diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-05-15 13:50:38 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-06-02 12:40:24 -0400 |
| commit | 9c3bcfa027cb32421ed20ab77553860b922b82fc (patch) | |
| tree | 5bc2b7a055c4abbc75431212948d0693d922f3ab /apps/x509.c | |
| parent | 366e2a60b2fcc727b061f1459343245476ad6c3b (diff) | |
Standardize handling of #ifdef'd options.
Here are the "rules" for handling flags that depend on #ifdef:
- Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd
entries appear at the end; by convention "engine" is last. This
ensures that at run-time, the flag will never be recognized/allowed.
The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
disable it; leave the "case OPT_xxx:" and "break" statements outside
the ifdef/ifndef. See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
for example.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'apps/x509.c')
| -rw-r--r-- | apps/x509.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/apps/x509.c b/apps/x509.c index 77a2a6b437..0345cf09c7 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -107,13 +107,9 @@ typedef enum OPTION_choice { OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST, OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST, OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID, -#ifndef OPENSSL_NO_MD5 OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, -#endif -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL OPT_FORCE_VERSION, -#endif OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT } OPTION_CHOICE; @@ -130,12 +126,6 @@ OPTIONS x509_options[] = { {"serial", OPT_SERIAL, '-', "Print serial number value"}, {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"}, -#ifndef OPENSSL_NO_MD5 - {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', - "Print old-style (MD5) subject hash value"}, -#endif {"hash", OPT_HASH, '-', "Synonym for -subject_hash"}, {"subject", OPT_SUBJECT, '-', "Print subject DN"}, {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, @@ -194,12 +184,18 @@ OPTIONS x509_options[] = { {"clrreject", OPT_CLRREJECT, '-'}, {"badsig", OPT_BADSIG, '-'}, {"", OPT_MD, '-', "Any supported digest"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#ifndef OPENSSL_NO_MD5 + {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) subject hash value"}, #endif #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL {"force_version", OPT_FORCE_VERSION, 'p'}, #endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif {NULL} }; @@ -291,11 +287,11 @@ int x509_main(int argc, char **argv) if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) goto opthelp; break; -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL case OPT_FORCE_VERSION: +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL force_version = atoi(opt_arg()) - 1; - break; #endif + break; case OPT_DAYS: days = atoi(opt_arg()); break; @@ -459,6 +455,10 @@ int x509_main(int argc, char **argv) case OPT_ISSUER_HASH_OLD: issuer_hash_old = ++num; break; +#else + case OPT_SUBJECT_HASH_OLD: + case OPT_ISSUER_HASH_OLD: + break; #endif case OPT_DATES: startdate = ++num; |