[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Wed May 4 11:44:35 UTC 2016
The branch master has been updated
via 16e1b281b2e16ff6deb8ca431dfc5743de31d0e2 (commit)
from b273fcc565fbe90b1f9d2526640fcc55832bbeb6 (commit)
- Log -----------------------------------------------------------------
commit 16e1b281b2e16ff6deb8ca431dfc5743de31d0e2
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Sun Mar 20 21:14:10 2016 +0100
GH932: Add more help messages to some apps options.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/asn1pars.c | 2 +-
apps/ca.c | 12 ++++++------
apps/cms.c | 8 ++++----
apps/crl.c | 8 ++++----
apps/dhparam.c | 2 +-
apps/dsa.c | 4 ++--
apps/ec.c | 4 ++--
apps/ocsp.c | 11 ++++++-----
apps/pkeyutl.c | 2 +-
apps/rsautl.c | 2 +-
apps/smime.c | 2 +-
apps/ts.c | 2 +-
apps/x509.c | 6 +++---
13 files changed, 33 insertions(+), 32 deletions(-)
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 3da7e3b..3b29801 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -82,7 +82,7 @@ OPTIONS asn1parse_options[] = {
{"in", OPT_IN, '<', "input file"},
{"out", OPT_OUT, '>', "output file (output format is always DER)"},
{"i", OPT_INDENT, 0, "indents the output"},
- {"noout", OPT_NOOUT, 0, "don't produce any output"},
+ {"noout", OPT_NOOUT, 0, "do not produce any output"},
{"offset", OPT_OFFSET, 'p', "offset into file"},
{"length", OPT_LENGTH, 'p', "length of section in file"},
{"oid", OPT_OID, '<', "file of extra oid definitions"},
diff --git a/apps/ca.c b/apps/ca.c
index 95801fb..0e7bfdc 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -220,7 +220,7 @@ OPTIONS ca_options[] = {
{"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
{"keyfile", OPT_KEYFILE, 's', "Private key"},
{"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
- {"passin", OPT_PASSIN, 's'},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
{"cert", OPT_CERT, '<', "The CA cert"},
{"selfsign", OPT_SELFSIGN, '-',
@@ -228,17 +228,17 @@ OPTIONS ca_options[] = {
{"in", OPT_IN, '<', "The input PEM encoded cert request(s)"},
{"out", OPT_OUT, '>', "Where to put the output file(s)"},
{"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
- {"sigopt", OPT_SIGOPT, 's'},
- {"notext", OPT_NOTEXT, '-'},
+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+ {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"},
{"batch", OPT_BATCH, '-', "Don't ask questions"},
{"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
{"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
{"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
{"msie_hack", OPT_MSIE_HACK, '-',
"msie modifications to handle all those universal strings"},
- {"crldays", OPT_CRLDAYS, 'p', "Days is when the next CRL is due"},
- {"crlhours", OPT_CRLHOURS, 'p', "Hours is when the next CRL is due"},
- {"crlsec", OPT_CRLSEC, 'p'},
+ {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"},
+ {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"},
+ {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"},
{"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
{"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
{"spkac", OPT_SPKAC, '<',
diff --git a/apps/cms.c b/apps/cms.c
index 95f2124..7bc40d5 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -142,7 +142,7 @@ OPTIONS cms_options[] = {
{"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
{"sign", OPT_SIGN, '-', "Sign message"},
- {"sign_receipt", OPT_SIGN_RECEIPT, '-'},
+ {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
{"resign", OPT_RESIGN, '-'},
{"verify", OPT_VERIFY, '-', "Verify signed message"},
{"verify_retcode", OPT_VERIFY_RETCODE, '-'},
@@ -177,7 +177,7 @@ OPTIONS cms_options[] = {
{"noindef", OPT_NOINDEF, '-'},
{"nooldmime", OPT_NOOLDMIME, '-'},
{"crlfeol", OPT_CRLFEOL, '-'},
- {"noout", OPT_NOOUT, '-'},
+ {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
{"receipt_request_print", OPT_RR_PRINT, '-'},
{"receipt_request_all", OPT_RR_ALL, '-'},
{"receipt_request_first", OPT_RR_FIRST, '-'},
@@ -191,7 +191,7 @@ OPTIONS cms_options[] = {
"Do not load certificates from the default certificates directory"},
{"content", OPT_CONTENT, '<',
"Supply or override content for detached signature"},
- {"print", OPT_PRINT, '-'},
+ {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"},
{"secretkey", OPT_SECRETKEY, 's'},
{"secretkeyid", OPT_SECRETKEYID, 's'},
{"pwri_password", OPT_PWRI_PASSWORD, 's'},
@@ -205,7 +205,7 @@ OPTIONS cms_options[] = {
{"signer", OPT_SIGNER, 's', "Signer certificate file"},
{"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
{"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
- {"md", OPT_MD, 's'},
+ {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
{"inkey", OPT_INKEY, 's',
"Input private key (if not signer or recipient)"},
{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
diff --git a/apps/crl.c b/apps/crl.c
index d3fd416..f48ad14 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -80,15 +80,15 @@ OPTIONS crl_options[] = {
{"in", OPT_IN, '<', "Input file - default stdin"},
{"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
{"out", OPT_OUT, '>', "output file - default stdout"},
- {"keyform", OPT_KEYFORM, 'F'},
- {"key", OPT_KEY, '<'},
+ {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
+ {"key", OPT_KEY, '<', "CRL signing Private key to use"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
{"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
{"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
{"noout", OPT_NOOUT, '-', "No CRL output"},
{"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
{"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
- {"badsig", OPT_BADSIG, '-'},
+ {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
{"gendelta", OPT_GENDELTA, '<'},
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
@@ -96,7 +96,7 @@ OPTIONS crl_options[] = {
"Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
- {"verify", OPT_VERIFY, '-'},
+ {"verify", OPT_VERIFY, '-', "Verify CRL signature"},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 9ad80ed..c1a8acd 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -150,7 +150,7 @@ OPTIONS dhparam_options[] = {
{"out", OPT_OUT, '>', "Output file"},
{"check", OPT_CHECK, '-', "Check the DH parameters"},
{"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
- {"noout", OPT_NOOUT, '-'},
+ {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"C", OPT_C, '-', "Print C code"},
diff --git a/apps/dsa.c b/apps/dsa.c
index 1c841a3..b7b9593 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -90,8 +90,8 @@ OPTIONS dsa_options[] = {
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
- {"pubin", OPT_PUBIN, '-'},
- {"pubout", OPT_PUBOUT, '-'},
+ {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+ {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
diff --git a/apps/ec.c b/apps/ec.c
index 432e9ff..2e3c1bc 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -99,8 +99,8 @@ OPTIONS ec_options[] = {
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
- {"pubin", OPT_PUBIN, '-'},
- {"pubout", OPT_PUBOUT, '-'},
+ {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+ {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
{"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
{"check", OPT_CHECK, '-', "check key consistency"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
diff --git a/apps/ocsp.c b/apps/ocsp.c
index c1679f0..fd38da4 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -178,7 +178,8 @@ OPTIONS ocsp_options[] = {
"Don't verify additional certificates"},
{"no_intern", OPT_NO_INTERN, '-',
"Don't search certificates contained in response for signer"},
- {"badsig", OPT_BADSIG, '-'},
+ {"badsig", OPT_BADSIG, '-',
+ "Corrupt last byte of loaded OSCP response signature (for test)"},
{"text", OPT_TEXT, '-', "Print text form of request and response"},
{"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
{"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},
@@ -205,7 +206,7 @@ OPTIONS ocsp_options[] = {
{"path", OPT_PATH, 's', "Path to use in OCSP request"},
{"issuer", OPT_ISSUER, '<', "Issuer certificate"},
{"cert", OPT_CERT, '<', "Certificate to check"},
- {"serial", OPT_SERIAL, 's', "Nerial number to check"},
+ {"serial", OPT_SERIAL, 's', "Serial number to check"},
{"index", OPT_INDEX, '<', "Certificate status index file"},
{"CA", OPT_CA, '<', "CA certificate"},
{"nmin", OPT_NMIN, 'p', "Number of minutes before next update"},
@@ -216,9 +217,9 @@ OPTIONS ocsp_options[] = {
"Sesponder certificate to sign responses with"},
{"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
{"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
- {"rmd", OPT_RMD, 's'},
+ {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
{"header", OPT_HEADER, 's', "key=value header to add"},
- {"", OPT_MD, '-', "Any supported digest"},
+ {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"},
OPT_V_OPTIONS,
{NULL}
};
@@ -473,7 +474,7 @@ int ocsp_main(int argc, char **argv)
case OPT_ROTHER:
rcertfile = opt_arg();
break;
- case OPT_RMD:
+ case OPT_RMD: /* Response MessageDigest */
if (!opt_md(opt_arg(), &rsign_md))
goto end;
break;
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index fe7f586..7c54ec6 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -109,7 +109,7 @@ OPTIONS pkeyutl_options[] = {
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
{"inkey", OPT_INKEY, 's', "Input private key file"},
{"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
- {"passin", OPT_PASSIN, 's', "Pass phrase source"},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
{"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
{"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
diff --git a/apps/rsautl.c b/apps/rsautl.c
index 728352c..8504d6a 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -105,7 +105,7 @@ OPTIONS rsautl_options[] = {
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
- {"passin", OPT_PASSIN, 's', "Pass phrase source"},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
diff --git a/apps/smime.c b/apps/smime.c
index 60daeb4..3257a23 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -148,7 +148,7 @@ OPTIONS smime_options[] = {
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"md", OPT_MD, 's'},
+ {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_V_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
diff --git a/apps/ts.c b/apps/ts.c
index cec2177..d55d239 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -154,7 +154,7 @@ OPTIONS ts_options[] = {
{"text", OPT_TEXT, '-', "Output text (not DER)"},
{"reply", OPT_REPLY, '-', "Generate a TS reply"},
{"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
- {"passin", OPT_PASSIN, 's'},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"inkey", OPT_INKEY, '<', "File with private key for reply"},
{"signer", OPT_SIGNER, 's'},
{"chain", OPT_CHAIN, '<', "File with signer CA chain"},
diff --git a/apps/x509.c b/apps/x509.c
index 6370116..fc11bd8 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -116,7 +116,7 @@ OPTIONS x509_options[] = {
"Output format - default PEM (one of DER, NET or PEM)"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
- {"passin", OPT_PASSIN, 's', "Private key password source"},
+ {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
{"serial", OPT_SERIAL, '-', "Print serial number value"},
{"subject_hash", OPT_HASH, '-', "Print subject hash value"},
{"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
@@ -172,11 +172,11 @@ OPTIONS x509_options[] = {
{"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
{"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"},
- {"sigopt", OPT_SIGOPT, 's'},
+ {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"force_pubkey", OPT_FORCE_PUBKEY, '<'},
{"next_serial", OPT_NEXT_SERIAL, '-'},
{"clrreject", OPT_CLRREJECT, '-'},
- {"badsig", OPT_BADSIG, '-'},
+ {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
More information about the openssl-commits
mailing list