[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Tue Sep 20 01:27:38 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230 (commit)
from 57106f55a5de6186af4ff78484d99528a6935be4 (commit)
- Log -----------------------------------------------------------------
commit 90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Sun Jul 31 19:02:50 2016 +0200
Fix various missing option help messages ...
Reviewed-by: Andy Polyakov <appro at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1585)
(cherry picked from commit 12d56b2992ebd61e1b30c99ca1898dde42345cf7)
-----------------------------------------------------------------------
Summary of changes:
apps/cms.c | 19 ++++++++++---------
apps/crl.c | 2 +-
apps/gendsa.c | 2 +-
apps/ocsp.c | 6 ++++--
apps/pkcs7.c | 2 +-
apps/pkcs8.c | 2 +-
apps/smime.c | 17 +++++++++--------
apps/spkac.c | 3 ++-
apps/ts.c | 2 +-
apps/x509.c | 16 ++++++++--------
10 files changed, 38 insertions(+), 33 deletions(-)
diff --git a/apps/cms.c b/apps/cms.c
index b9eec24..ad292f5 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -99,7 +99,7 @@ OPTIONS cms_options[] = {
{"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
{"sign", OPT_SIGN, '-', "Sign message"},
{"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
- {"resign", OPT_RESIGN, '-'},
+ {"resign", OPT_RESIGN, '-', "Resign a signed message"},
{"verify", OPT_VERIFY, '-', "Verify signed message"},
{"verify_retcode", OPT_VERIFY_RETCODE, '-'},
{"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
@@ -122,22 +122,22 @@ OPTIONS cms_options[] = {
"Don't include signers certificate when signing"},
{"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
{"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
- {"nosmimecap", OPT_NOSMIMECAP, '-'},
+ {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
{"binary", OPT_BINARY, '-', "Don't translate message to text"},
{"keyid", OPT_KEYID, '-', "Use subject key identifier"},
{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
{"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
{"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
- {"stream", OPT_INDEF, '-'},
- {"indef", OPT_INDEF, '-'},
- {"noindef", OPT_NOINDEF, '-'},
+ {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+ {"indef", OPT_INDEF, '-', "Same as -stream"},
+ {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
{"nooldmime", OPT_NOOLDMIME, '-'},
- {"crlfeol", OPT_CRLFEOL, '-'},
+ {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
{"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
- {"receipt_request_print", OPT_RR_PRINT, '-'},
+ {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
{"receipt_request_all", OPT_RR_ALL, '-'},
{"receipt_request_first", OPT_RR_FIRST, '-'},
- {"rctform", OPT_RCTFORM, 'F'},
+ {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
{"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
@@ -147,7 +147,8 @@ OPTIONS cms_options[] = {
"Do not load certificates from the default certificates directory"},
{"content", OPT_CONTENT, '<',
"Supply or override content for detached signature"},
- {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"},
+ {"print", OPT_PRINT, '-',
+ "For the -cmsout operation print out all fields of the CMS structure"},
{"secretkey", OPT_SECRETKEY, 's'},
{"secretkeyid", OPT_SECRETKEYID, 's'},
{"pwri_password", OPT_PWRI_PASSWORD, 's'},
diff --git a/apps/crl.c b/apps/crl.c
index 5e0fbe5..06b6e5b 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -41,7 +41,7 @@ OPTIONS crl_options[] = {
{"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
{"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
{"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
- {"gendelta", OPT_GENDELTA, '<'},
+ {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
{"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
{"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
{"no-CAfile", OPT_NOCAFILE, '-',
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 5dacf1b..4c05493 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -34,7 +34,7 @@ OPTIONS gendsa_options[] = {
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"out", OPT_OUT, '>', "Output the key to the specified file"},
- {"passout", OPT_PASSOUT, 's'},
+ {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
diff --git a/apps/ocsp.c b/apps/ocsp.c
index cfc06a9..41ea970 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -107,7 +107,8 @@ OPTIONS ocsp_options[] = {
{"url", OPT_URL, 's', "Responder URL"},
{"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
{"port", OPT_PORT, 'p', "Port to run responder on"},
- {"ignore_err", OPT_IGNORE_ERR, '-'},
+ {"ignore_err", OPT_IGNORE_ERR, '-',
+ "Ignore Error response from OCSP responder, and retry "},
{"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
{"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
{"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"},
@@ -124,7 +125,8 @@ OPTIONS ocsp_options[] = {
{"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"},
{"no_cert_checks", OPT_NO_CERT_CHECKS, '-',
"Don't do additional checks on signing certificate"},
- {"no_explicit", OPT_NO_EXPLICIT, '-'},
+ {"no_explicit", OPT_NO_EXPLICIT, '-',
+ "Do not explicitly check the chain, just verify the root"},
{"trust_other", OPT_TRUST_OTHER, '-',
"Don't verify additional certificates"},
{"no_intern", OPT_NO_INTERN, '-',
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 8763df0..85994cd 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -33,7 +33,7 @@ OPTIONS pkcs7_options[] = {
{"out", OPT_OUT, '>', "Output file"},
{"noout", OPT_NOOUT, '-', "Don't output encoded data"},
{"text", OPT_TEXT, '-', "Print full details of certificates"},
- {"print", OPT_PRINT, '-'},
+ {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
{"print_certs", OPT_PRINT_CERTS, '-',
"Print_certs print any certs or crl in the input"},
#ifndef OPENSSL_NO_ENGINE
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 22b5866..3592a0f 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -38,7 +38,7 @@ OPTIONS pkcs8_options[] = {
{"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
{"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
{"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
- {"v2prf", OPT_V2PRF, 's'},
+ {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
{"iter", OPT_ITER, 'p', "Specify the iteration count"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
diff --git a/apps/smime.c b/apps/smime.c
index b98c583..082109b 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -88,14 +88,15 @@ OPTIONS smime_options[] = {
"Do not load the default certificates file"},
{"no-CApath", OPT_NOCAPATH, '-',
"Do not load certificates from the default certificates directory"},
- {"resign", OPT_RESIGN, '-'},
- {"nochain", OPT_NOCHAIN, '-'},
- {"nosmimecap", OPT_NOSMIMECAP, '-'},
- {"stream", OPT_STREAM, '-'},
- {"indef", OPT_INDEF, '-'},
- {"noindef", OPT_NOINDEF, '-'},
- {"nooldmime", OPT_NOOLDMIME, '-'},
- {"crlfeol", OPT_CRLFEOL, '-'},
+ {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+ {"nochain", OPT_NOCHAIN, '-',
+ "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
+ {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+ {"stream", OPT_STREAM, '-', "Enable CMS streaming" },
+ {"indef", OPT_INDEF, '-', "Same as -stream" },
+ {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+ {"nooldmime", OPT_NOOLDMIME, '-', NULL},
+ {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
diff --git a/apps/spkac.c b/apps/spkac.c
index a365406..c65103d 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -38,7 +38,8 @@ OPTIONS spkac_options[] = {
{"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
{"pubkey", OPT_PUBKEY, '-', "Output public key"},
{"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
- {"spksect", OPT_SPKSECT, 's'},
+ {"spksect", OPT_SPKSECT, 's',
+ "Specify the name of an SPKAC-dedicated section of configuration"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
diff --git a/apps/ts.c b/apps/ts.c
index 924108f..eda5297 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -107,7 +107,7 @@ OPTIONS ts_options[] = {
{"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"inkey", OPT_INKEY, '<', "File with private key for reply"},
- {"signer", OPT_SIGNER, 's'},
+ {"signer", OPT_SIGNER, 's', "Signer certificate file"},
{"chain", OPT_CHAIN, '<', "File with signer CA chain"},
{"verify", OPT_VERIFY, '-', "Verify a TS response"},
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
diff --git a/apps/x509.c b/apps/x509.c
index 20db458..3539602 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -92,7 +92,7 @@ OPTIONS x509_options[] = {
{"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"},
{"trustout", OPT_TRUSTOUT, '-', "Output a trusted certificate"},
{"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"},
- {"clrext", OPT_CLREXT, '-', "Clear all rejected purposes"},
+ {"clrext", OPT_CLREXT, '-', "Clear all certificate extensions"},
{"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"},
{"addreject", OPT_ADDREJECT, 's',
"Reject certificate for a given purpose"},
@@ -125,9 +125,10 @@ OPTIONS x509_options[] = {
{"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
{"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
- {"force_pubkey", OPT_FORCE_PUBKEY, '<'},
- {"next_serial", OPT_NEXT_SERIAL, '-'},
- {"clrreject", OPT_CLRREJECT, '-'},
+ {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
+ {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
+ {"clrreject", OPT_CLRREJECT, '-',
+ "Clears all the prohibited or rejected uses of the certificate"},
{"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
@@ -626,10 +627,9 @@ int x509_main(int argc, char **argv)
i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
BIO_printf(out, "\n");
} else if (next_serial == i) {
- BIGNUM *bnser;
- ASN1_INTEGER *ser;
- ser = X509_get_serialNumber(x);
- bnser = ASN1_INTEGER_to_BN(ser, NULL);
+ ASN1_INTEGER *ser = X509_get_serialNumber(x);
+ BIGNUM *bnser = ASN1_INTEGER_to_BN(ser, NULL);
+
if (!bnser)
goto end;
if (!BN_add_word(bnser, 1))
More information about the openssl-commits
mailing list