diff options
| author | Rich Salz <rsalz@akamai.com> | 2019-11-08 06:08:30 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2019-11-08 06:08:30 +1000 |
| commit | 5388f9862d9aaf3c7cf7a70c1e36e7e983c26cfc (patch) | |
| tree | bda368ec4d8855ac5d3e2a31648769a5dabfaac9 | |
| parent | ab14d2af5386897eba8307c9f3220a6d775c0898 (diff) | |
Add "sections" to -help output
Remove "Valid options" label, since all commands have sections (and
[almost] always the first one is "General options").
Have "list --options" ignore section headers
Reformat ts's additional help
Add output section
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9953)
| -rw-r--r-- | apps/asn1pars.c | 19 | ||||
| -rw-r--r-- | apps/ca.c | 72 | ||||
| -rw-r--r-- | apps/ciphers.c | 23 | ||||
| -rw-r--r-- | apps/cms.c | 104 | ||||
| -rw-r--r-- | apps/crl.c | 33 | ||||
| -rw-r--r-- | apps/crl2p7.c | 11 | ||||
| -rw-r--r-- | apps/dgst.c | 34 | ||||
| -rw-r--r-- | apps/dhparam.c | 28 | ||||
| -rw-r--r-- | apps/dsa.c | 28 | ||||
| -rw-r--r-- | apps/dsaparam.c | 18 | ||||
| -rw-r--r-- | apps/ec.c | 25 | ||||
| -rw-r--r-- | apps/ecparam.c | 29 | ||||
| -rw-r--r-- | apps/enc.c | 37 | ||||
| -rw-r--r-- | apps/engine.c | 10 | ||||
| -rw-r--r-- | apps/errstr.c | 2 | ||||
| -rw-r--r-- | apps/fipsinstall.c | 12 | ||||
| -rw-r--r-- | apps/gendsa.c | 11 | ||||
| -rw-r--r-- | apps/genpkey.c | 16 | ||||
| -rw-r--r-- | apps/genrsa.c | 17 | ||||
| -rw-r--r-- | apps/include/opt.h | 6 | ||||
| -rw-r--r-- | apps/info.c | 4 | ||||
| -rw-r--r-- | apps/kdf.c | 8 | ||||
| -rw-r--r-- | apps/lib/opt.c | 12 | ||||
| -rw-r--r-- | apps/list.c | 5 | ||||
| -rw-r--r-- | apps/mac.c | 6 | ||||
| -rw-r--r-- | apps/nseq.c | 7 | ||||
| -rw-r--r-- | apps/ocsp.c | 102 | ||||
| -rw-r--r-- | apps/openssl.c | 2 | ||||
| -rw-r--r-- | apps/passwd.c | 10 | ||||
| -rw-r--r-- | apps/pkcs12.c | 78 | ||||
| -rw-r--r-- | apps/pkcs7.c | 13 | ||||
| -rw-r--r-- | apps/pkcs8.c | 34 | ||||
| -rw-r--r-- | apps/pkey.c | 30 | ||||
| -rw-r--r-- | apps/pkeyparam.c | 13 | ||||
| -rw-r--r-- | apps/pkeyutl.c | 50 | ||||
| -rw-r--r-- | apps/prime.c | 8 | ||||
| -rw-r--r-- | apps/provider.c | 4 | ||||
| -rw-r--r-- | apps/rand.c | 14 | ||||
| -rw-r--r-- | apps/rehash.c | 5 | ||||
| -rw-r--r-- | apps/req.c | 62 | ||||
| -rw-r--r-- | apps/rsa.c | 29 | ||||
| -rw-r--r-- | apps/rsautl.c | 28 | ||||
| -rw-r--r-- | apps/s_client.c | 178 | ||||
| -rw-r--r-- | apps/s_server.c | 154 | ||||
| -rw-r--r-- | apps/s_time.c | 44 | ||||
| -rw-r--r-- | apps/sess_id.c | 11 | ||||
| -rw-r--r-- | apps/smime.c | 65 | ||||
| -rw-r--r-- | apps/speed.c | 30 | ||||
| -rw-r--r-- | apps/spkac.c | 17 | ||||
| -rw-r--r-- | apps/srp.c | 17 | ||||
| -rw-r--r-- | apps/storeutl.c | 26 | ||||
| -rw-r--r-- | apps/ts.c | 78 | ||||
| -rw-r--r-- | apps/verify.c | 14 | ||||
| -rw-r--r-- | apps/version.c | 3 | ||||
| -rw-r--r-- | apps/x509.c | 79 |
55 files changed, 1057 insertions, 718 deletions
diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 14f1dcad32..342e12d9b2 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -27,27 +27,32 @@ typedef enum OPTION_choice { } OPTION_CHOICE; const OPTIONS asn1parse_options[] = { + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, + {"oid", OPT_OID, '<', "file of extra oid definitions"}, + + OPT_SECTION("I/O"), {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"}, {"in", OPT_IN, '<', "input file"}, {"out", OPT_OUT, '>', "output file (output format is always DER)"}, - {"i", OPT_INDENT, 0, "indents the output"}, {"noout", OPT_NOOUT, 0, "do not produce any output"}, {"offset", OPT_OFFSET, 'p', "offset into file"}, {"length", OPT_LENGTH, 'p', "length of section in file"}, - {"oid", OPT_OID, '<', "file of extra oid definitions"}, - {"dump", OPT_DUMP, 0, "unknown data in hex form"}, - {"dlimit", OPT_DLIMIT, 'p', - "dump the first arg bytes of unknown data in hex form"}, {"strparse", OPT_STRPARSE, 'p', "offset; a series of these can be used to 'dig'"}, - {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, + {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"}, - {OPT_MORE_STR, 0, 0, "(-inform will be ignored)"}, {"strictpem", OPT_STRICTPEM, 0, "do not attempt base64 decode outside PEM markers"}, {"item", OPT_ITEM, 's', "item to parse and print"}, + {OPT_MORE_STR, 0, 0, "(-inform will be ignored)"}, + + OPT_SECTION("Formatting"), + {"i", OPT_INDENT, 0, "indents the output"}, + {"dump", OPT_DUMP, 0, "unknown data in hex form"}, + {"dlimit", OPT_DLIMIT, 'p', + "dump the first arg bytes of unknown data in hex form"}, {NULL} }; @@ -154,10 +154,30 @@ typedef enum OPTION_choice { } OPTION_CHOICE; const OPTIONS ca_options[] = { + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"}, + {"outdir", OPT_OUTDIR, '/', "Where to put output cert"}, + {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"}, + {"infiles", OPT_INFILES, '-', "The last argument, requests to process"}, + {"out", OPT_OUT, '>', "Where to put the output file(s)"}, + {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"}, + {"batch", OPT_BATCH, '-', "Don't ask questions"}, + {"msie_hack", OPT_MSIE_HACK, '-', + "msie modifications to handle all Universal Strings"}, + {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"}, + {"spkac", OPT_SPKAC, '<', + "File contains DN and signed public key and challenge"}, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif + + OPT_SECTION("Configuration"), {"config", OPT_CONFIG, 's', "A config file"}, {"name", OPT_NAME, 's', "The particular CA definition to use"}, + {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, + + OPT_SECTION("Certificate"), {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"}, {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"}, {"create_serial", OPT_CREATE_SERIAL, '-', @@ -170,8 +190,21 @@ const OPTIONS ca_options[] = { {"enddate", OPT_ENDDATE, 's', "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, + {"extensions", OPT_EXTENSIONS, 's', + "Extension section (override value in config file)"}, + {"extfile", OPT_EXTFILE, '<', + "Configuration file with X509v3 extensions to add"}, +#ifndef OPENSSL_NO_SM2 + {"sm2-id", OPT_SM2ID, 's', + "Specify an ID string to verify an SM2 certificate request"}, + {"sm2-hex-id", OPT_SM2HEXID, 's', + "Specify a hex ID string to verify an SM2 certificate request"}, +#endif + {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"}, + {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, + + OPT_SECTION("Signing"), {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"}, - {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, {"keyfile", OPT_KEYFILE, 's', "Private key"}, {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, @@ -179,31 +212,12 @@ const OPTIONS ca_options[] = { {"cert", OPT_CERT, '<', "The CA cert"}, {"selfsign", OPT_SELFSIGN, '-', "Sign a cert with the key associated with it"}, - {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"}, - {"out", OPT_OUT, '>', "Where to put the output file(s)"}, - {"outdir", OPT_OUTDIR, '/', "Where to put output cert"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"}, - {"batch", OPT_BATCH, '-', "Don't ask questions"}, - {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"}, - {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, + + OPT_SECTION("Revocation"), {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"}, - {"msie_hack", OPT_MSIE_HACK, '-', - "msie modifications to handle all those universal strings"}, - {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"}, - {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"}, - {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"}, - {"infiles", OPT_INFILES, '-', "The last argument, requests to process"}, - {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"}, - {"spkac", OPT_SPKAC, '<', - "File contains DN and signed public key and challenge"}, - {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"}, {"valid", OPT_VALID, 's', "Add a Valid(not-revoked) DB entry about a cert (given in file)"}, - {"extensions", OPT_EXTENSIONS, 's', - "Extension section (override value in config file)"}, - {"extfile", OPT_EXTFILE, '<', - "Configuration file with X509v3 extensions to add"}, {"status", OPT_STATUS, 's', "Shows cert status given the serial number"}, {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"}, {"crlexts", OPT_CRLEXTS, 's', @@ -215,16 +229,12 @@ const OPTIONS ca_options[] = { "sets compromise time to val and the revocation reason to keyCompromise"}, {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's', "sets compromise time to val and the revocation reason to CACompromise"}, + {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"}, + {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"}, + {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"}, + {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"}, + OPT_R_OPTIONS, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif -#ifndef OPENSSL_NO_SM2 - {"sm2-id", OPT_SM2ID, 's', - "Specify an ID string to verify an SM2 certificate request"}, - {"sm2-hex-id", OPT_SM2HEXID, 's', - "Specify a hex ID string to verify an SM2 certificate request"}, -#endif {NULL} }; diff --git a/apps/ciphers.c b/apps/ciphers.c index e51fac11ee..c2ac40a3b5 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -31,33 +31,38 @@ typedef enum OPTION_choice { } OPTION_CHOICE; const OPTIONS ciphers_options[] = { + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, + + OPT_SECTION("Output"), {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, {"V", OPT_UPPER_V, '-', "Even more verbose"}, + {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, + {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, + + OPT_SECTION("Cipher specification"), {"s", OPT_S, '-', "Only supported ciphers"}, #ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, + {"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"}, #endif #ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "TLS1 mode"}, + {"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"}, #endif #ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"}, + {"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"}, #endif #ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, + {"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"}, #endif #ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, + {"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"}, #endif - {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #ifndef OPENSSL_NO_PSK - {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"}, + {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"}, #endif #ifndef OPENSSL_NO_SRP - {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"}, + {"srp", OPT_SRP, '-', "Include ciphersuites requiring SRP"}, #endif - {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, {"ciphersuites", OPT_CIPHERSUITES, 's', "Configure the TLSv1.3 ciphersuites to use"}, {NULL} diff --git a/apps/cms.c b/apps/cms.c index 468820f3cf..c30bd62bb1 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -91,13 +91,35 @@ const OPTIONS cms_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"}, {OPT_HELP_STR, 1, '-', " cert.pem... recipient certs for encryption\n"}, - {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, + + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"}, {"outform", OPT_OUTFORM, 'c', "Output format SMIME (default), PEM or DER"}, {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, + {"debug_decrypt", OPT_DEBUG_DECRYPT, '-', + "Disable MMA protection and return an error if no recipient found" + " (see documentation)"}, + {"stream", OPT_INDEF, '-', "Enable CMS streaming"}, + {"indef", OPT_INDEF, '-', "Same as -stream"}, + {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, + {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" }, + {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, + {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, + {"CAstore", OPT_CASTORE, ':', "trusted certificates store URI"}, + {"no-CAfile", OPT_NOCAFILE, '-', + "Do not load the default certificates file"}, + {"no-CApath", OPT_NOCAPATH, '-', + "Do not load certificates from the default certificates directory"}, + {"no-CAstore", OPT_NOCASTORE, '-', + "Do not load certificates from the default certificates store"}, +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif + + OPT_SECTION("Action"), {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, {"sign", OPT_SIGN, '-', "Sign message"}, @@ -109,45 +131,42 @@ const OPTIONS cms_options[] = { "Exit non-zero on verification failure"}, {"verify_receipt", OPT_VERIFY_RECEIPT, '<', "Verify receipts; exit if receipt signatures do not verify"}, - {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"}, - {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"}, - {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"}, {"digest_verify", OPT_DIGEST_VERIFY, '-', "Verify a CMS \"DigestedData\" object and output it"}, {"digest_create", OPT_DIGEST_CREATE, '-', "Create a CMS \"DigestedData\" object"}, {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"}, - {"uncompress", OPT_UNCOMPRESS, '-', "Uncompress a CMS \"CompressedData\" object"}, + {"uncompress", OPT_UNCOMPRESS, '-', + "Uncompress a CMS \"CompressedData\" object"}, {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-', "Decrypt CMS \"EncryptedData\" object using symmetric key"}, {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-', "Create CMS \"EncryptedData\" object using symmetric key"}, - {"debug_decrypt", OPT_DEBUG_DECRYPT, '-', - "Disable MMA protection and return an error if no recipient found" - " (see documentation)"}, + {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"}, + {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"}, + {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"}, + {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-', + "Do not verify signed content signatures"}, + {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-', + "Do not verify signed attribute signatures"}, + {"nointern", OPT_NOINTERN, '-', + "Don't search certificates in message for signer"}, + {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, + + OPT_SECTION("Formatting"), {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, {"asciicrlf", OPT_ASCIICRLF, '-', "Perform CRLF canonicalisation when signing"}, - {"nointern", OPT_NOINTERN, '-', - "Don't search certificates in message for signer"}, - {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, - {"nocerts", OPT_NOCERTS, '-', - "Don't include signers certificate when signing"}, - {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, + {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, {"binary", OPT_BINARY, '-', "Don't translate message to text"}, {"keyid", OPT_KEYID, '-', "Use subject key identifier"}, {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, - {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-', - "Do not verify signed content signatures"}, - {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-', - "Do not verify signed attribute signatures"}, - {"stream", OPT_INDEF, '-', "Enable CMS streaming"}, - {"indef", OPT_INDEF, '-', "Same as -stream"}, - {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, - {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" }, - {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"}, + {"nocerts", OPT_NOCERTS, '-', + "Don't include signers certificate when signing"}, + {"noout", OPT_NOOUT, '-', + "For the -cmsout operation do not output the parsed CMS structure"}, {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, {"receipt_request_all", OPT_RR_ALL, '-', "When signing, create a receipt request for all recipients"}, @@ -155,54 +174,51 @@ const OPTIONS cms_options[] = { "When signing, create a receipt request for first recipient"}, {"rctform", OPT_RCTFORM, 'F', "Receipt file format"}, {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, - {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, - {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, - {"CAstore", OPT_CASTORE, ':', "trusted certificates store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, + {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, + + OPT_SECTION("Keying"), {"secretkey", OPT_SECRETKEY, 's', "Use specified hex-encoded key to decrypt/encrypt recipients or content"}, {"secretkeyid", OPT_SECRETKEYID, 's', "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"}, {"pwri_password", OPT_PWRI_PASSWORD, 's', "Specific password for recipient"}, - {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + {"inkey", OPT_INKEY, 's', + "Input private key (if not signer or recipient)"}, + {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, + {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, + + OPT_SECTION("Mail header"), + {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"}, {"to", OPT_TO, 's', "To address"}, {"from", OPT_FROM, 's', "From address"}, {"subject", OPT_SUBJECT, 's', "Subject"}, {"signer", OPT_SIGNER, 's', "Signer certificate file"}, {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"}, - {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, - {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, - {"inkey", OPT_INKEY, 's', - "Input private key (if not signer or recipient)"}, - {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, - {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, {"receipt_request_from", OPT_RR_FROM, 's', "Create signed receipt request with specified email address"}, {"receipt_request_to", OPT_RR_TO, 's', "Create signed receipt targeted to specified address"}, + + OPT_SECTION("Encryption"), + {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, - OPT_R_OPTIONS, - OPT_V_OPTIONS, + + OPT_SECTION("Key-wrapping"), {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"}, # ifndef OPENSSL_NO_DES {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"}, # endif -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif + + OPT_R_OPTIONS, + OPT_V_OPTIONS, {NULL} }; diff --git a/apps/crl.c b/apps/crl.c index f7f4fb7150..14410f3512 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -28,13 +28,28 @@ typedef enum OPTION_choice { } OPTION_CHOICE; const OPTIONS crl_options[] = { + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, - {"inform", OPT_INFORM, 'F', "Input format; default PEM"}, + {"verify", OPT_VERIFY, '-', "Verify CRL signature"}, + + OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file - default stdin"}, - {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, - {"out", OPT_OUT, '>', "output file - default stdout"}, - {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"}, + {"inform", OPT_INFORM, 'F', "Input format; default PEM"}, {"key", OPT_KEY, '<', "CRL signing Private key to use"}, + {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"}, + + OPT_SECTION("Output"), + {"out", OPT_OUT, '>', "output file - default stdout"}, + {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, + {"text", OPT_TEXT, '-', "Print out a text format version"}, + {"hash", OPT_HASH, '-', "Print hash value"}, +#ifndef OPENSSL_NO_MD5 + {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"}, +#endif + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, + {"", OPT_MD, '-', "Any supported digest"}, + + OPT_SECTION("CRL"), {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"}, {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"}, @@ -43,6 +58,8 @@ const OPTIONS crl_options[] = { {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"}, {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"}, + + OPT_SECTION("Certificate"), {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, {"CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI"}, @@ -52,14 +69,6 @@ const OPTIONS crl_options[] = { "Do not load certificates from the default certificates directory"}, {"no-CAstore", OPT_NOCASTORE, '-', "Do not load certificates from the default certificates store"}, - {"verify", OPT_VERIFY, '-', "Verify CRL signature"}, - {"text", OPT_TEXT, '-', "Print out a text format version"}, - {"hash", OPT_HASH, '-', "Print hash value"}, - {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, - {"", OPT_MD, '-', "Any supported digest"}, -#ifndef OPENSSL_NO_MD5 - {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"}, -#endif {NULL} }; diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 6f284cb10e..ffbee4cbff 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -27,14 +27,19 @@ typedef enum OPTION_choice { } OPTION_CHOICE; const OPTIONS crl2pkcs7_options[] = { + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, + + OPT_SECTION("Input"), {"in", OPT_IN, '<', "Input file"}, - {"out", OPT_OUT, '>', "Output file"}, + {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"}, {"certfile", OPT_CERTFILE, '<', "File of chain of certs to a trusted CA; can be repeated"}, + + OPT_SECTION("Output"), + {"out", OPT_OUT, '>', "Output file"}, + {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, {NULL} }; diff --git a/apps/dgst.c b/apps/dgst.c index 531627c40a..7e1afb9bba 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -49,36 +49,40 @@ const OPTIONS dgst_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"}, {OPT_HELP_STR, 1, '-', " file... files to digest (default is stdin)\n"}, + OPT_SECTION("General"), {"help", OPT_HELP, '-', "Display this summary"}, {"list", OPT_LIST, '-', "List digests"}, +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, + {"engine_impl", OPT_ENGINE_IMPL, '-', + "Also use engine given by -engine for digest operations"}, +#endif + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + + OPT_SECTION("Output"), {"c", OPT_C, '-', "Print the digest with separating colons"}, {"r", OPT_R, '-', "Print the digest in coreutils format"}, {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"sign", OPT_SIGN, 's', "Sign digest using private key"}, - {"verify", OPT_VERIFY, 's', - "Verify a signature using public key"}, - {"prverify", OPT_PRVERIFY, 's', - "Verify a signature using private key"}, - {"signature", OPT_SIGNATURE, '<', "File with signature to verify"}, {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"}, {"hex", OPT_HEX, '-', "Print as hex dump"}, {"binary", OPT_BINARY, '-', "Print in binary form"}, {"d", OPT_DEBUG, '-', "Print debug info"}, {"debug", OPT_DEBUG, '-', "Print debug info"}, - {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-', - "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"}, + + OPT_SECTION("Signing"), + {"sign", OPT_SIGN, 's', "Sign digest using private key"}, + {"verify", OPT_VERIFY, 's', "Verify a signature using public key"}, + {"prverify", OPT_PRVERIFY, 's', "Verify a signature using private key"}, + |