use locally trusted CA's first when building trust chain", - "-crl_check check revocation status of signer's certificate using CRLs", - "-crl_check_all check revocation status of signer's certificate chain using CRLs", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-passin arg input file pass phrase source", - "-rand file... load the file(s) into the random number generator", - "cert.pem recipient certificate(s) for encryption", - NULL, -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY, @@ -154,49 +93,53 @@ enum options { OPT_V_ENUM, }; -static OPTIONS options[] = { - OPT_V_OPTIONS, - { "encrypt", OPT_ENCRYPT, '-' }, - { "decrypt", OPT_DECRYPT, '-' }, - { "sign", OPT_SIGN, '-' }, +OPTIONS smime_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n" }, + { "cert.pem", 1, '-', "Recipient certs for encryption" }, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt message" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message" }, + { "sign", OPT_SIGN, '-', "Sign message" }, + { "verify", OPT_VERIFY, '-', "Verify signed message" }, + { "pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure" }, + { "nointern", OPT_NOINTERN, '-', "Don't search certificates in message for signer" }, + { "nosigs", OPT_NOSIGS, '-', "Don't verify message signature" }, + { "noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate" }, + { "nocerts", OPT_NOCERTS, '-', "Don't include signers certificate when signing" }, + { "nodetach", OPT_NODETACH, '-', "Use opaque signing" }, + { "noattr", OPT_NOATTR, '-', "Don't include any signed attributes" }, + { "binary", OPT_BINARY, '-', "Don't translate message to text" }, + { "certfile", OPT_CERTFILE, '<', "Other certificates file" }, + { "signer", OPT_SIGNER, '<', "Signer certificate file" }, + { "recip", OPT_RECIP, '<', "Recipient certificate file for decryption" }, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER" }, + { "inkey", OPT_INKEY, '<', "Input private key (if not signer or recipient)" }, + { "keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)" }, + { "out", OPT_OUT, '>', "Output file" }, + { "outformn", OPT_OUTFORM, 'F', "Output format SMIME (default), PEM or DER" }, + { "content", OPT_CONTENT, '<', "Supply or override content for detached signature" }, + { "to", OPT_TO, 's', "To address" }, + { "from", OPT_FROM, 's', "From address" }, + { "subject", OPT_SUBJECT, 's', "Subject" }, + { "text", OPT_TEXT, '-', "Include or delete text MIME headers" }, + { "CApath", OPT_CAPATH, '/', "Trusted certificates directory" }, + { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" }, { "resign", OPT_RESIGN, '-' }, - { "verify", OPT_VERIFY, '-' }, - { "pk7out", OPT_PK7OUT, '-' }, - { "text", OPT_TEXT, '-' }, - { "nointern", OPT_NOINTERN, '-' }, - { "noverify", OPT_NOVERIFY, '-' }, { "nochain", OPT_NOCHAIN, '-' }, - { "nocerts", OPT_NOCERTS, '-' }, - { "noattr", OPT_NOATTR, '-' }, - { "nodetach", OPT_NODETACH, '-' }, { "nosmimecap", OPT_NOSMIMECAP, '-' }, - { "binary", OPT_BINARY, '-' }, - { "nosigs", OPT_NOSIGS, '-' }, { "stream", OPT_STREAM, '-' }, { "indef", OPT_INDEF, '-' }, { "noindef", OPT_NOINDEF, '-' }, { "nooldmime", OPT_NOOLDMIME, '-' }, { "crlfeol", OPT_CRLFEOL, '-' }, - { "rand", OPT_RAND, 's' }, - { "engine", OPT_ENGINE, 's' }, - { "passin", OPT_PASSIN, 's' }, - { "to", OPT_TO, 's' }, - { "from", OPT_FROM, 's' }, - { "subject", OPT_SUBJECT, 's' }, - { "signer", OPT_SIGNER, '<' }, - { "recip", OPT_RECIP, '<' }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, { "md", OPT_MD, 's' }, - { "", OPT_CIPHER, '-' }, - { "inkey", OPT_INKEY, '<' }, - { "keyform", OPT_KEYFORM, 'f' }, - { "certfile", OPT_CERTFILE, '<' }, - { "CAfile", OPT_CAFILE, '<' }, - { "CApath", OPT_CAPATH, '/' }, - { "in", OPT_IN, '<' }, - { "inform", OPT_INFORM, 'F' }, - { "out", OPT_OUT, '>' }, - { "outformn", OPT_OUTFORM, 'F' }, - { "content", OPT_CONTENT, '<' }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, + OPT_V_OPTIONS, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; @@ -230,14 +173,14 @@ int smime_main(int argc, char **argv) if ((vpm = X509_VERIFY_PARAM_new()) == NULL) return 1; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, smime_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: BIO_printf(bio_err,"Valid options are:\n"); - printhelp(smime_help); + opt_help(smime_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/speed.c b/apps/speed.c index 6201d17934..cecbf60dc0 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -350,8 +350,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) #ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; - else - *outlen = SHA_DIGEST_LENGTH; + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; @@ -361,131 +360,6 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) static void multiblock_speed(const EVP_CIPHER *evp_cipher); -const char* speed_help[] = { -#if defined(TIMES) || defined(USE_TOD) - "-elapsed measure time in real time instead of CPU user time", -#endif -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device", -#endif - "-evp e use EVP e", - "-decrypt time decryption instead of encryption (only EVP)", - "-mr produce machine readable output", -#ifndef NO_FORK - "-multi n run n benchmarks in parallel.", -#endif -#ifndef OPENSSL_NO_MD2 - "md2 " -#endif -#ifndef OPENSSL_NO_MDC2 - "mdc2 " -#endif -#ifndef OPENSSL_NO_MD4 - "md4 " -#endif -#ifndef OPENSSL_NO_MD5 - "md5 " -#ifndef OPENSSL_NO_HMAC - "hmac " -#endif -#endif -#ifndef OPENSSL_NO_SHA1 - "sha1 " -#endif -#ifndef OPENSSL_NO_SHA256 - "sha256 " -#endif -#ifndef OPENSSL_NO_SHA512 - "sha512 " -#endif -#ifndef OPENSSL_NO_WHIRLPOOL - "whirlpool " -#endif -#ifndef OPENSSL_NO_RIPEMD160 - "rmd160" -#endif - , - -#ifndef OPENSSL_NO_IDEA - "idea-cbc " -#endif -#ifndef OPENSSL_NO_SEED - "seed-cbc " -#endif -#ifndef OPENSSL_NO_RC2 - "rc2-cbc " -#endif -#ifndef OPENSSL_NO_RC5 - "rc5-cbc " -#endif -#ifndef OPENSSL_NO_BF - "bf-cbc" -#endif - , - -#ifndef OPENSSL_NO_DES - "des-cbc des-ede3 ", -#endif -#ifndef OPENSSL_NO_AES - "aes-128-cbc aes-192-cbc aes-256-cbc ", - "aes-128-ige aes-192-ige aes-256-ige ", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "camellia-128-cbc camellia-192-cbc camellia-256-cbc ", -#endif -#ifndef OPENSSL_NO_RC4 - "rc4", -#endif - -#ifndef OPENSSL_NO_RSA - "rsa512 rsa1024 rsa2048 rsa3072 rsa4096", - "rsa7680 rsa15360", -#endif - -#ifndef OPENSSL_NO_DSA - "dsa512 dsa1024 dsa2048", -#endif -#ifndef OPENSSL_NO_ECDSA - "ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521", - "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571", - "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571", - "ecdsa", -#endif -#ifndef OPENSSL_NO_ECDH - "ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521", - "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571", - "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571", - "ecdh\n" -#endif - -#ifndef OPENSSL_NO_IDEA - "idea " -#endif -#ifndef OPENSSL_NO_SEED - "seed " -#endif -#ifndef OPENSSL_NO_RC2 - "rc2 " -#endif -#ifndef OPENSSL_NO_DES - "des " -#endif -#ifndef OPENSSL_NO_AES - "aes " -#endif -#ifndef OPENSSL_NO_CAMELLIA - "camellia " -#endif -#ifndef OPENSSL_NO_RSA - "rsa " -#endif -#ifndef OPENSSL_NO_BF - "blowfish " -#endif - , - "prime-trial-division prime-coprime", - NULL -}; static int found(const char* name, const OPT_PAIR* pairs, int *result) { @@ -502,18 +376,22 @@ enum options { OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, OPT_MR, OPT_MB, }; -static OPTIONS options[] = { - { "elapsed", OPT_ELAPSED, '-' }, - { "evp", OPT_EVP, 's' }, - { "decrypt", OPT_DECRYPT, '-' }, -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + +OPTIONS speed_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n" }, +#if defined(TIMES) || defined(USE_TOD) + { "elapsed", OPT_ELAPSED, '-', "Measure time in real time instead of CPU user time" }, +#endif + { "evp", OPT_EVP, 's', "Use specified EVP cipher" }, + { "decrypt", OPT_DECRYPT, '-', "Mime decryption instead of encryption (only EVP)" }, +#ifndef NO_FORK + { "multi", OPT_MULTI, 'p', "Run benchmarks in parallel." }, #endif - { "multi", OPT_MULTI, 'p' }, - { "mr", OPT_MR, '-' }, + { "mr", OPT_MR, '-', "Produce machine readable output" }, { "mb", OPT_MB, '-' }, - - { NULL } +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif }; #define D_MD2 0 @@ -973,13 +851,12 @@ int speed_main(int argc, char **argv) goto end; } - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, speed_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(speed_help); + opt_help(speed_options); goto end; case OPT_ELAPSED: usertime = 0; diff --git a/apps/spkac.c b/apps/spkac.c index 2237080859..8f5e5b0959 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -71,40 +71,27 @@ #include <openssl/pem.h> -const char* spkac_help[] = { - " -in arg input file", - " -out arg output file", - " -key arg create SPKAC using private key", - " -passin arg input file pass phrase source", - " -challenge arg challenge string", - " -spkac arg alternative SPKAC name", - " -noout don't print SPKAC", - " -pubkey output public key", - " -verify verify SPKAC signature", -#ifndef OPENSSL_NO_ENGINE - " -engine e use engine e, possibly a hardware device.", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, OPT_SPKSECT, }; -static OPTIONS options[] = { - { "noout", OPT_NOOUT, '-' }, - { "pubkey", OPT_PUBKEY, '-' }, - { "verify", OPT_VERIFY, '-' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "engine", OPT_ENGINE, 's' }, - { "key", OPT_KEY, '<' }, - { "challenge", OPT_CHALLENGE, 's' }, - { "passin", OPT_PASSIN, 's' }, - { "spkac", OPT_SPKAC, 's' }, + +OPTIONS spkac_options[] = { + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "key", OPT_KEY, '<', "Create SPKAC using private key" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "challenge", OPT_CHALLENGE, 's', "Challenge string" }, + { "spkac", OPT_SPKAC, 's', "Alternative SPKAC name" }, + { "noout", OPT_NOOUT, '-', "Don't print SPKAC" }, + { "pubkey", OPT_PUBKEY, '-', "Output public key" }, + { "verify", OPT_VERIFY, '-', "Verify SPKAC signature" }, { "spksect", OPT_SPKSECT, 's' }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; @@ -125,13 +112,12 @@ int spkac_main(int argc, char **argv) char *engine=NULL; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, spkac_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(spkac_help); + opt_help(spkac_options); goto end; case OPT_IN: infile = opt_arg(); diff --git a/apps/srp.c b/apps/srp.c index 77cf929ecc..fd472b25a0 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -78,28 +78,6 @@ #define ENV_DATABASE "srpvfile" #define ENV_DEFAULT_SRP "default_srp" -const char *srp_help[]={ - "-verbose Talk a lot while doing things", - "-config file A config file", - "-name arg The particular srp definition to use", - "-srpvfile arg The srp verifier file name", - "-add add an user and srp verifier", - "-modify modify the srp verifier of an existing user", - "-delete delete user from verifier file", - "-list list user", - "-gn arg g and N values to be used for new verifier", - "-userinfo arg additional info to be set for user", - "-passin arg input file pass phrase source", - "-passout arg output file pass phrase source", - /* XXX rsalz; has LIST_SEP_CHAR */ - "-rand file... load the file(s) into the random number generator", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif -NULL -}; - - static int get_index(CA_DB *db, char* id, char type) { char ** pp; @@ -258,49 +236,47 @@ enum options { OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, }; -static OPTIONS options[] = { - { "verbose", OPT_VERBOSE, '-' }, - { "config", OPT_CONFIG, '<' }, - { "name", OPT_NAME, 's' }, - { "srpvfile", OPT_SRPVFILE, '<' }, - { "add", OPT_ADD, '-' }, - { "delete", OPT_DELETE, '-' }, - { "modify", OPT_MODIFY, '-' }, - { "list", OPT_LIST, '-' }, - { "gn", OPT_GN, 's' }, - { "userinfo", OPT_USERINFO, 's' }, - { "passin", OPT_PASSIN, 's' }, - { "passout", OPT_PASSOUT, 's' }, - { "engine", OPT_ENGINE, 's' }, + +static OPTIONS srp_options[] = { + { "verbose", OPT_VERBOSE, '-', "Talk a lot while doing things" }, + { "config", OPT_CONFIG, '<', "A config file" }, + { "name", OPT_NAME, 's', "The particular srp definition to use" }, + { "srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name" }, + { "add", OPT_ADD, '-', "Add a user and srp verifier" }, + { "modify", OPT_MODIFY, '-', "Modify the srp verifier of an existing user" }, + { "delete", OPT_DELETE, '-', "Delete user from verifier file" }, + { "list", OPT_LIST, '-', "List users" }, + { "gn", OPT_GN, 's', "Set g and N values to be used for new verifier" }, + { "userinfo", OPT_USERINFO, 's', "Additional info to be set for user" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; int srp_main(int argc, char **argv) { - int gNindex=-1, maxgN=-1, ret=1, errors=0, verbose=0; - int i, doupdatedb=0; - char *user=NULL, *passinarg=NULL, *passoutarg=NULL; - char *passin=NULL, *passout=NULL, *gN=NULL, *userinfo=NULL; - char **gNrow=NULL; - char *configfile=NULL, *dbfile=NULL; CA_DB *db=NULL; - char **pp; - long errorline=-1; - char *randfile=NULL, *engine=NULL, *tofree=NULL, *section=NULL; DB_ATTR db_attr; CONF *conf=NULL; - enum options o; - char* prog; + int gNindex=-1, maxgN=-1, ret=1, errors=0, verbose=0, i, doupdatedb=0; int mode = OPT_ERR; + char *user=NULL, *passinarg=NULL, *passoutarg=NULL; + char *passin=NULL, *passout=NULL, *gN=NULL, *userinfo=NULL; + char *randfile=NULL, *engine=NULL, *tofree=NULL, *section=NULL; + char **gNrow=NULL, *configfile=NULL, *dbfile=NULL, **pp, *prog; + long errorline=-1; + enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, srp_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(srp_help); + opt_help(srp_options); goto end; case OPT_VERBOSE: verbose++; @@ -114,26 +114,6 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file); static int verify_cb(int ok, X509_STORE_CTX *ctx); -const char* ts_help[] = { - "ts -query [-rand filefile%c...] [-config configfile] " - "[-data file_to_hash] [-digest digest_bytes]" - "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " - "[-policy object_id] [-no_nonce] [-cert] " - "[-in request.tsq] [-out request.tsq] [-text]", - "ts -reply [-config configfile] [-section tsa_section] " - "[-queryfile request.tsq] [-passin password] " - "[-signer tsa_cert.pem] [-inkey private_key.pem] " - "[-chain certs_file.pem] [-policy object_id] " - "[-in response.tsr] [-token_in] " - "[-out response.tsr] [-token_out] [-text] [-engine id]", - "ts -verify [-data file_to_hash] [-digest digest_bytes] " - "[-queryfile request.tsq] " - "-in response.tsr [-token_in] " - "-CApath ca_path -CAfile ca_file.pem " - "-untrusted cert_file.pem", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA, @@ -144,10 +124,7 @@ enum options { OPT_MD, }; -static OPTIONS options[] = { -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif +OPTIONS ts_options[] = { { "config", OPT_CONFIG, '<' }, { "section", OPT_SECTION, 's' }, { "query", OPT_QUERY, '-' }, @@ -172,7 +149,10 @@ static OPTIONS options[] = { { "CApath", OPT_CAPATH, '/' }, { "CAfile", OPT_CAFILE, '<' }, { "untrusted", OPT_UNTRUSTED, '<' }, - { "", OPT_MD, '-' }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif + { "", OPT_MD, '-', "Any supported digest" }, { NULL } }; @@ -191,14 +171,14 @@ int ts_main(int argc, char **argv) int token_out=0; /* Output is ContentInfo instead of TimeStampResp. */ enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, ts_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: BIO_printf(bio_err,"Valid options are:\n"); - printhelp(ts_help); + opt_help(ts_options); goto end; case OPT_CONFIG: configfile = opt_arg(); diff --git a/apps/verify.c b/apps/verify.c index 852a95e9c5..b7ce1e9dd7 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -72,19 +72,6 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain); static int v_verbose=0, vflags = 0; -const char* verify_help[] = { - "-verbose", - "-CApath path", - "-CAfile file", - "-trusted_first", - "-purpose purpose", - "-crl_check", -#ifndef OPENSSL_NO_ENGINE - "-engine e", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED, OPT_TRUSTED, @@ -92,11 +79,10 @@ enum options { OPT_V_ENUM, }; -static OPTIONS options[] = { - OPT_V_OPTIONS, -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif +OPTIONS verify_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n" }, + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, + { "verbose", OPT_VERBOSE, '-' }, { "CApath", OPT_CAPATH, '/' }, { "CAfile", OPT_CAFILE, '<' }, { "untrusted", OPT_UNTRUSTED, '<' }, @@ -104,7 +90,10 @@ static OPTIONS options[] = { { "CRLfile", OPT_CRLFILE, '<' }, { "crl_download", OPT_CRL_DOWNLOAD, '-' }, { "show_chain", OPT_SHOW_CHAIN, '-' }, - { "verbose", OPT_VERBOSE, '-' }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif + OPT_V_OPTIONS, { NULL } }; @@ -129,13 +118,12 @@ int verify_main(int argc, char **argv) if ((vpm = X509_VERIFY_PARAM_new()) == NULL) goto end; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, verify_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(verify_help); + opt_help(verify_options); goto end; case OPT_V_CASES: if (!opt_verify(o, vpm)) @@ -245,11 +233,8 @@ int verify_main(int argc, char **argv) end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [options] cert...\n"); - BIO_printf(bio_err,"where options are:\n"); - printhelp(verify_help); - /* rsalz XXX */ - BIO_printf(bio_err,"recognized usages:\n"); + opt_help(verify_options); + BIO_printf(bio_err, "Recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; @@ -259,7 +244,7 @@ end: X509_PURPOSE_get0_name(ptmp)); } - BIO_printf(bio_err,"recognized verify names:\n"); + BIO_printf(bio_err,"Recognized verify names:\n"); for(i = 0; i < X509_VERIFY_PARAM_get_count(); i++) { const X509_VERIFY_PARAM *vptmp; diff --git a/apps/version.c b/apps/version.c index 7da883ebb0..c89c752fef 100644 --- a/apps/version.c +++ b/apps/version.c @@ -132,29 +132,19 @@ # include <openssl/blowfish.h> #endif - -const char* version_help[] = { - "-a show all data", - "-b show build date", - "-v show library version", - "-o show some internal datatype options", - "-f show compiler flags used", - "-p show target build platform", - "-d show configuration directory", - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_B, OPT_D, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A }; -static OPTIONS optlist[] = { - { "b", OPT_B, '-' }, - { "d", OPT_D, '-' }, - { "f", OPT_F, '-' }, - { "o", OPT_O, '-' }, - { "p", OPT_P, '-' }, - { "v", OPT_V, '-' }, - { "a", OPT_A, '-' }, + +OPTIONS version_options[] = { + { "a", OPT_A, '-', "Show all data" }, + { "b", OPT_B, '-', "Show build date" }, + { "d", OPT_D, '-', "Show configuration directory" }, + { "f", OPT_F, '-', "Show compiler flags used" }, + { "o", OPT_O, '-', "Show some internal datatype options" }, + { "p", OPT_P, '-', "Show target build platform" }, + { "v", OPT_V, '-', "Show library version" }, { NULL } }; @@ -165,13 +155,12 @@ int version_main(int argc, char **argv) char* prog; enum options o; - prog = opt_init(argc, argv, optlist); + prog = opt_init(argc, argv, version_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(version_help); + opt_help(version_options); goto end; case OPT_B: date=1; break; case OPT_D: dir=1; break; diff --git a/apps/x509.c b/apps/x509.c index 8739bf5a15..cdb246740f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -99,75 +99,6 @@ static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); static int force_version=2; #endif - -const char *x509_help[]={ - "-inform arg input format - default PEM (one of DER, NET or PEM)", - "-outform arg output format - default PEM (one of DER, NET or PEM)", - "-keyform arg private key format - default PEM", - "-CAform arg CA format - default PEM", - "-CAkeyform arg CA key format - default PEM", - "-in arg input file - default stdin", - "-out arg output file - default stdout", - "-passin arg private key password source", - "-serial print serial number value", - "-subject_hash print subject hash value", -#ifndef OPENSSL_NO_MD5 - "-subject_hash_old print old-style (MD5) subject hash value", -#endif - "-issuer_hash print issuer hash value", -#ifndef OPENSSL_NO_MD5 - "-issuer_hash_old print old-style (MD5) issuer hash value", -#endif - "-hash synonym for -subject_hash", - "-subject print subject DN", - "-issuer print issuer DN", - "-email print email address(es)", - "-startdate notBefore field", - "-enddate notAfter field", - "-purpose print out certificate purposes", - "-dates both Before and After dates", - "-modulus print the RSA key modulus", - "-pubkey output the public key", - "-fingerprint print the certificate fingerprint", - "-alias output certificate alias", - "-noout no certificate output", - "-ocspid print OCSP hash values for the subject name and public key", - "-ocsp_uri print OCSP Responder URL(s)", - "-trustout output a trusted certificate", - "-clrtrust clear all trusted purposes", - "-clrreject clear all rejected purposes", - "-addtrust arg trust certificate for a given purpose", - "-addreject arg reject certificate for a given purpose", - "-setalias arg set certificate alias", - "-days arg how long till expiry of a signed certificate - def 30 days", - "-checkend arg check whether the cert expires in the next arg seconds", - " exit 1 if so, 0 if not", - "-signkey arg self sign cert with arg", - "-x509toreq output a certification request object", - "-req input is a certificate request, sign and output.", - "-CA arg set the CA certificate, must be PEM format.", - "-CAkey arg set the CA key, must be PEM format", - " if missing, it is assumed to be in the CA file.", - "-CAcreateserial create serial number file if it does not exist", - "-CAserial arg serial file", - "-set_serial serial number to use", - "-text print the certificate in text form", - "-C print out C code forms", - "-{digest} digest to use", - "-extfile configuration file with X509V3 extensions to add", - "-extensions section from config file with X509V3 extensions to add", - "-clrext delete extensions before signing and input certificate", - "-nameopt arg various certificate name options", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-certopt arg various certificate text options", - "-checkhost host check certificate matches host", - "-checkemail email check certificate matches email", - "-checkip ipaddr check certificate matches ipaddr", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM, @@ -189,83 +120,77 @@ enum options { #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL OPT_FORCE_VERSION, #endif -#if 0 - /* stay backwards-compatible with 0.9.5; this should go away soon */ - OPT_OPT_CLREXT, -#endif }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - {" outform", OPT_OUTFORM, 'F' }, - { "keyform", OPT_KEYFORM, 'F' }, - { "req", OPT_REQ, '-' }, - { "CAform", OPT_CAFORM, 'F' }, - { "CAkeyform", OPT_CAKEYFORM, 'F' }, +OPTIONS x509_options[] = { + { "inform", OPT_INFORM, 'f', "Input format - default PEM (one of DER, NET or PEM)" }, + { "in", OPT_IN, '<', "Input file - default stdin" }, + {" outform", OPT_OUTFORM, 'f', "Output format - default PEM (one of DER, NET or PEM)" }, + { "out", OPT_OUT, '>', "Output file - default stdout" }, + { "keyform", OPT_KEYFORM, 'F', "Private key format - default PEM" }, + { "passin", OPT_PASSIN, 's', "Private key password source" }, + { "serial", OPT_SERIAL, '-', "Print serial number value" }, + { "subject_hash", OPT_HASH, '-', "Print subject hash value" }, + { "issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value" }, +#ifndef OPENSSL_NO_MD5 + { "subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', "Print old-style (MD5) issuer hash value" }, + { "issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', "Print old-style (MD5) subject hash value" }, +#endif + { "hash", OPT_HASH, '-', "Synonym for -subject_hash" }, + { "subject", OPT_SUBJECT, '-', "Print subject DN" }, + { "issuer", OPT_ISSUER, '-', "Print issuer DN" }, + { "email", OPT_EMAIL, '-', "Print email address(es)" }, + { "startdate", OPT_STARTDATE, '-', "Set notBefore field" }, + { "enddate", OPT_ENDDATE, '-', "Set notAfter field" }, + { "purpose", OPT_PURPOSE, '-', "Print out certificate purposes" }, + { "dates", OPT_DATES, '-', "Both Before and After dates" }, + { "modulus", OPT_MODULUS, '-', "Print the RSA key modulus" }, + { "pubkey", OPT_PUBKEY, '-', "Output the public key" }, + { "fingerprint", OPT_FINGERPRINT, '-', "Print the certificate fingerprint" }, + { "alias", OPT_ALIAS, '-', "Output certificate alias" }, + { "noout", OPT_NOOUT, '-', "No certificate output" }, + { "ocspid", OPT_OCSPID, '-', "Print OCSP hash values for the subject name and public key" }, + { "ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)" }, + { "trustout", OPT_TRUSTOUT, '-', "Output a trusted certificate" }, + { "clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes" }, + { "clrext", OPT_CLREXT, '-', "Clear all rejected purposes" }, + { "addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose" }, + { "addreject", OPT_ADDREJECT, 's', "Reject certificate for a given purpose" }, + { "setalias", OPT_SETALIAS, 's', "Set certificate alias" }, + { "days", OPT_DAYS, 'p', "How long till expiry of a signed certificate - def 30 days" }, + { "checkend", OPT_CHECKEND, 'p', "Check whether the cert expires in the next arg seconds" }, + { OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not" }, + { "signkey", OPT_SIGNKEY, '<', "Self sign cert with arg" }, + { "x509toreq", OPT_X509TOREQ, '-', "Output a certification request object" }, + { "req", OPT_REQ, '-', "Input is a certificate request, sign and output" }, + { "CA", OPT_CA, '<', "Set the CA certificate, must be PEM format" }, + { "CAkey", OPT_CAKEY, '<', "The CA key, must be PEM format; if not in CAfile" }, + { "CAcreateserial", OPT_CACREATESERIAL, '-', "Create serial number file if it does not exist" }, + { "CAserial", OPT_CASERIAL, '<', "Serial file" }, + { "set_serial", OPT_SET_SERIAL, 's', "Serial number to use" }, + { "text", OPT_TEXT, '-', "Print the certificate in text form" }, + { "C", OPT_C, '-', "Print out C code forms" }, + { "extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add" }, + { "extensions", OPT_EXTENSIONS, 's', "Section from config file to use" }, + { "nameopt", OPT_NAMEOPT, 's', "Various certificate name options" }, + { "certopt", OPT_CERTOPT, 's', "Various certificate text options" }, + { "checkhost", OPT_CHECKHOST, 's', "Check certificate matches host" }, + { "checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email" }, + { "checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr" }, + { "CAform", OPT_CAFORM, 'F', "CA format - default PEM" }, + { "CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM" }, { "sigopt", OPT_SIGOPT, 's' }, - { "days", OPT_DAYS, 'p' }, - { "passin", OPT_PASSIN, 's' }, - { "extfile", OPT_EXTFILE, '<' }, - { "extensions", OPT_EXTENSIONS, 's' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "signkey", OPT_SIGNKEY, '<' }, - { "CA", OPT_CA, '<' }, - { "CAkey", OPT_CAKEY, '<' }, - { "CAserial", OPT_CASERIAL, '<' }, - { "set_serial", OPT_SET_SERIAL, 's' }, { "force_pubkey", OPT_FORCE_PUBKEY, '<' }, - { "addtrust", OPT_ADDTRUST, 's' }, - { "addreject", OPT_ADDREJECT, 's' }, - { "setalias", OPT_SETALIAS, 's' }, - { "certopt", OPT_CERTOPT, 's' }, - { "nameopt", OPT_NAMEOPT, 's' }, - { "C", OPT_C, '-' }, - { "email", OPT_EMAIL, '-' }, - { "ocsp_uri", OPT_OCSP_URI, '-' }, - { "serial", OPT_SERIAL, '-' }, { "next_serial", OPT_NEXT_SERIAL, '-' }, - { "modulus", OPT_MODULUS, '-' }, - { "pubkey", OPT_PUBKEY, '-' }, - { "x509toreq", OPT_X509TOREQ, '-' }, - { "text", OPT_TEXT, '-' }, - { "hash", OPT_HASH, '-' }, - { "subject_hash", OPT_HASH, '-' }, - { "issuer_hash", OPT_ISSUER_HASH, '-' }, - { "subject", OPT_SUBJECT, '-' }, - { "issuer", OPT_ISSUER, '-' }, - { "fingerprint", OPT_FINGERPRINT, '-' }, - { "dates", OPT_DATES, '-' }, - { "purpose", OPT_PURPOSE, '-' }, - { "startdate", OPT_STARTDATE, '-' }, - { "enddate", OPT_ENDDATE, '-' }, - { "checkend", OPT_CHECKEND, 'p' }, - { "checkhost", OPT_CHECKHOST, 's' }, - { "checkemail", OPT_CHECKEMAIL, 's' }, - { "checkip", OPT_CHECKIP, 's' }, - { "noout", OPT_NOOUT, '-' }, - { "trustout", OPT_TRUSTOUT, '-' }, - { "clrtrust", OPT_CLRTRUST, '-' }, { "clrreject", OPT_CLRREJECT, '-' }, - { "alias", OPT_ALIAS, '-' }, - { "CAcreateserial", OPT_CACREATESERIAL, '-' }, - { "clrext", OPT_CLREXT, '-' }, - { "ocspid", OPT_OCSPID, '-' }, { "badsig", OPT_BADSIG, '-' }, - { "", OPT_MD, '-' }, + { "", OPT_MD, '-', "Any supported digest algoritm" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif -#ifndef OPENSSL_NO_MD5 - { "subject_hash_old", OPT_SUBJECT_HASH_OLD, '-' }, - { "issuer_hash_old", OPT_ISSUER_HASH_OLD, '-' }, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL { "force_version", OPT_FORCE_VERSION, 'p' }, #endif -#if 0 /* stay backwards-compatible with 0.9.5; this should go away soon */ - { "crlext", OPT_OPT_CLREXT, '-' }, -#endif { NULL } }; @@ -313,14 +238,13 @@ int x509_main(int argc, char **argv) X509_STORE_set_verify_cb(ctx,callb); STDout=dup_bio_out(); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, x509_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(x509_help); + opt_help(x509_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); |