[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Jun 2 16:40:50 UTC 2015
The branch master has been updated
via 9c3bcfa027cb32421ed20ab77553860b922b82fc (commit)
from 366e2a60b2fcc727b061f1459343245476ad6c3b (commit)
- Log -----------------------------------------------------------------
commit 9c3bcfa027cb32421ed20ab77553860b922b82fc
Author: Rich Salz <rsalz at akamai.com>
Date: Fri May 15 13:50:38 2015 -0400
Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
entries appear at the end; by convention "engine" is last. This
ensures that at run-time, the flag will never be recognized/allowed.
The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
disable it; leave the "case OPT_xxx:" and "break" statements outside
the ifdef/ifndef. See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
for example.
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/ciphers.c | 14 +++---
apps/cms.c | 15 ++++---
apps/crl.c | 16 +++----
apps/dgst.c | 2 +-
apps/dhparam.c | 6 +--
apps/dsa.c | 24 ++++++-----
apps/dsaparam.c | 6 +--
apps/ec.c | 6 +--
apps/enc.c | 12 +++---
apps/gendsa.c | 2 +-
apps/genpkey.c | 1 +
apps/passwd.c | 4 +-
apps/pkcs12.c | 2 +-
apps/req.c | 2 +-
apps/rsa.c | 18 ++++----
apps/s_client.c | 130 ++++++++++++++++++++++++++------------------------------
apps/s_server.c | 127 +++++++++++++++++++++++++++++-------------------------
apps/s_time.c | 6 +--
apps/speed.c | 16 +++----
apps/ts.c | 2 +-
apps/verify.c | 2 +-
apps/x509.c | 28 ++++++------
22 files changed, 222 insertions(+), 219 deletions(-)
diff --git a/apps/ciphers.c b/apps/ciphers.c
index b1b3bdd..a2ccf28 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -64,12 +64,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-#ifndef OPENSSL_NO_SSL_TRACE
OPT_STDNAME,
-#endif
-#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
-#endif
OPT_TLS1,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
@@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = {
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
+ {"tls1", OPT_TLS1, '-', "TLS1 mode"},
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
- {"tls1", OPT_TLS1, '-', "TLS1 mode"},
{NULL}
};
@@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv)
case OPT_S:
use_supported = 1;
break;
-#ifndef OPENSSL_NO_SSL_TRACE
case OPT_STDNAME:
+#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
- break;
#endif
-#ifndef OPENSSL_NO_SSL3
+ break;
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
- break;
#endif
+ break;
case OPT_TLS1:
meth = TLSv1_client_method();
break;
diff --git a/apps/cms.c b/apps/cms.c
index 7ccca5b..e40686b 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -208,6 +208,8 @@ OPTIONS cms_options[] = {
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+ OPT_V_OPTIONS,
# ifndef OPENSSL_NO_AES
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
@@ -219,9 +221,7 @@ OPTIONS cms_options[] = {
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Any supported cipher"},
- OPT_V_OPTIONS,
- {NULL},
+ {NULL}
};
int cms_main(int argc, char **argv)
@@ -588,11 +588,11 @@ int cms_main(int argc, char **argv)
goto end;
vpmtouched++;
break;
-# ifndef OPENSSL_NO_DES
case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
- break;
# endif
+ break;
# ifndef OPENSSL_NO_AES
case OPT_AES128_WRAP:
wrap_cipher = EVP_aes_128_wrap();
@@ -603,6 +603,11 @@ int cms_main(int argc, char **argv)
case OPT_AES256_WRAP:
wrap_cipher = EVP_aes_256_wrap();
break;
+# else
+ case OPT_AES128_WRAP:
+ case OPT_AES192_WRAP:
+ case OPT_AES256_WRAP:
+ break;
# endif
}
}
diff --git a/apps/crl.c b/apps/crl.c
index 17391e2..c897335 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -95,11 +95,11 @@ OPTIONS crl_options[] = {
{"verify", OPT_VERIFY, '-'},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
+ {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+ {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
- {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
- {"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
@@ -117,11 +117,11 @@ int crl_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
- int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
- 0, text = 0;
+ int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
- int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =
- 0, i, do_ver = 0;
+ int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
+ int text = 0, do_ver = 0;
+ int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
@@ -170,11 +170,11 @@ int crl_main(int argc, char **argv)
CAfile = opt_arg();
do_ver = 1;
break;
-#ifndef OPENSSL_NO_MD5
case OPT_HASH_OLD:
+#ifndef OPENSSL_NO_MD5
hash_old = ++num;
- break;
#endif
+ break;
case OPT_VERIFY:
do_ver = 1;
break;
diff --git a/apps/dgst.c b/apps/dgst.c
index 308555c..e6142ca 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -111,11 +111,11 @@ OPTIONS dgst_options[] = {
{"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
{"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+ {"", OPT_DIGEST, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-'},
#endif
- {"", OPT_DIGEST, '-', "Any supported digest"},
{NULL}
};
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 931bf10..2e5ce2c 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -153,13 +153,13 @@ OPTIONS dhparam_options[] = {
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
# ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
{NULL}
};
diff --git a/apps/dsa.c b/apps/dsa.c
index f02f293..f61e151 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -82,14 +82,8 @@ OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
- {"pvk-strong", OPT_PVK_STRONG, '-'},
- {"pvk-weak", OPT_PVK_WEAK, '-'},
- {"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
@@ -98,6 +92,14 @@ OPTIONS dsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_RC4
+ {"pvk-strong", OPT_PVK_STRONG, '-'},
+ {"pvk-weak", OPT_PVK_WEAK, '-'},
+ {"pvk-none", OPT_PVK_NONE, '-'},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
{NULL}
};
@@ -118,11 +120,6 @@ int dsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-#ifdef OPENSSL_NO_RC4
- case OPT_PVK_STRONG:
- case OPT_PVK_WEAK:
- case OPT_PVK_NONE:
-#endif
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
@@ -166,6 +163,11 @@ int dsa_main(int argc, char **argv)
case OPT_PVK_NONE:
pvk_encr = 0;
break;
+#else
+ case OPT_PVK_STRONG:
+ case OPT_PVK_WEAK:
+ case OPT_PVK_NONE:
+ break;
#endif
case OPT_NOOUT:
noout = 1;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index ffd81ff..27170a2 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -103,12 +103,12 @@ OPTIONS dsaparam_options[] = {
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
-# endif
# ifdef GENCB_TEST
{"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
# endif
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
{NULL}
};
diff --git a/apps/ec.c b/apps/ec.c
index 83a6aa4..341243f 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -92,9 +92,6 @@ OPTIONS ec_options[] = {
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
-# ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-# endif
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
@@ -106,6 +103,9 @@ OPTIONS ec_options[] = {
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
{NULL}
};
diff --git a/apps/enc.c b/apps/enc.c
index d045d15..628142a 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -92,9 +92,6 @@ OPTIONS enc_options[] = {
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
-#endif
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
@@ -107,9 +104,6 @@ OPTIONS enc_options[] = {
{"A", OPT_UPPER_A, '-'},
{"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Base64 output as a single line"},
-#ifdef ZLIB
- {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
-#endif
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
@@ -120,6 +114,12 @@ OPTIONS enc_options[] = {
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+#ifdef ZLIB
+ {"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
{NULL}
};
diff --git a/apps/gendsa.c b/apps/gendsa.c
index a832ec3..01bbceb 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -84,10 +84,10 @@ OPTIONS gendsa_options[] = {
{"passout", OPT_PASSOUT, 's'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
+ {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{NULL}
};
diff --git a/apps/genpkey.c b/apps/genpkey.c
index b9843cf..7c8d551 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -89,6 +89,7 @@ OPTIONS genpkey_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
+ /* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
{NULL}
diff --git a/apps/passwd.c b/apps/passwd.c
index f34ef9f..2e37629 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -101,6 +101,8 @@ OPTIONS passwd_options[] = {
{"quiet", OPT_QUIET, '-', "No warnings"},
{"table", OPT_TABLE, '-', "Format output as table"},
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
+ {"salt", OPT_SALT, 's', "Use provided salt"},
+ {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
# ifndef NO_MD5CRYPT_1
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
@@ -108,8 +110,6 @@ OPTIONS passwd_options[] = {
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
# endif
- {"salt", OPT_SALT, 's', "Use provided salt"},
- {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
{NULL}
};
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 82131e8..9ab7f69 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -149,10 +149,10 @@ OPTIONS pkcs12_options[] = {
{"password", OPT_PASSWORD, 's', "Set import/export password source"},
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
- {"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};
diff --git a/apps/req.c b/apps/req.c
index 3bae59e..00d7c4a 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -176,11 +176,11 @@ OPTIONS req_options[] = {
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
"Request extension section (override value in config file)"},
+ {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
#endif
- {"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
diff --git a/apps/rsa.c b/apps/rsa.c
index 87cb702..51581ae 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -138,14 +138,16 @@ OPTIONS rsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
{"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
- {"pvk-strong", OPT_PVK_STRONG, '-'},
- {"pvk-weak", OPT_PVK_WEAK, '-'},
- {"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifdef OPENSSL_NO_RC4
+ {"pvk-strong", OPT_PVK_STRONG, '-'},
+ {"pvk-weak", OPT_PVK_WEAK, '-'},
+ {"pvk-none", OPT_PVK_NONE, '-'},
+# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
@@ -170,11 +172,6 @@ int rsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
-#ifdef OPENSSL_NO_RC4
- case OPT_PVK_STRONG:
- case OPT_PVK_WEAK:
- case OPT_PVK_NONE:
-#endif
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
@@ -227,6 +224,11 @@ int rsa_main(int argc, char **argv)
case OPT_PVK_NONE:
pvk_encr = 0;
break;
+#else
+ case OPT_PVK_STRONG:
+ case OPT_PVK_WEAK:
+ case OPT_PVK_NONE:
+ break;
#endif
case OPT_NOOUT:
noout = 1;
diff --git a/apps/s_client.c b/apps/s_client.c
index 009e5fe..22aa270 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -509,17 +509,9 @@ OPTIONS s_client_options[] = {
{"quiet", OPT_QUIET, '-', "No s_client output"},
{"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
{"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
-#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
-#endif
{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just use TLSv1"},
- {"dtls", OPT_DTLS, '-'},
- {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
- {"dtls1_2", OPT_DTLS1_2, '-'},
- {"timeout", OPT_TIMEOUT, '-'},
- {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
{"starttls", OPT_STARTTLS, 's',
"Use the STARTTLS command before starting TLS"},
{"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""},
@@ -534,6 +526,48 @@ OPTIONS s_client_options[] = {
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
"Export len bytes of keying material (default 20)"},
{"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
+ {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
+ {"CRL", OPT_CRL, '<'},
+ {"crl_download", OPT_CRL_DOWNLOAD, '-'},
+ {"CRLform", OPT_CRLFORM, 'F'},
+ {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
+ {"verify_quiet", OPT_VERIFY_QUIET, '-'},
+ {"brief", OPT_BRIEF, '-'},
+ {"prexit", OPT_PREXIT, '-'},
+ {"security_debug", OPT_SECURITY_DEBUG, '-'},
+ {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
+ {"cert_chain", OPT_CERT_CHAIN, '<'},
+ {"chainCApath", OPT_CHAINCAPATH, '/'},
+ {"verifyCApath", OPT_VERIFYCAPATH, '/'},
+ {"build_chain", OPT_BUILD_CHAIN, '-'},
+ {"chainCAfile", OPT_CHAINCAFILE, '<'},
+ {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
+ {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
+ {"servername", OPT_SERVERNAME, 's',
+ "Set TLS extension servername in ClientHello"},
+ {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+ "Hex dump of all TLS extensions received"},
+ {"status", OPT_STATUS, '-', "Request certificate status from server"},
+ {"serverinfo", OPT_SERVERINFO, 's',
+ "types Send empty ClientHello extensions (comma-separated numbers)"},
+ {"alpn", OPT_ALPN, 's',
+ "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
+ OPT_S_OPTIONS,
+ OPT_V_OPTIONS,
+ OPT_X_OPTIONS,
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ {"dtls", OPT_DTLS, '-'},
+ {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
+ {"dtls1_2", OPT_DTLS1_2, '-'},
+ {"timeout", OPT_TIMEOUT, '-'},
+ {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+ {"trace", OPT_TRACE, '-'},
+#endif
#ifdef WATT32
{"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
#endif
@@ -556,44 +590,14 @@ OPTIONS s_client_options[] = {
"Tolerate other than the known g N values."},
{"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"},
#endif
- {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
- {"servername", OPT_SERVERNAME, 's',
- "Set TLS extension servername in ClientHello"},
- {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
- "Hex dump of all TLS extensions received"},
- {"status", OPT_STATUS, '-', "Request certificate status from server"},
- {"serverinfo", OPT_SERVERINFO, 's',
- "types Send empty ClientHello extensions (comma-separated numbers)"},
- {"alpn", OPT_ALPN, 's',
- "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Enable NPN extension, considering named protocols supported (comma-separated list)"},
#endif
- {"CRL", OPT_CRL, '<'},
- {"crl_download", OPT_CRL_DOWNLOAD, '-'},
- {"CRLform", OPT_CRLFORM, 'F'},
- {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
- {"verify_quiet", OPT_VERIFY_QUIET, '-'},
- {"brief", OPT_BRIEF, '-'},
- {"prexit", OPT_PREXIT, '-'},
- {"trace", OPT_TRACE, '-'},
- {"security_debug", OPT_SECURITY_DEBUG, '-'},
- {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
- {"cert_chain", OPT_CERT_CHAIN, '<'},
- {"chainCApath", OPT_CHAINCAPATH, '/'},
- {"verifyCApath", OPT_VERIFYCAPATH, '/'},
- {"build_chain", OPT_BUILD_CHAIN, '-'},
- {"chainCAfile", OPT_CHAINCAFILE, '<'},
- {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
- {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'},
#endif
- OPT_S_OPTIONS,
- OPT_V_OPTIONS,
- OPT_X_OPTIONS,
{NULL}
};
@@ -706,29 +710,6 @@ int s_client_main(int argc, char **argv)
prog = opt_init(argc, argv, s_client_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
-#ifndef WATT32
- case OPT_WDEBUG:
-#endif
-#ifdef OPENSSL_NO_JPAKE
- case OPT_JPAKE:
-#endif
-#ifdef OPENSSL_NO_SSL_TRACE
- case OPT_TRACE:
-#endif
-#ifdef OPENSSL_NO_PSK
- case OPT_PSK_IDENTITY:
- case OPT_PSK:
-#endif
-#ifdef OPENSSL_NO_SSL3
- case OPT_SSL3:
-#endif
-#ifdef OPENSSL_NO_DTLS1
- case OPT_DTLS:
- case OPT_DTLS1:
- case OPT_DTLS1_2:
- case OPT_TIMEOUT:
- case OPT_MTU:
-#endif
case OPT_EOF:
case OPT_ERR:
opthelp:
@@ -866,22 +847,22 @@ int s_client_main(int argc, char **argv)
case OPT_STATUS:
c_status_req = 1;
break;
-#ifdef WATT32
case OPT_WDEBUG:
+#ifdef WATT32
dbug_init();
- break;
#endif
+ break;
case OPT_MSG:
c_msg = 1;
break;
case OPT_MSGFILE:
bio_c_msg = BIO_new_file(opt_arg(), "w");
break;
-#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
c_msg = 2;
- break;
#endif
+ break;
case OPT_SECURITY_DEBUG:
sdebug = 1;
break;
@@ -908,6 +889,9 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
goto end;
}
+#else
+ case OPT_PSK_IDENTITY:
+ case OPT_PSK:
break;
#endif
#ifndef OPENSSL_NO_SRP
@@ -941,11 +925,11 @@ int s_client_main(int argc, char **argv)
case OPT_SRP_MOREGROUPS:
break;
#endif
-#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
- break;
#endif
+ break;
case OPT_TLS1_2:
meth = TLSv1_2_client_method();
break;
@@ -974,6 +958,13 @@ int s_client_main(int argc, char **argv)
case OPT_MTU:
socket_mtu = atol(opt_arg());
break;
+#else
+ case OPT_DTLS:
+ case OPT_DTLS1:
+ case OPT_DTLS1_2:
+ case OPT_TIMEOUT:
+ case OPT_MTU:
+ break;
#endif
case OPT_FALLBACKSCSV:
fallback_scsv = 1;
@@ -1038,13 +1029,12 @@ int s_client_main(int argc, char **argv)
goto end;
case OPT_SERVERNAME:
servername = opt_arg();
- /* meth=TLSv1_client_method(); */
break;
-#ifndef OPENSSL_NO_JPAKE
case OPT_JPAKE:
+#ifndef OPENSSL_NO_JPAKE
jpake_secret = opt_arg();
- break;
#endif
+ break;
case OPT_USE_SRTP:
srtp_profiles = opt_arg();
break;
diff --git a/apps/s_server.c b/apps/s_server.c
index 189019d..6bd0257 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -806,9 +806,7 @@ typedef enum OPTION_choice {
OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
-#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
-#endif
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
@@ -821,7 +819,6 @@ typedef enum OPTION_choice {
OPTIONS s_server_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
-
{"port", OPT_PORT, 'p'},
{"accept", OPT_PORT, 'p',
"TCP/IP port to accept on (default is " PORT_STR ")"},
@@ -851,9 +848,6 @@ OPTIONS s_server_options[] = {
{"dkeyform", OPT_DKEYFORM, 'F',
"Second key format (PEM, DER or ENGINE) PEM default"},
{"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
-#ifdef FIONBIO
- {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
-#endif
{"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
{"debug", OPT_DEBUG, '-', "Print more output"},
@@ -865,47 +859,13 @@ OPTIONS s_server_options[] = {
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
{"quiet", OPT_QUIET, '-', "No server output"},
{"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
-#ifndef OPENSSL_NO_PSK
- {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
- {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
-# ifndef OPENSSL_NO_JPAKE
- {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
-# endif
-#endif
-#ifndef OPENSSL_NO_SRP
- {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
- {"srpuserseed", OPT_SRPUSERSEED, 's',
- "A seed string for a default user salt"},
-#endif
-#ifndef OPENSSL_NO_SSL3
- {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
-#endif
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
-#ifndef OPENSSL_NO_DTLS1
- {"dtls", OPT_DTLS, '-'},
- {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
- {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
- {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
- {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
- {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
-#endif
-#ifndef OPENSSL_NO_DH
- {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
-#endif
-#ifndef OPENSSL_NO_EC
- {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
-#endif
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
"Disable caching and tickets if ephemeral (EC)DH is used"},
{"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
{"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
- {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
- {"id_prefix", OPT_ID_PREFIX, 's',
- "Generate SSL/TLS session IDs prefixed by arg"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
{"servername", OPT_SERVERNAME, 's',
"Servername for HostName TLS extension"},
{"servername_fatal", OPT_SERVERNAME_FATAL, '-',
@@ -916,14 +876,11 @@ OPTIONS s_server_options[] = {
"-Private Key file to use for servername if not in -cert2"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
-#ifndef OPENSSL_NO_NEXTPROTONEG
- {"nextprotoneg", OPT_NEXTPROTONEG, 's',
- "Set the advertised protocols for the NPN extension (comma-separated list)"},
-#endif
- {"use_srtp", OPT_SRTP_PROFILES, '<',
- "Offer SRTP key management with a colon-separated profile list"},
- {"alpn", OPT_ALPN, 's',
- "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+ {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
+ {"id_prefix", OPT_ID_PREFIX, 's',
+ "Generate SSL/TLS session IDs prefixed by arg"},
+ {"rand", OPT_RAND, 's',
+ "Load the file(s) into the random number generator"},
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
@@ -953,12 +910,54 @@ OPTIONS s_server_options[] = {
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"brief", OPT_BRIEF, '-'},
{"rev", OPT_REV, '-'},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's'},
-#endif
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
+#ifdef FIONBIO
+ {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+#endif
+#ifndef OPENSSL_NO_PSK
+ {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+ {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+# ifndef OPENSSL_NO_JPAKE
+ {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
+# endif
+#endif
+#ifndef OPENSSL_NO_SRP
+ {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
+ {"srpuserseed", OPT_SRPUSERSEED, 's',
+ "A seed string for a default user salt"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+ {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ {"dtls", OPT_DTLS, '-'},
+ {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+ {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+ {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+ {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+ {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
+#endif
+#ifndef OPENSSL_NO_DH
+ {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+#endif
+#ifndef OPENSSL_NO_EC
+ {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+ "Set the advertised protocols for the NPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_SRTP
+ {"use_srtp", OPT_SRTP_PROFILES, '<',
+ "Offer SRTP key management with a colon-separated profile list"},
+ {"alpn", OPT_ALPN, 's',
+ "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's'},
+#endif
{NULL}
};
@@ -1246,13 +1245,11 @@ int s_server_main(int argc, char *argv[])
case OPT_MSGFILE:
bio_s_msg = BIO_new_file(opt_arg(), "w");
break;
-#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
s_msg = 2;
- break;
#else
- case OPT_TRACE:
- goto opthelp;
+ break;
#endif
case OPT_SECURITY_DEBUG:
sdebug = 1;
@@ -1296,6 +1293,10 @@ int s_server_main(int argc, char *argv[])
goto end;
}
break;
+#else
+ case OPT_PSK_HINT:
+ case OPT_PSK:
+ break;
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPVFILE:
@@ -1323,11 +1324,11 @@ int s_server_main(int argc, char *argv[])
case OPT_HTTP:
www = 3;
break;
-#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_server_method();
- break;
#endif
+ break;
case OPT_TLS1_2:
meth = TLSv1_2_server_method();
break;
@@ -1359,6 +1360,14 @@ int s_server_main(int argc, char *argv[])
case OPT_CHAIN:
cert_chain = 1;
break;
+#else
+ case OPT_DTLS:
+ case OPT_DTLS1:
+ case OPT_DTLS1_2:
+ case OPT_TIMEOUT:
+ case OPT_MTU:
+ case OPT_CHAIN:
+ break;
#endif
case OPT_ID_PREFIX:
session_id_prefix = opt_arg();
@@ -1381,11 +1390,11 @@ int s_server_main(int argc, char *argv[])
case OPT_KEY2:
s_key_file2 = opt_arg();
break;
-#ifndef OPENSSL_NO_NEXTPROTONEG
case OPT_NEXTPROTONEG:
+# ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_in = opt_arg();
- break;
#endif
+ break;
case OPT_ALPN:
alpn_in = opt_arg();
break;
diff --git a/apps/s_time.c b/apps/s_time.c
index 74decd2..4f56174 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -114,9 +114,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME,
-#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
-#endif
OPT_WWW
} OPTION_CHOICE;
@@ -227,11 +225,11 @@ int s_time_main(int argc, char **argv)
goto end;
}
break;
-#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
+#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
- break;
#endif
+ break;
}
}
argc = opt_num_rest();
diff --git a/apps/speed.c b/apps/speed.c
index b93237e..45a060f 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -358,19 +358,19 @@ OPTIONS speed_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
+ {"evp", OPT_EVP, 's', "Use specified EVP cipher"},
+ {"decrypt", OPT_DECRYPT, '-',
+ "Time decryption instead of encryption (only EVP)"},
+ {"mr", OPT_MR, '-', "Produce machine readable output"},
+ {"mb", OPT_MB, '-'},
+ {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#if defined(TIMES) || defined(USE_TOD)
{"elapsed", OPT_ELAPSED, '-',
"Measure time in real time instead of CPU user time"},
#endif
- {"evp", OPT_EVP, 's', "Use specified EVP cipher"},
- {"decrypt", OPT_DECRYPT, '-',
- "Time decryption instead of encryption (only EVP)"},
#ifndef NO_FORK
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
#endif
- {"mr", OPT_MR, '-', "Produce machine readable output"},
- {"mb", OPT_MB, '-'},
- {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@@ -829,11 +829,11 @@ int speed_main(int argc, char **argv)
case OPT_ENGINE:
(void)setup_engine(opt_arg(), 0);
break;
-#ifndef NO_FORK
case OPT_MULTI:
+#ifndef NO_FORK
multi = atoi(opt_arg());
- break;
#endif
+ break;
case OPT_MISALIGN:
if (!opt_int(opt_arg(), &misalign))
goto end;
diff --git a/apps/ts.c b/apps/ts.c
index dfbf7ea..feec34b 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -151,10 +151,10 @@ OPTIONS ts_options[] = {
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
+ {"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- {"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
diff --git a/apps/verify.c b/apps/verify.c
index 0235194..227b85b 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -91,10 +91,10 @@ OPTIONS verify_options[] = {
{"CRLfile", OPT_CRLFILE, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"show_chain", OPT_SHOW_CHAIN, '-'},
+ OPT_V_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- OPT_V_OPTIONS,
{NULL}
};
diff --git a/apps/x509.c b/apps/x509.c
index 77a2a6b..0345cf0 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -107,13 +107,9 @@ typedef enum OPTION_choice {
OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
-#ifndef OPENSSL_NO_MD5
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
-#endif
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
OPT_FORCE_VERSION,
-#endif
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
@@ -130,12 +126,6 @@ OPTIONS x509_options[] = {
{"serial", OPT_SERIAL, '-', "Print serial number value"},
{"subject_hash", OPT_HASH, '-', "Print subject hash value"},
{"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
-#ifndef OPENSSL_NO_MD5
- {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
- "Print old-style (MD5) issuer hash value"},
- {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
- "Print old-style (MD5) subject hash value"},
-#endif
{"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
{"subject", OPT_SUBJECT, '-', "Print subject DN"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
@@ -194,12 +184,18 @@ OPTIONS x509_options[] = {
{"clrreject", OPT_CLRREJECT, '-'},
{"badsig", OPT_BADSIG, '-'},
{"", OPT_MD, '-', "Any supported digest"},
-#ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#ifndef OPENSSL_NO_MD5
+ {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
+ "Print old-style (MD5) issuer hash value"},
+ {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+ "Print old-style (MD5) subject hash value"},
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
{"force_version", OPT_FORCE_VERSION, 'p'},
#endif
+#ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
{NULL}
};
@@ -291,11 +287,11 @@ int x509_main(int argc, char **argv)
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
case OPT_FORCE_VERSION:
+#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
force_version = atoi(opt_arg()) - 1;
- break;
#endif
+ break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
@@ -459,6 +455,10 @@ int x509_main(int argc, char **argv)
case OPT_ISSUER_HASH_OLD:
issuer_hash_old = ++num;
break;
+#else
+ case OPT_SUBJECT_HASH_OLD:
+ case OPT_ISSUER_HASH_OLD:
+ break;
#endif
case OPT_DATES:
startdate = ++num;
More information about the openssl-commits
mailing list