[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Feb 18 17:24:49 UTC 2016
The branch master has been updated
via 9a13bb387d0e50a5dcb4f4324572687aea63b541 (commit)
from 6bc7bad011d98e38039105dc2624426917c0e587 (commit)
- Log -----------------------------------------------------------------
commit 9a13bb387d0e50a5dcb4f4324572687aea63b541
Author: Rich Salz <rsalz at openssl.org>
Date: Thu Feb 18 12:23:27 2016 -0500
GH681: More command help cleanup
enc:
- typo in -base64 option
- missing help opt text
ocsp, req, rsautl, s_client:
- missing help opt text
Signed-off-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/enc.c | 15 ++++++++-------
apps/ocsp.c | 3 ++-
apps/req.c | 11 ++++++-----
apps/rsautl.c | 5 +++--
apps/s_client.c | 57 +++++++++++++++++++++++++++++++++++----------------------
5 files changed, 54 insertions(+), 37 deletions(-)
diff --git a/apps/enc.c b/apps/enc.c
index ab91369..520ee47 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -97,14 +97,15 @@ OPTIONS enc_options[] = {
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
{"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
- {"v", OPT_V, '-'},
+ {"v", OPT_V, '-', "Verbose output"},
{"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
- {"salt", OPT_SALT, '-'},
- {"nosalt", OPT_NOSALT, '-'},
- {"debug", OPT_DEBUG, '-'},
- {"A", OPT_UPPER_A, '-'},
- {"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"},
- {"base64", OPT_A, '-', "Base64 output as a single line"},
+ {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
+ {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
+ {"debug", OPT_DEBUG, '-', "Print debug info"},
+ {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
+ {"base64", OPT_A, '-', "Same as option -a"},
+ {"A", OPT_UPPER_A, '-',
+ "Used with -[base64|a] to specify base64 buffer as a single line"},
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
diff --git a/apps/ocsp.c b/apps/ocsp.c
index f9ba4e1..502adf1 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -144,7 +144,8 @@ typedef enum OPTION_choice {
OPTIONS ocsp_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUTFILE, '>', "Output filename"},
- {"timeout", OPT_TIMEOUT, 'p'},
+ {"timeout", OPT_TIMEOUT, 'p',
+ "Connection timeout (in seconds) to the OCSP responder"},
{"url", OPT_URL, 's', "Responder URL"},
{"host", OPT_HOST, 's', "host:prot top to connect to"},
{"port", OPT_PORT, 'p', "Port to run responder on"},
diff --git a/apps/req.c b/apps/req.c
index 66bcabc..4900a92 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -143,12 +143,12 @@ OPTIONS req_options[] = {
{"config", OPT_CONFIG, '<', "Request template file"},
{"keyout", OPT_KEYOUT, '>', "File to send the key to"},
{"passin", OPT_PASSIN, 's', "Private key password source"},
- {"passout", OPT_PASSOUT, 's'},
+ {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"newkey", OPT_NEWKEY, 's', "Specify as type:bits"},
- {"pkeyopt", OPT_PKEYOPT, 's'},
- {"sigopt", OPT_SIGOPT, 's'},
+ {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"batch", OPT_BATCH, '-',
"Do not ask anything during request generation"},
{"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"},
@@ -156,7 +156,7 @@ OPTIONS req_options[] = {
{"verify", OPT_VERIFY, '-', "Verify signature on REQ"},
{"nodes", OPT_NODES, '-', "Don't encrypt the output key"},
{"noout", OPT_NOOUT, '-', "Do not output REQ"},
- {"verbose", OPT_VERBOSE, '-'},
+ {"verbose", OPT_VERBOSE, '-', "Verbose output"},
{"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"reqopt", OPT_REQOPT, 's', "Various request text options"},
@@ -177,7 +177,8 @@ OPTIONS req_options[] = {
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- {"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
+ {"keygen_engine", OPT_KEYGEN_ENGINE, 's',
+ "Specify engine to be used for key generation operations"},
#endif
{NULL}
};
diff --git a/apps/rsautl.c b/apps/rsautl.c
index f3c90b7..f00c2e3 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -98,10 +98,11 @@ OPTIONS rsautl_options[] = {
{"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
{"sign", OPT_SIGN, '-', "Sign with private key"},
{"verify", OPT_VERIFY, '-', "Verify with public key"},
- {"asn1parse", OPT_ASN1PARSE, '-'},
+ {"asn1parse", OPT_ASN1PARSE, '-',
+ "Run output through asn1parse; useful with -verify"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
- {"rev", OPT_REV, '-'},
+ {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
{"passin", OPT_PASSIN, 's', "Pass phrase source"},
diff --git a/apps/s_client.c b/apps/s_client.c
index e820e7c..ca630f0 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -692,7 +692,8 @@ OPTIONS s_client_options[] = {
{"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"},
{"debug", OPT_DEBUG, '-', "Extra output"},
{"msg", OPT_MSG, '-', "Show protocol messages"},
- {"msgfile", OPT_MSGFILE, '>'},
+ {"msgfile", OPT_MSGFILE, '>',
+ "File to send output of -msg or -trace, instead of stdout"},
{"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"},
{"state", OPT_STATE, '-', "Print the ssl states"},
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
@@ -715,21 +716,31 @@ OPTIONS s_client_options[] = {
"Export len bytes of keying material (default 20)"},
{"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
{"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
- {"CRL", OPT_CRL, '<'},
- {"crl_download", OPT_CRL_DOWNLOAD, '-'},
- {"CRLform", OPT_CRLFORM, 'F'},
- {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
- {"verify_quiet", OPT_VERIFY_QUIET, '-'},
- {"brief", OPT_BRIEF, '-'},
- {"prexit", OPT_PREXIT, '-'},
- {"security_debug", OPT_SECURITY_DEBUG, '-'},
- {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
- {"cert_chain", OPT_CERT_CHAIN, '<'},
- {"chainCApath", OPT_CHAINCAPATH, '/'},
- {"verifyCApath", OPT_VERIFYCAPATH, '/'},
- {"build_chain", OPT_BUILD_CHAIN, '-'},
- {"chainCAfile", OPT_CHAINCAFILE, '<'},
- {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
+ {"CRL", OPT_CRL, '<', "CRL file to use"},
+ {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"},
+ {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
+ {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+ "Close connection on verification error"},
+ {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"},
+ {"brief", OPT_BRIEF, '-',
+ "Restrict output to brief summary of connection parameters"},
+ {"prexit", OPT_PREXIT, '-',
+ "Print session information when the program exits"},
+ {"security_debug", OPT_SECURITY_DEBUG, '-',
+ "Enable security debug messages"},
+ {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+ "Output more security debug output"},
+ {"cert_chain", OPT_CERT_CHAIN, '<',
+ "Certificate chain file (in PEM format)"},
+ {"chainCApath", OPT_CHAINCAPATH, '/',
+ "Use dir as certificate store path to build CA certificate chain"},
+ {"verifyCApath", OPT_VERIFYCAPATH, '/',
+ "Use dir as certificate store path to verify CA certificate"},
+ {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+ {"chainCAfile", OPT_CHAINCAFILE, '<',
+ "CA file for certificate chain (PEM format)"},
+ {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+ "CA file for certificate verification (PEM format)"},
{"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
{"servername", OPT_SERVERNAME, 's',
"Set TLS extension servername in ClientHello"},
@@ -741,7 +752,7 @@ OPTIONS s_client_options[] = {
{"alpn", OPT_ALPN, 's',
"Enable ALPN extension, considering named protocols supported (comma-separated list)"},
{"async", OPT_ASYNC, '-', "Support asynchronous operation"},
- {"ssl_config", OPT_SSL_CONFIG, 's'},
+ {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified configuration file"},
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
@@ -758,18 +769,19 @@ OPTIONS s_client_options[] = {
{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
#endif
#ifndef OPENSSL_NO_DTLS
- {"dtls", OPT_DTLS, '-'},
- {"timeout", OPT_TIMEOUT, '-'},
+ {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
+ {"timeout", OPT_TIMEOUT, '-',
+ "Enable send/receive timeout on DTLS connections"},
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
#endif
#ifndef OPENSSL_NO_DTLS1
{"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
#endif
#ifndef OPENSSL_NO_DTLS1_2
- {"dtls1_2", OPT_DTLS1_2, '-'},
+ {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
- {"trace", OPT_TRACE, '-'},
+ {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
#endif
#ifdef WATT32
{"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
@@ -796,7 +808,8 @@ OPTIONS s_client_options[] = {
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'},
+ {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's',
+ "Specify engine to be used for client certificate operations"},
#endif
{NULL}
};
More information about the openssl-commits
mailing list