[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Wed Nov 20 08:50:26 UTC 2019
The branch master has been updated
via 92de469fbd62a77a36dad5fde3a0ac7034071a59 (commit)
from 1838580037a47b42c5b2326b0b988c50c7c64c3c (commit)
- Log -----------------------------------------------------------------
commit 92de469fbd62a77a36dad5fde3a0ac7034071a59
Author: Rich Salz <rsalz at akamai.com>
Date: Thu Sep 19 21:33:17 2019 -0400
Document command parameters.
Add documentation for all commands that have parameters.
Fix a couple of minor doc and programming bugs, too.
Fixes #10313
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10371)
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 5 +++++
apps/ciphers.c | 5 +++++
apps/cms.c | 7 ++++---
apps/dgst.c | 6 ++++--
apps/dhparam.c | 5 ++++-
apps/dsaparam.c | 5 +++++
apps/engine.c | 5 +++--
apps/errstr.c | 4 +++-
apps/fipsinstall.c | 4 ++--
apps/gendsa.c | 5 ++++-
apps/genrsa.c | 4 ++++
apps/include/opt.h | 5 ++++-
apps/kdf.c | 12 +++++++-----
apps/lib/opt.c | 26 +++++++++++++++++---------
apps/list.c | 1 +
apps/mac.c | 13 +++++++------
apps/openssl.c | 6 ++++--
apps/passwd.c | 5 +++++
apps/prime.c | 5 +++--
apps/provider.c | 7 +++++--
apps/rand.c | 5 ++++-
apps/rehash.c | 5 ++++-
apps/s_client.c | 5 +++++
apps/smime.c | 7 ++++---
apps/speed.c | 5 ++++-
apps/srp.c | 5 +++++
apps/storeutl.c | 3 +++
apps/verify.c | 21 ++++++++++++---------
doc/man1/openssl-ca.pod.in | 6 +++++-
doc/man1/openssl-passwd.pod.in | 2 +-
30 files changed, 143 insertions(+), 56 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 824c022502..f201efe3af 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -154,6 +154,8 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS ca_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [certreq...]\n"},
+
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
@@ -235,6 +237,9 @@ const OPTIONS ca_options[] = {
{"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"certreq", 0, 0, "Certificate requests to be signed (optional)"},
{NULL}
};
diff --git a/apps/ciphers.c b/apps/ciphers.c
index c2ac40a3b5..280a5ab477 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -31,6 +31,8 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS ciphers_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"},
+
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -65,6 +67,9 @@ const OPTIONS ciphers_options[] = {
#endif
{"ciphersuites", OPT_CIPHERSUITES, 's',
"Configure the TLSv1.3 ciphersuites to use"},
+
+ OPT_PARAMETERS(),
+ {"cipher", 0, 0, "Cipher string to decode (optional)"},
{NULL}
};
diff --git a/apps/cms.c b/apps/cms.c
index c30bd62bb1..d67116d3fc 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -88,9 +88,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS cms_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
- {OPT_HELP_STR, 1, '-',
- " cert.pem... recipient certs for encryption\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -219,6 +217,9 @@ const OPTIONS cms_options[] = {
OPT_R_OPTIONS,
OPT_V_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"cert", 0, 0, "Recipient certs (optional; used only when encrypting)"},
{NULL}
};
diff --git a/apps/dgst.c b/apps/dgst.c
index 7e1afb9bba..21f0f01787 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -47,8 +47,7 @@ typedef enum OPTION_choice {
const OPTIONS dgst_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
- {OPT_HELP_STR, 1, '-',
- " file... files to digest (default is stdin)\n"},
+
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"list", OPT_LIST, '-', "List digests"},
@@ -83,6 +82,9 @@ const OPTIONS dgst_options[] = {
"Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"file", 0, 0, "Files to digest (optional; default is stdin)"},
{NULL}
};
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 74758a5dee..7a61241f92 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -42,7 +42,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS dhparam_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -70,6 +70,9 @@ const OPTIONS dhparam_options[] = {
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
{NULL}
};
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index bea5de3dba..17068fb9d0 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -37,6 +37,8 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS dsaparam_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"},
+
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
# ifndef OPENSSL_NO_ENGINE
@@ -57,6 +59,9 @@ const OPTIONS dsaparam_options[] = {
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"numbits", 0, 0, "Number of bits if generating parameters (optional)"},
{NULL}
};
diff --git a/apps/engine.c b/apps/engine.c
index 24dff22c54..a71e111016 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -30,8 +30,6 @@ typedef enum OPTION_choice {
const OPTIONS engine_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
- {OPT_HELP_STR, 1, '-',
- " engine... Engines to load\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -48,6 +46,9 @@ const OPTIONS engine_options[] = {
{"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
{OPT_MORE_STR, OPT_EOF, 1,
"Commands are like \"SO_PATH:/lib/libdriver.so\""},
+
+ OPT_PARAMETERS(),
+ {"engine", 0, 0, "ID of engine(s) to load"},
{NULL}
};
diff --git a/apps/errstr.c b/apps/errstr.c
index 212b7293cd..9e97698be3 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -22,10 +22,12 @@ typedef enum OPTION_choice {
const OPTIONS errstr_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
- {OPT_HELP_STR, 1, '-', " errnum Error number\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
+
+ OPT_PARAMETERS(),
+ {"errnum", 0, 0, "Error number(s) to decode"},
{NULL}
};
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 8846779932..3b19ef15a8 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -34,8 +34,8 @@ typedef enum OPTION_choice {
const OPTIONS fipsinstall_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
- {"verify", OPT_VERIFY, '-', "Verification mode, i.e verify a config file "
- "instead of generating one"},
+ {"verify", OPT_VERIFY, '-',
+ "Verify a config file instead of generating one"},
{"module", OPT_MODULE, '<', "File name of the provider module"},
{"provider_name", OPT_PROV_NAME, 's', "FIPS provider name"},
{"section_name", OPT_SECTION_NAME, 's',
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 45ae815fd4..12806ef2dd 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -32,7 +32,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS gendsa_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -46,6 +46,9 @@ const OPTIONS gendsa_options[] = {
OPT_R_OPTIONS,
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{"verbose", OPT_VERBOSE, '-', "Verbose output"},
+
+ OPT_PARAMETERS(),
+ {"dsaparam-file", 0, 0, "File containing DSA parameters"},
{NULL}
};
diff --git a/apps/genrsa.c b/apps/genrsa.c
index fe57547f33..96fb23aaf5 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -42,6 +42,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS genrsa_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -62,6 +63,9 @@ const OPTIONS genrsa_options[] = {
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"numbits", 0, 0, "Size of key in bits"},
{NULL}
};
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 59bfdcfefb..ac2c236024 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -271,6 +271,8 @@
extern const char OPT_HELP_STR[];
extern const char OPT_MORE_STR[];
extern const char OPT_SECTION_STR[];
+extern const char OPT_PARAM_STR[];
+
typedef struct options_st {
const char *name;
int retval;
@@ -314,6 +316,7 @@ typedef struct string_int_pair_st {
/* Divide options into sections when displaying usage */
#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }
+#define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" }
char *opt_progname(const char *argv0);
char *opt_getprog(void);
@@ -346,7 +349,7 @@ int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
void opt_help(const OPTIONS * list);
-void opt_print(const OPTIONS * opt, int width);
+void opt_print(const OPTIONS * opt, int doingparams, int width);
int opt_format_error(const char *s, unsigned long flags);
int opt_isdir(const char *name);
int opt_printf_stderr(const char *fmt, ...);
diff --git a/apps/kdf.c b/apps/kdf.c
index abd21cee51..66e7e7a7c1 100644
--- a/apps/kdf.c
+++ b/apps/kdf.c
@@ -24,18 +24,20 @@ typedef enum OPTION_choice {
const OPTIONS kdf_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] kdf_name\n"},
- {OPT_HELP_STR, 1, '-', "kdf_name\t KDF algorithm.\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
- {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form."},
- {OPT_HELP_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs"},
+ {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form"},
+ {OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n"},
{"keylen", OPT_KEYLEN, 's', "The size of the output derived key"},
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
- {"binary", OPT_BIN, '-', "Output in binary format (Default is hexadecimal "
- "output)"},
+ {"binary", OPT_BIN, '-',
+ "Output in binary format (default is hexadecimal)"},
+
+ OPT_PARAMETERS(),
+ {"kdf_name", 0, 0, "Name of the KDF algorithm"},
{NULL}
};
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 2b9c922135..2a80e7ebf4 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -26,9 +26,10 @@
#include <openssl/x509v3.h>
#define MAX_OPT_HELP_WIDTH 30
-const char OPT_HELP_STR[] = "--";
-const char OPT_MORE_STR[] = "---";
-const char OPT_SECTION_STR[] = "----";
+const char OPT_HELP_STR[] = "-H";
+const char OPT_MORE_STR[] = "-M";
+const char OPT_SECTION_STR[] = "-S";
+const char OPT_PARAM_STR[] = "-P";
/* Our state */
static char **argv;
@@ -128,7 +129,8 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
opt_progname(av[0]);
unknown = NULL;
- for (; o->name; ++o) {
+ /* Check all options up until the PARAM marker (if present) */
+ for (; o->name != NULL && o->name != OPT_PARAM_STR; ++o) {
#ifndef NDEBUG
const OPTIONS *next;
int duplicated, i;
@@ -838,7 +840,7 @@ static const char *valtype2param(const OPTIONS *o)
return "parm";
}
-void opt_print(const OPTIONS *o, int width)
+void opt_print(const OPTIONS *o, int doingparams, int width)
{
const char* help;
char start[80 + 1];
@@ -854,6 +856,10 @@ void opt_print(const OPTIONS *o, int width)
opt_printf_stderr(help, prog);
return;
}
+ if (o->name == OPT_PARAM_STR) {
+ opt_printf_stderr("\nParameters:\n");
+ return;
+ }
/* Pad out prefix */
memset(start, ' ', sizeof(start) - 1);
@@ -869,7 +875,8 @@ void opt_print(const OPTIONS *o, int width)
/* Build up the "-flag [param]" part. */
p = start;
*p++ = ' ';
- *p++ = '-';
+ if (!doingparams)
+ *p++ = '-';
if (o->name[0])
p += strlen(strcpy(p, o->name));
else
@@ -891,9 +898,8 @@ void opt_print(const OPTIONS *o, int width)
void opt_help(const OPTIONS *list)
{
const OPTIONS *o;
- int i;
+ int i, sawparams = 0, width = 5;
int standard_prolog;
- int width = 5;
char start[80 + 1];
/* Starts with its own help message? */
@@ -919,7 +925,9 @@ void opt_help(const OPTIONS *list)
/* Now let's print. */
for (o = list; o->name; o++) {
- opt_print(o, width);
+ if (o->name == OPT_PARAM_STR)
+ sawparams = 1;
+ opt_print(o, sawparams, width);
}
}
diff --git a/apps/list.c b/apps/list.c
index a260db80fd..a5382ac24f 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -367,6 +367,7 @@ static void list_options_for_command(const char *command)
if (o->name == OPT_HELP_STR
|| o->name == OPT_MORE_STR
|| o->name == OPT_SECTION_STR
+ || o->name == OPT_PARAM_STR
|| o->name[0] == '\0')
continue;
BIO_printf(bio_out, "%s %c\n", o->name, c == '\0' ? '-' : c);
diff --git a/apps/mac.c b/apps/mac.c
index 0cd3323f3b..6abcfcd4e8 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -26,21 +26,22 @@ typedef enum OPTION_choice {
const OPTIONS mac_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] mac_name\n"},
- {OPT_HELP_STR, 1, '-', "mac_name\t\t MAC algorithm (See list "
- "-mac-algorithms)"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
- {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form. "
- "See 'PARAMETER NAMES' in the EVP_MAC_ docs"},
+ {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form"},
+ {OPT_MORE_STR, 1, '-', "See 'PARAMETER NAMES' in the EVP_MAC_ docs"},
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file to MAC (default is stdin)"},
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
- {"binary", OPT_BIN, '-', "Output in binary format (Default is hexadecimal "
- "output)"},
+ {"binary", OPT_BIN, '-',
+ "Output in binary format (default is hexadecimal)"},
+
+ OPT_PARAMETERS(),
+ {"mac_name", 0, 0, "MAC algorithm"},
{NULL}
};
diff --git a/apps/openssl.c b/apps/openssl.c
index 9aabad5e09..66189ca434 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -384,11 +384,13 @@ typedef enum HELP_CHOICE {
} HELP_CHOICE;
const OPTIONS help_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: help [options]\n"},
- {OPT_HELP_STR, 1, '-', " help [command]\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: help [options] [command]\n"},
OPT_SECTION("General"),
{"help", OPT_hHELP, '-', "Display this summary"},
+
+ OPT_PARAMETERS(),
+ {"command", 0, 0, "Name of command to display help (optional)"},
{NULL}
};
diff --git a/apps/passwd.c b/apps/passwd.c
index e305bd268d..3b1d2ce3ca 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -59,6 +59,8 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS passwd_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n"},
+
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -85,6 +87,9 @@ const OPTIONS passwd_options[] = {
#endif
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"password", 0, 0, "Password text to digest (optional)"},
{NULL}
};
diff --git a/apps/prime.c b/apps/prime.c
index 5df9ee0363..5345e5b6d0 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -20,8 +20,6 @@ typedef enum OPTION_choice {
const OPTIONS prime_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
- {OPT_HELP_STR, 1, '-',
- " number Number to check for primality\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -33,6 +31,9 @@ const OPTIONS prime_options[] = {
{"generate", OPT_GENERATE, '-', "Generate a prime"},
{"safe", OPT_SAFE, '-',
"When used with -generate, generate a safe prime"},
+
+ OPT_PARAMETERS(),
+ {"number", 0, 0, "Number(s) to check for primality if not generating"},
{NULL}
};
diff --git a/apps/provider.c b/apps/provider.c
index 47bc056b63..87231cd2df 100644
--- a/apps/provider.c
+++ b/apps/provider.c
@@ -26,8 +26,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS provider_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] provider...\n"},
- {OPT_HELP_STR, 1, '-', " provider... Providers to load\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [provider...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -38,6 +37,9 @@ const OPTIONS provider_options[] = {
{OPT_MORE_STR, 0, '-', "categorised by operation type"},
{"vvv", OPT_VVV, '-', "List the algorithm names of specified provider"},
{OPT_MORE_STR, 0, '-', "one at a time, and list all known parameters"},
+
+ OPT_PARAMETERS(),
+ {"provider", 0, 0, "Provider(s) to load"},
{NULL}
};
@@ -268,6 +270,7 @@ int provider_main(int argc, char **argv)
argc = opt_num_rest();
argv = opt_rest();
for ( ; *argv; argv++) {
+ /* This isn't necessary since -- is supported. */
if (**argv == '-') {
BIO_printf(bio_err, "%s: Cannot mix flags and provider names.\n",
prog);
diff --git a/apps/rand.c b/apps/rand.c
index 8b23a03f6e..421ebfc203 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -25,7 +25,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS rand_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] num\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -39,6 +39,9 @@ const OPTIONS rand_options[] = {
{"hex", OPT_HEX, '-', "Hex encode output"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"num", 0, 0, "Number of bytes to generate"},
{NULL}
};
diff --git a/apps/rehash.c b/apps/rehash.c
index ec1cf07506..b7e6e7ec18 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -451,7 +451,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS rehash_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [directory...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -462,6 +462,9 @@ const OPTIONS rehash_options[] = {
OPT_SECTION("Output"),
{"v", OPT_VERBOSE, '-', "Verbose output"},
+
+ OPT_PARAMETERS(),
+ {"directory", 0, 0, "One or more directories to process (optional)"},
{NULL}
};
diff --git a/apps/s_client.c b/apps/s_client.c
index ee1951834b..a0668bc927 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -605,6 +605,8 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS s_client_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [host:port]\n"},
+
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
#ifndef OPENSSL_NO_ENGINE
@@ -816,6 +818,9 @@ const OPTIONS s_client_options[] = {
{"chainCAfile", OPT_CHAINCAFILE, '<',
"CA file for certificate chain (PEM format)"},
OPT_X_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"host:port", 0, 0, "Where to connect; same as -connect option"},
{NULL}
};
diff --git a/apps/smime.c b/apps/smime.c
index ec36ea1867..149d3151ee 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -49,9 +49,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS smime_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
- {OPT_HELP_STR, 1, '-',
- " cert.pem... recipient certs for encryption\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -123,6 +121,9 @@ const OPTIONS smime_options[] = {
OPT_R_OPTIONS,
OPT_V_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"cert", 0, 0, "Recipient certs, used when encrypting"},
{NULL}
};
diff --git a/apps/speed.c b/apps/speed.c
index 45cee2c2c5..53ae4c4e58 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -315,7 +315,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS speed_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -356,6 +356,9 @@ const OPTIONS speed_options[] = {
"Use specified offset to mis-align buffers"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
{NULL}
};
diff --git a/apps/srp.c b/apps/srp.c
index b980ecbbb5..e7a18d68cb 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -197,6 +197,8 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS srp_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [user...]\n"},
+
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
{"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
@@ -220,6 +222,9 @@ const OPTIONS srp_options[] = {
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
OPT_R_OPTIONS,
+
+ OPT_PARAMETERS(),
+ {"user", 0, 0, "Username(s) to process (optional)"},
{NULL}
};
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 980120a39d..85fb1ed860 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -58,6 +58,9 @@ const OPTIONS storeutl_options[] = {
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"text", OPT_TEXT, '-', "Print a text form of the objects"},
{"noout", OPT_NOOUT, '-', "No PEM output, just status"},
+
+ OPT_PARAMETERS(),
+ {"uri", 0, 0, "URI of the store object"},
{NULL}
};
diff --git a/apps/verify.c b/apps/verify.c
index bb8f84c84d..5c5042117d 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -35,7 +35,7 @@ typedef enum OPTION_choice {
} OPTION_CHOICE;
const OPTIONS verify_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
@@ -72,6 +72,9 @@ const OPTIONS verify_options[] = {
{"sm2-hex-id", OPT_SM2HEXID, 's',
"Specify a hex ID string to verify an SM2 certificate"},
#endif
+
+ OPT_PARAMETERS(),
+ {"cert", 0, 0, "Certificate(s) to verify (optional; stdin used otherwise)"},
{NULL}
};
@@ -102,20 +105,20 @@ int verify_main(int argc, char **argv)
goto end;
case OPT_HELP:
opt_help(verify_options);
- BIO_printf(bio_err, "Recognized usages:\n");
+ BIO_printf(bio_err, "\nRecognized certificate chain purposes:\n");
for (i = 0; i < X509_PURPOSE_get_count(); i++) {
- X509_PURPOSE *ptmp;
- ptmp = X509_PURPOSE_get0(i);
- BIO_printf(bio_err, "\t%-10s\t%s\n",
+ X509_PURPOSE *ptmp = X509_PURPOSE_get0(i);
+
+ BIO_printf(bio_err, " %-15s %s\n",
X509_PURPOSE_get0_sname(ptmp),
X509_PURPOSE_get0_name(ptmp));
}
- BIO_printf(bio_err, "Recognized verify names:\n");
+ BIO_printf(bio_err, "Recognized certificate policy names:\n");
for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
- const X509_VERIFY_PARAM *vptmp;
- vptmp = X509_VERIFY_PARAM_get0(i);
- BIO_printf(bio_err, "\t%-10s\n",
+ const X509_VERIFY_PARAM *vptmp = X509_VERIFY_PARAM_get0(i);
+
+ BIO_printf(bio_err, " %s\n",
X509_VERIFY_PARAM_get0_name(vptmp));
}
ret = 0;
diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in
index 81d1186d23..6df41d897f 100644
--- a/doc/man1/openssl-ca.pod.in
+++ b/doc/man1/openssl-ca.pod.in
@@ -62,6 +62,7 @@ B<openssl> B<ca>
[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_r_synopsis -}
+[I<certreq>...]
=for openssl ifdef engine sm2-id sm2-hex-id
@@ -69,8 +70,11 @@ B<openssl> B<ca>
This command is a minimal CA application. It can be used
to sign certificate requests in a variety of forms and generate
-CRLs it also maintains a text database of issued certificates
+CRLs. It also maintains a text database of issued certificates
and their status.
+When signing certificates, a single certificate request can be specified
+with the B<-in> option, or multiple requests can be processed by
+specifying a set of B<certreq> files after all options.
The options descriptions will be divided into each purpose.
diff --git a/doc/man1/openssl-passwd.pod.in b/doc/man1/openssl-passwd.pod.in
index 2fa8e97f13..dee50df229 100644
--- a/doc/man1/openssl-passwd.pod.in
+++ b/doc/man1/openssl-passwd.pod.in
@@ -26,7 +26,7 @@ B<openssl passwd>
[B<-quiet>]
[B<-table>]
{- $OpenSSL::safe::opt_r_synopsis -}
-{I<password>}
+[I<password>]
=for openssl ifdef crypt
More information about the openssl-commits
mailing list