[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-63-g2c8f79e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-63-g2c8f79e |
|
Date: |
Tue, 09 Oct 2012 17:12:55 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2c8f79e627bcf158ef8bc0e72cd8a7f7975c590a
The branch, master has been updated
via 2c8f79e627bcf158ef8bc0e72cd8a7f7975c590a (commit)
via c9fab8a8b9a4e2abd8c8c8e00c3b7a0203660021 (commit)
via d1922841f4226039c9eaf402d2c426dc25b8c8cc (commit)
via 1d6879c9d5dc3e986441936dedc31c99399562cd (commit)
via 71b6099c988098f7dd4a7afebd7adfe9357aa958 (commit)
from 130c6598286058c4e362e609fdb2ac4005b5131d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2c8f79e627bcf158ef8bc0e72cd8a7f7975c590a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Oct 9 19:12:40 2012 +0200
documented updates
commit c9fab8a8b9a4e2abd8c8c8e00c3b7a0203660021
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Oct 9 19:11:22 2012 +0200
Certtool updates.
By default generate public key TLSA RR entries. Added --verbose option.
commit d1922841f4226039c9eaf402d2c426dc25b8c8cc
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Oct 8 21:16:21 2012 +0200
libdane -> libgnutls-dane
commit 1d6879c9d5dc3e986441936dedc31c99399562cd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Oct 8 21:09:29 2012 +0200
use hex for single byte entries
commit 71b6099c988098f7dd4a7afebd7adfe9357aa958
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Oct 8 17:31:20 2012 +0200
DANE RR -> DANE TLSA RR
-----------------------------------------------------------------------
Summary of changes:
NEWS | 8 +-
doc/cha-cert-auth.texi | 4 +-
doc/cha-functions.texi | 2 +-
libdane/Makefile.am | 24 +-
src/certtool-args.c | 1046 +++++++++++++++++++++++++-----------------------
src/certtool-args.def | 17 +-
src/certtool-args.h | 230 ++++++------
src/certtool-common.c | 9 +-
src/certtool-common.h | 2 +
src/certtool.c | 46 ++-
10 files changed, 743 insertions(+), 645 deletions(-)
diff --git a/NEWS b/NEWS
index f85f977..561c681 100644
--- a/NEWS
+++ b/NEWS
@@ -22,10 +22,12 @@ response corresponds to the given certificate.
OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.
-** libdane: Added. It is a library to provide DANE with DNSSEC certificate
-verification.
+** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC
+certificate verification.
-** certtool: The --dane-rr option generates DANE Resource Records (RR).
+** gnutls-cli: Added --dane option to enable DANE certificate verification.
+
+** certtool: The --dane-rr option generates DANE TLSA Resource Records (RR).
** API and ABI modifications:
gnutls_certificate_set_ocsp_status_request_function: Added
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 05246e1..bea6225 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -499,7 +499,7 @@ of the DNSSEC infrastructure to verify TLS certificates.
This can be
in addition to the verification by commercial CA infrastructure or
could even replace it where DNSSEC is deployed.
-The DANE functionality is provided by the @code{libdane} library that is
shipped
+The DANE functionality is provided by the @code{libgnutls-dane} library that
is shipped
with GnuTLS and the function prototypes are in @code{gnutls/dane.h}. The
high level verification functions are shown below.
@@ -516,6 +516,8 @@ indicate the status of the verification.
@showenumdesc{dane_verify_status_t,The DANE verification status flags.}
+In order to generate a DANE TLSA entry to use in a DNS server
+you may use certtool's DANE commands (see @ref{certtool Invocation}).
@node Digital signatures
@section Digital signatures
diff --git a/doc/cha-functions.texi b/doc/cha-functions.texi
index 549767c..da86cc4 100644
--- a/doc/cha-functions.texi
+++ b/doc/cha-functions.texi
@@ -98,7 +98,7 @@ Their prototypes lie in @file{gnutls/abstract.h}.
The following functions are to be used for DANE certificate verification.
Their prototypes lie in @file{gnutls/dane.h}. Note that you need to link
-with the @code{libdane} library to use them.
+with the @code{libgnutls-dane} library to use them.
@include dane-api.texi
diff --git a/libdane/Makefile.am b/libdane/Makefile.am
index 87a9413..65a5d5f 100644
--- a/libdane/Makefile.am
+++ b/libdane/Makefile.am
@@ -35,31 +35,31 @@ defexecdir = $(bindir)
defexec_DATA =
-libdane_la_LDFLAGS = -no-undefined
+libgnutls_dane_la_LDFLAGS = -no-undefined
if ENABLE_DANE
-lib_LTLIBRARIES = libdane.la
+lib_LTLIBRARIES = libgnutls-dane.la
-libdane_la_SOURCES = dane.c errors.c libdane.map
+libgnutls_dane_la_SOURCES = dane.c errors.c libdane.map
-libdane_la_LIBADD = ../gl/libgnu.la \
+libgnutls_dane_la_LIBADD = ../gl/libgnu.la \
../lib/libgnutls.la
-libdane_la_LDFLAGS += -version-info
$(LT_DANE_CURRENT):$(LT_DANE_REVISION):$(LT_DANE_AGE)
+libgnutls_dane_la_LDFLAGS += -version-info
$(LT_DANE_CURRENT):$(LT_DANE_REVISION):$(LT_DANE_AGE)
-libdane_la_LIBADD += $(LIBSOCKET) $(UNBOUND_LIBS)
+libgnutls_dane_la_LIBADD += $(LIBSOCKET) $(UNBOUND_LIBS)
if HAVE_LD_VERSION_SCRIPT
-libdane_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libdane.map
+libgnutls_dane_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libdane.map
else
-libdane_la_LDFLAGS += -export-symbols-regex '^(dane).*'
+libgnutls_dane_la_LDFLAGS += -export-symbols-regex '^(dane).*'
endif
if HAVE_LD_OUTPUT_DEF
-libdane_la_LDFLAGS += \
- -Wl,--output-def,libdane-$(DLL_VERSION).def
-libdane-$(DLL_VERSION).def: libdane.la
-defexec_DATA += libdane-$(DLL_VERSION).def
+libgnutls_dane_la_LDFLAGS += \
+ -Wl,--output-def,libgnutls-dane-$(DLL_VERSION).def
+libgnutls_dane-$(DLL_VERSION).def: libgnutls-dane.la
+defexec_DATA += libgnutls-dane-$(DLL_VERSION).def
endif
endif
diff --git a/src/certtool-args.c b/src/certtool-args.c
index cfc38ae..3dd21ad 100644
--- a/src/certtool-args.c
+++ b/src/certtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.c)
*
- * It has been AutoGen-ed October 8, 2012 at 04:53:23 PM by AutoGen 5.16
+ * It has been AutoGen-ed October 9, 2012 at 07:10:23 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* certtool option static const strings
*/
-static char const certtool_opt_strs[5116] =
+static char const certtool_opt_strs[5254] =
/* 0 */ "certtool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -87,201 +87,207 @@ static char const certtool_opt_strs[5116] =
/* 884 */ "Enable debugging.\0"
/* 902 */ "DEBUG\0"
/* 908 */ "debug\0"
-/* 914 */ "Input file\0"
-/* 925 */ "INFILE\0"
-/* 932 */ "infile\0"
-/* 939 */ "Output file\0"
-/* 951 */ "OUTFILE\0"
-/* 959 */ "outfile\0"
-/* 967 */ "Generate a self-signed certificate\0"
-/* 1002 */ "GENERATE_SELF_SIGNED\0"
-/* 1023 */ "generate-self-signed\0"
-/* 1044 */ "Generate a signed certificate\0"
-/* 1074 */ "GENERATE_CERTIFICATE\0"
-/* 1095 */ "generate-certificate\0"
-/* 1116 */ "Generates a proxy certificate\0"
-/* 1146 */ "GENERATE_PROXY\0"
-/* 1161 */ "generate-proxy\0"
-/* 1176 */ "Generate a CRL\0"
-/* 1191 */ "GENERATE_CRL\0"
-/* 1204 */ "generate-crl\0"
-/* 1217 */ "Update a signed certificate\0"
-/* 1245 */ "UPDATE_CERTIFICATE\0"
-/* 1264 */ "update-certificate\0"
-/* 1283 */ "Generate a private key\0"
-/* 1306 */ "GENERATE_PRIVKEY\0"
-/* 1323 */ "generate-privkey\0"
-/* 1340 */ "Generate a PKCS #10 certificate request\0"
-/* 1380 */ "GENERATE_REQUEST\0"
-/* 1397 */ "generate-request\0"
-/* 1414 */ "Verify a PEM encoded certificate chain.\0"
-/* 1454 */ "VERIFY_CHAIN\0"
-/* 1467 */ "verify-chain\0"
-/* 1480 */ "Verify a PEM encoded certificate chain using a trusted list.\0"
-/* 1541 */ "VERIFY\0"
-/* 1548 */ "verify\0"
-/* 1555 */ "Verify a CRL using a trusted list.\0"
-/* 1590 */ "VERIFY_CRL\0"
-/* 1601 */ "verify-crl\0"
-/* 1612 */ "Generate PKCS #3 encoded Diffie-Hellman parameters.\0"
-/* 1664 */ "GENERATE_DH_PARAMS\0"
-/* 1683 */ "generate-dh-params\0"
-/* 1702 */ "Get the included PKCS #3 encoded Diffie-Hellman parameters.\0"
-/* 1762 */ "GET_DH_PARAMS\0"
-/* 1776 */ "get-dh-params\0"
-/* 1790 */ "Print information PKCS #3 encoded Diffie-Hellman parameters\0"
-/* 1850 */ "DH_INFO\0"
-/* 1858 */ "dh-info\0"
-/* 1866 */ "Loads a private key file\0"
-/* 1891 */ "LOAD_PRIVKEY\0"
-/* 1904 */ "load-privkey\0"
-/* 1917 */ "Loads a public key file\0"
-/* 1941 */ "LOAD_PUBKEY\0"
-/* 1953 */ "load-pubkey\0"
-/* 1965 */ "Loads a certificate request file\0"
-/* 1998 */ "LOAD_REQUEST\0"
-/* 2011 */ "load-request\0"
-/* 2024 */ "Loads a certificate file\0"
-/* 2049 */ "LOAD_CERTIFICATE\0"
-/* 2066 */ "load-certificate\0"
-/* 2083 */ "Loads the certificate authority's private key file\0"
-/* 2134 */ "LOAD_CA_PRIVKEY\0"
-/* 2150 */ "load-ca-privkey\0"
-/* 2166 */ "Loads the certificate authority's certificate file\0"
-/* 2217 */ "LOAD_CA_CERTIFICATE\0"
-/* 2237 */ "load-ca-certificate\0"
-/* 2257 */ "Password to use\0"
-/* 2273 */ "PASSWORD\0"
-/* 2282 */ "password\0"
-/* 2291 */ "Enforce a NULL password\0"
-/* 2315 */ "NULL_PASSWORD\0"
-/* 2329 */ "null-password\0"
-/* 2343 */ "Print information on the given certificate\0"
-/* 2386 */ "CERTIFICATE_INFO\0"
-/* 2403 */ "certificate-info\0"
-/* 2420 */ "Print certificate's public key\0"
-/* 2451 */ "CERTIFICATE_PUBKEY\0"
-/* 2470 */ "certificate-pubkey\0"
-/* 2489 */ "Print information on the given OpenPGP certificate\0"
-/* 2540 */ "PGP_CERTIFICATE_INFO\0"
-/* 2561 */ "pgp-certificate-info\0"
-/* 2582 */ "Print information on the given OpenPGP keyring structure\0"
-/* 2639 */ "PGP_RING_INFO\0"
-/* 2653 */ "pgp-ring-info\0"
-/* 2667 */ "Print information on the given CRL structure\0"
-/* 2712 */ "CRL_INFO\0"
-/* 2721 */ "crl-info\0"
-/* 2730 */ "Print information on the given certificate request\0"
-/* 2781 */ "CRQ_INFO\0"
-/* 2790 */ "crq-info\0"
-/* 2799 */ "Do not use extensions in certificate requests\0"
-/* 2845 */ "NO_CRQ_EXTENSIONS\0"
-/* 2863 */ "no-crq-extensions\0"
-/* 2881 */ "Print information on a PKCS #12 structure\0"
-/* 2923 */ "P12_INFO\0"
-/* 2932 */ "p12-info\0"
-/* 2941 */ "Print information on a PKCS #7 structure\0"
-/* 2982 */ "P7_INFO\0"
-/* 2990 */ "p7-info\0"
-/* 2998 */ "Convert S/MIME to PKCS #7 structure\0"
-/* 3034 */ "SMIME_TO_P7\0"
-/* 3046 */ "smime-to-p7\0"
-/* 3058 */ "Print information on a private key\0"
-/* 3093 */ "KEY_INFO\0"
-/* 3102 */ "key-info\0"
-/* 3111 */ "Print information on an OpenPGP private key\0"
-/* 3155 */ "PGP_KEY_INFO\0"
-/* 3168 */ "pgp-key-info\0"
-/* 3181 */ "Print information on a public key\0"
-/* 3215 */ "PUBKEY_INFO\0"
-/* 3227 */ "pubkey-info\0"
-/* 3239 */ "Generate an X.509 version 1 certificate (with no extensions)\0"
-/* 3300 */ "V1\0"
-/* 3303 */ "v1\0"
-/* 3306 */ "Generate a PKCS #12 structure\0"
-/* 3336 */ "TO_P12\0"
-/* 3343 */ "to-p12\0"
-/* 3350 */ "Generate a PKCS #8 structure\0"
-/* 3379 */ "TO_P8\0"
-/* 3385 */ "to-p8\0"
-/* 3391 */ "Use PKCS #8 format for private keys\0"
-/* 3427 */ "PKCS8\0"
-/* 3433 */ "pkcs8\0"
-/* 3439 */ "Generate RSA key\0"
-/* 3456 */ "RSA\0"
-/* 3460 */ "rsa\0"
-/* 3464 */ "Generate DSA key\0"
-/* 3481 */ "DSA\0"
-/* 3485 */ "dsa\0"
-/* 3489 */ "Generate ECC (ECDSA) key\0"
-/* 3514 */ "ECC\0"
-/* 3518 */ "ecc\0"
-/* 3522 */ "Hash algorithm to use for signing.\0"
-/* 3557 */ "HASH\0"
-/* 3562 */ "hash\0"
-/* 3567 */ "Use DER format for input certificates and private keys.\0"
-/* 3623 */ "INDER\0"
-/* 3629 */ "no-inder\0"
-/* 3638 */ "no\0"
-/* 3641 */ "This is an alias for 'inder'\0"
-/* 3670 */ "inraw\0"
-/* 3676 */ "Use DER format for output certificates and private keys\0"
-/* 3732 */ "OUTDER\0"
-/* 3739 */ "no-outder\0"
-/* 3749 */ "This is an alias for 'outder'\0"
-/* 3779 */ "outraw\0"
-/* 3786 */ "Specify the number of bits for key generate\0"
-/* 3830 */ "BITS\0"
-/* 3835 */ "bits\0"
-/* 3840 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
-/* 3903 */ "SEC_PARAM\0"
-/* 3913 */ "sec-param\0"
-/* 3923 */ "No effect\0"
-/* 3933 */ "DISABLE_QUICK_RANDOM\0"
-/* 3954 */ "disable-quick-random\0"
-/* 3975 */ "Template file to use for non-interactive operation\0"
-/* 4026 */ "TEMPLATE\0"
-/* 4035 */ "template\0"
-/* 4044 */ "Cipher to use for PKCS #8 and #12 operations\0"
-/* 4089 */ "PKCS_CIPHER\0"
-/* 4101 */ "pkcs-cipher\0"
-/* 4113 */ "Print the DANE RR data on a certificate or public key\0"
-/* 4167 */ "DANE_RR\0"
-/* 4175 */ "dane-rr\0"
-/* 4183 */ "Specify the hostname to be used in the DANE RR\0"
-/* 4230 */ "DANE_HOST\0"
-/* 4240 */ "dane-host\0"
-/* 4250 */ "The protocol set for DANE data (tcp, udp etc.)\0"
-/* 4297 */ "DANE_PROTO\0"
-/* 4308 */ "dane-proto\0"
-/* 4319 */ "Specify the port number for the DANE data.\0"
-/* 4362 */ "DANE_PORT\0"
-/* 4372 */ "dane-port\0"
-/* 4382 */ "Whether the provided certificate or public key is a Certificate\n"
+/* 914 */ "More verbose output\0"
+/* 934 */ "VERBOSE\0"
+/* 942 */ "verbose\0"
+/* 950 */ "Input file\0"
+/* 961 */ "INFILE\0"
+/* 968 */ "infile\0"
+/* 975 */ "Output file\0"
+/* 987 */ "OUTFILE\0"
+/* 995 */ "outfile\0"
+/* 1003 */ "Generate a self-signed certificate\0"
+/* 1038 */ "GENERATE_SELF_SIGNED\0"
+/* 1059 */ "generate-self-signed\0"
+/* 1080 */ "Generate a signed certificate\0"
+/* 1110 */ "GENERATE_CERTIFICATE\0"
+/* 1131 */ "generate-certificate\0"
+/* 1152 */ "Generates a proxy certificate\0"
+/* 1182 */ "GENERATE_PROXY\0"
+/* 1197 */ "generate-proxy\0"
+/* 1212 */ "Generate a CRL\0"
+/* 1227 */ "GENERATE_CRL\0"
+/* 1240 */ "generate-crl\0"
+/* 1253 */ "Update a signed certificate\0"
+/* 1281 */ "UPDATE_CERTIFICATE\0"
+/* 1300 */ "update-certificate\0"
+/* 1319 */ "Generate a private key\0"
+/* 1342 */ "GENERATE_PRIVKEY\0"
+/* 1359 */ "generate-privkey\0"
+/* 1376 */ "Generate a PKCS #10 certificate request\0"
+/* 1416 */ "GENERATE_REQUEST\0"
+/* 1433 */ "generate-request\0"
+/* 1450 */ "Verify a PEM encoded certificate chain.\0"
+/* 1490 */ "VERIFY_CHAIN\0"
+/* 1503 */ "verify-chain\0"
+/* 1516 */ "Verify a PEM encoded certificate chain using a trusted list.\0"
+/* 1577 */ "VERIFY\0"
+/* 1584 */ "verify\0"
+/* 1591 */ "Verify a CRL using a trusted list.\0"
+/* 1626 */ "VERIFY_CRL\0"
+/* 1637 */ "verify-crl\0"
+/* 1648 */ "Generate PKCS #3 encoded Diffie-Hellman parameters.\0"
+/* 1700 */ "GENERATE_DH_PARAMS\0"
+/* 1719 */ "generate-dh-params\0"
+/* 1738 */ "Get the included PKCS #3 encoded Diffie-Hellman parameters.\0"
+/* 1798 */ "GET_DH_PARAMS\0"
+/* 1812 */ "get-dh-params\0"
+/* 1826 */ "Print information PKCS #3 encoded Diffie-Hellman parameters\0"
+/* 1886 */ "DH_INFO\0"
+/* 1894 */ "dh-info\0"
+/* 1902 */ "Loads a private key file\0"
+/* 1927 */ "LOAD_PRIVKEY\0"
+/* 1940 */ "load-privkey\0"
+/* 1953 */ "Loads a public key file\0"
+/* 1977 */ "LOAD_PUBKEY\0"
+/* 1989 */ "load-pubkey\0"
+/* 2001 */ "Loads a certificate request file\0"
+/* 2034 */ "LOAD_REQUEST\0"
+/* 2047 */ "load-request\0"
+/* 2060 */ "Loads a certificate file\0"
+/* 2085 */ "LOAD_CERTIFICATE\0"
+/* 2102 */ "load-certificate\0"
+/* 2119 */ "Loads the certificate authority's private key file\0"
+/* 2170 */ "LOAD_CA_PRIVKEY\0"
+/* 2186 */ "load-ca-privkey\0"
+/* 2202 */ "Loads the certificate authority's certificate file\0"
+/* 2253 */ "LOAD_CA_CERTIFICATE\0"
+/* 2273 */ "load-ca-certificate\0"
+/* 2293 */ "Password to use\0"
+/* 2309 */ "PASSWORD\0"
+/* 2318 */ "password\0"
+/* 2327 */ "Enforce a NULL password\0"
+/* 2351 */ "NULL_PASSWORD\0"
+/* 2365 */ "null-password\0"
+/* 2379 */ "Print information on the given certificate\0"
+/* 2422 */ "CERTIFICATE_INFO\0"
+/* 2439 */ "certificate-info\0"
+/* 2456 */ "Print certificate's public key\0"
+/* 2487 */ "CERTIFICATE_PUBKEY\0"
+/* 2506 */ "certificate-pubkey\0"
+/* 2525 */ "Print information on the given OpenPGP certificate\0"
+/* 2576 */ "PGP_CERTIFICATE_INFO\0"
+/* 2597 */ "pgp-certificate-info\0"
+/* 2618 */ "Print information on the given OpenPGP keyring structure\0"
+/* 2675 */ "PGP_RING_INFO\0"
+/* 2689 */ "pgp-ring-info\0"
+/* 2703 */ "Print information on the given CRL structure\0"
+/* 2748 */ "CRL_INFO\0"
+/* 2757 */ "crl-info\0"
+/* 2766 */ "Print information on the given certificate request\0"
+/* 2817 */ "CRQ_INFO\0"
+/* 2826 */ "crq-info\0"
+/* 2835 */ "Do not use extensions in certificate requests\0"
+/* 2881 */ "NO_CRQ_EXTENSIONS\0"
+/* 2899 */ "no-crq-extensions\0"
+/* 2917 */ "Print information on a PKCS #12 structure\0"
+/* 2959 */ "P12_INFO\0"
+/* 2968 */ "p12-info\0"
+/* 2977 */ "Print information on a PKCS #7 structure\0"
+/* 3018 */ "P7_INFO\0"
+/* 3026 */ "p7-info\0"
+/* 3034 */ "Convert S/MIME to PKCS #7 structure\0"
+/* 3070 */ "SMIME_TO_P7\0"
+/* 3082 */ "smime-to-p7\0"
+/* 3094 */ "Print information on a private key\0"
+/* 3129 */ "KEY_INFO\0"
+/* 3138 */ "key-info\0"
+/* 3147 */ "Print information on an OpenPGP private key\0"
+/* 3191 */ "PGP_KEY_INFO\0"
+/* 3204 */ "pgp-key-info\0"
+/* 3217 */ "Print information on a public key\0"
+/* 3251 */ "PUBKEY_INFO\0"
+/* 3263 */ "pubkey-info\0"
+/* 3275 */ "Generate an X.509 version 1 certificate (with no extensions)\0"
+/* 3336 */ "V1\0"
+/* 3339 */ "v1\0"
+/* 3342 */ "Generate a PKCS #12 structure\0"
+/* 3372 */ "TO_P12\0"
+/* 3379 */ "to-p12\0"
+/* 3386 */ "Generate a PKCS #8 structure\0"
+/* 3415 */ "TO_P8\0"
+/* 3421 */ "to-p8\0"
+/* 3427 */ "Use PKCS #8 format for private keys\0"
+/* 3463 */ "PKCS8\0"
+/* 3469 */ "pkcs8\0"
+/* 3475 */ "Generate RSA key\0"
+/* 3492 */ "RSA\0"
+/* 3496 */ "rsa\0"
+/* 3500 */ "Generate DSA key\0"
+/* 3517 */ "DSA\0"
+/* 3521 */ "dsa\0"
+/* 3525 */ "Generate ECC (ECDSA) key\0"
+/* 3550 */ "ECC\0"
+/* 3554 */ "ecc\0"
+/* 3558 */ "Hash algorithm to use for signing.\0"
+/* 3593 */ "HASH\0"
+/* 3598 */ "hash\0"
+/* 3603 */ "Use DER format for input certificates and private keys.\0"
+/* 3659 */ "INDER\0"
+/* 3665 */ "no-inder\0"
+/* 3674 */ "no\0"
+/* 3677 */ "This is an alias for 'inder'\0"
+/* 3706 */ "inraw\0"
+/* 3712 */ "Use DER format for output certificates and private keys\0"
+/* 3768 */ "OUTDER\0"
+/* 3775 */ "no-outder\0"
+/* 3785 */ "This is an alias for 'outder'\0"
+/* 3815 */ "outraw\0"
+/* 3822 */ "Specify the number of bits for key generate\0"
+/* 3866 */ "BITS\0"
+/* 3871 */ "bits\0"
+/* 3876 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
+/* 3939 */ "SEC_PARAM\0"
+/* 3949 */ "sec-param\0"
+/* 3959 */ "No effect\0"
+/* 3969 */ "DISABLE_QUICK_RANDOM\0"
+/* 3990 */ "disable-quick-random\0"
+/* 4011 */ "Template file to use for non-interactive operation\0"
+/* 4062 */ "TEMPLATE\0"
+/* 4071 */ "template\0"
+/* 4080 */ "Cipher to use for PKCS #8 and #12 operations\0"
+/* 4125 */ "PKCS_CIPHER\0"
+/* 4137 */ "pkcs-cipher\0"
+/* 4149 */ "Print the DANE RR data on a certificate or public key\0"
+/* 4203 */ "DANE_RR\0"
+/* 4211 */ "dane-rr\0"
+/* 4219 */ "Specify the hostname to be used in the DANE RR\0"
+/* 4266 */ "DANE_HOST\0"
+/* 4276 */ "dane-host\0"
+/* 4286 */ "The protocol set for DANE data (tcp, udp etc.)\0"
+/* 4333 */ "DANE_PROTO\0"
+/* 4344 */ "dane-proto\0"
+/* 4355 */ "Specify the port number for the DANE data.\0"
+/* 4398 */ "DANE_PORT\0"
+/* 4408 */ "dane-port\0"
+/* 4418 */ "Whether the provided certificate or public key is a Certificate\n"
"authority.\0"
-/* 4457 */ "DANE_CA\0"
-/* 4465 */ "dane-ca\0"
-/* 4473 */ "Whether the provided certificate or public key is an unsigned
local\n"
+/* 4493 */ "DANE_CA\0"
+/* 4501 */ "dane-ca\0"
+/* 4509 */ "Use the hash of the full X.509 certificate, rather than the
public key.\0"
+/* 4581 */ "DANE_FULL_X509\0"
+/* 4596 */ "dane-full-x509\0"
+/* 4611 */ "Whether the provided certificate or public key is an unsigned
local\n"
"entity.\0"
-/* 4549 */ "DANE_LOCAL\0"
-/* 4560 */ "dane-local\0"
-/* 4571 */ "Display extended usage information and exit\0"
-/* 4615 */ "help\0"
-/* 4620 */ "Extended usage information passed thru pager\0"
-/* 4665 */ "more-help\0"
-/* 4675 */ "Output version information and exit\0"
-/* 4711 */ "version\0"
-/* 4719 */ "CERTTOOL\0"
-/* 4728 */ "certtool - GnuTLS PKCS #11 tool - Ver. @address@hidden"
+/* 4687 */ "DANE_LOCAL\0"
+/* 4698 */ "dane-local\0"
+/* 4709 */ "Display extended usage information and exit\0"
+/* 4753 */ "help\0"
+/* 4758 */ "Extended usage information passed thru pager\0"
+/* 4803 */ "more-help\0"
+/* 4813 */ "Output version information and exit\0"
+/* 4849 */ "version\0"
+/* 4857 */ "CERTTOOL\0"
+/* 4866 */ "certtool - GnuTLS PKCS #11 tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 4835 */ "address@hidden"
-/* 4854 */ "\n\n\0"
-/* 4857 */ "\n"
+/* 4973 */ "address@hidden"
+/* 4992 */ "\n\n\0"
+/* 4995 */ "\n"
"Tool to parse and generate X.509 certificates, requests and
private keys.\n"
"It can be used interactively or non interactively by specifying
the\n"
"template command line option.\n\0"
-/* 5031 */ "certtool @address@hidden"
-/* 5050 */ "certtool [options] [url]\n"
+/* 5169 */ "certtool @address@hidden"
+/* 5188 */ "certtool [options] [url]\n"
"certtool --help for usage instructions.\n";
/*
@@ -294,94 +300,102 @@ static char const certtool_opt_strs[5116] =
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
+ * verbose option description:
+ */
+#define VERBOSE_DESC (certtool_opt_strs+914)
+#define VERBOSE_NAME (certtool_opt_strs+934)
+#define VERBOSE_name (certtool_opt_strs+942)
+#define VERBOSE_FLAGS (OPTST_DISABLED)
+
+/*
* infile option description:
*/
-#define INFILE_DESC (certtool_opt_strs+914)
-#define INFILE_NAME (certtool_opt_strs+925)
-#define INFILE_name (certtool_opt_strs+932)
+#define INFILE_DESC (certtool_opt_strs+950)
+#define INFILE_NAME (certtool_opt_strs+961)
+#define INFILE_name (certtool_opt_strs+968)
#define INFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* outfile option description:
*/
-#define OUTFILE_DESC (certtool_opt_strs+939)
-#define OUTFILE_NAME (certtool_opt_strs+951)
-#define OUTFILE_name (certtool_opt_strs+959)
+#define OUTFILE_DESC (certtool_opt_strs+975)
+#define OUTFILE_NAME (certtool_opt_strs+987)
+#define OUTFILE_name (certtool_opt_strs+995)
#define OUTFILE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* generate-self-signed option description:
*/
-#define GENERATE_SELF_SIGNED_DESC (certtool_opt_strs+967)
-#define GENERATE_SELF_SIGNED_NAME (certtool_opt_strs+1002)
-#define GENERATE_SELF_SIGNED_name (certtool_opt_strs+1023)
+#define GENERATE_SELF_SIGNED_DESC (certtool_opt_strs+1003)
+#define GENERATE_SELF_SIGNED_NAME (certtool_opt_strs+1038)
+#define GENERATE_SELF_SIGNED_name (certtool_opt_strs+1059)
#define GENERATE_SELF_SIGNED_FLAGS (OPTST_DISABLED)
/*
* generate-certificate option description:
*/
-#define GENERATE_CERTIFICATE_DESC (certtool_opt_strs+1044)
-#define GENERATE_CERTIFICATE_NAME (certtool_opt_strs+1074)
-#define GENERATE_CERTIFICATE_name (certtool_opt_strs+1095)
+#define GENERATE_CERTIFICATE_DESC (certtool_opt_strs+1080)
+#define GENERATE_CERTIFICATE_NAME (certtool_opt_strs+1110)
+#define GENERATE_CERTIFICATE_name (certtool_opt_strs+1131)
#define GENERATE_CERTIFICATE_FLAGS (OPTST_DISABLED)
/*
* generate-proxy option description:
*/
-#define GENERATE_PROXY_DESC (certtool_opt_strs+1116)
-#define GENERATE_PROXY_NAME (certtool_opt_strs+1146)
-#define GENERATE_PROXY_name (certtool_opt_strs+1161)
+#define GENERATE_PROXY_DESC (certtool_opt_strs+1152)
+#define GENERATE_PROXY_NAME (certtool_opt_strs+1182)
+#define GENERATE_PROXY_name (certtool_opt_strs+1197)
#define GENERATE_PROXY_FLAGS (OPTST_DISABLED)
/*
* generate-crl option description:
*/
-#define GENERATE_CRL_DESC (certtool_opt_strs+1176)
-#define GENERATE_CRL_NAME (certtool_opt_strs+1191)
-#define GENERATE_CRL_name (certtool_opt_strs+1204)
+#define GENERATE_CRL_DESC (certtool_opt_strs+1212)
+#define GENERATE_CRL_NAME (certtool_opt_strs+1227)
+#define GENERATE_CRL_name (certtool_opt_strs+1240)
#define GENERATE_CRL_FLAGS (OPTST_DISABLED)
/*
* update-certificate option description:
*/
-#define UPDATE_CERTIFICATE_DESC (certtool_opt_strs+1217)
-#define UPDATE_CERTIFICATE_NAME (certtool_opt_strs+1245)
-#define UPDATE_CERTIFICATE_name (certtool_opt_strs+1264)
+#define UPDATE_CERTIFICATE_DESC (certtool_opt_strs+1253)
+#define UPDATE_CERTIFICATE_NAME (certtool_opt_strs+1281)
+#define UPDATE_CERTIFICATE_name (certtool_opt_strs+1300)
#define UPDATE_CERTIFICATE_FLAGS (OPTST_DISABLED)
/*
* generate-privkey option description:
*/
-#define GENERATE_PRIVKEY_DESC (certtool_opt_strs+1283)
-#define GENERATE_PRIVKEY_NAME (certtool_opt_strs+1306)
-#define GENERATE_PRIVKEY_name (certtool_opt_strs+1323)
+#define GENERATE_PRIVKEY_DESC (certtool_opt_strs+1319)
+#define GENERATE_PRIVKEY_NAME (certtool_opt_strs+1342)
+#define GENERATE_PRIVKEY_name (certtool_opt_strs+1359)
#define GENERATE_PRIVKEY_FLAGS (OPTST_DISABLED)
/*
* generate-request option description:
*/
-#define GENERATE_REQUEST_DESC (certtool_opt_strs+1340)
-#define GENERATE_REQUEST_NAME (certtool_opt_strs+1380)
-#define GENERATE_REQUEST_name (certtool_opt_strs+1397)
+#define GENERATE_REQUEST_DESC (certtool_opt_strs+1376)
+#define GENERATE_REQUEST_NAME (certtool_opt_strs+1416)
+#define GENERATE_REQUEST_name (certtool_opt_strs+1433)
#define GENERATE_REQUEST_FLAGS (OPTST_DISABLED)
/*
* verify-chain option description:
*/
-#define VERIFY_CHAIN_DESC (certtool_opt_strs+1414)
-#define VERIFY_CHAIN_NAME (certtool_opt_strs+1454)
-#define VERIFY_CHAIN_name (certtool_opt_strs+1467)
+#define VERIFY_CHAIN_DESC (certtool_opt_strs+1450)
+#define VERIFY_CHAIN_NAME (certtool_opt_strs+1490)
+#define VERIFY_CHAIN_name (certtool_opt_strs+1503)
#define VERIFY_CHAIN_FLAGS (OPTST_DISABLED)
/*
* verify option description with
* "Must also have options" and "Incompatible options":
*/
-#define VERIFY_DESC (certtool_opt_strs+1480)
-#define VERIFY_NAME (certtool_opt_strs+1541)
-#define VERIFY_name (certtool_opt_strs+1548)
+#define VERIFY_DESC (certtool_opt_strs+1516)
+#define VERIFY_NAME (certtool_opt_strs+1577)
+#define VERIFY_name (certtool_opt_strs+1584)
static int const aVerifyMustList[] = {
INDEX_OPT_LOAD_CA_CERTIFICATE, NO_EQUIVALENT };
#define VERIFY_FLAGS (OPTST_DISABLED)
@@ -390,9 +404,9 @@ static int const aVerifyMustList[] = {
* verify-crl option description with
* "Must also have options" and "Incompatible options":
*/
-#define VERIFY_CRL_DESC (certtool_opt_strs+1555)
-#define VERIFY_CRL_NAME (certtool_opt_strs+1590)
-#define VERIFY_CRL_name (certtool_opt_strs+1601)
+#define VERIFY_CRL_DESC (certtool_opt_strs+1591)
+#define VERIFY_CRL_NAME (certtool_opt_strs+1626)
+#define VERIFY_CRL_name (certtool_opt_strs+1637)
static int const aVerify_CrlMustList[] = {
INDEX_OPT_LOAD_CA_CERTIFICATE, NO_EQUIVALENT };
#define VERIFY_CRL_FLAGS (OPTST_DISABLED)
@@ -400,217 +414,217 @@ static int const aVerify_CrlMustList[] = {
/*
* generate-dh-params option description:
*/
-#define GENERATE_DH_PARAMS_DESC (certtool_opt_strs+1612)
-#define GENERATE_DH_PARAMS_NAME (certtool_opt_strs+1664)
-#define GENERATE_DH_PARAMS_name (certtool_opt_strs+1683)
+#define GENERATE_DH_PARAMS_DESC (certtool_opt_strs+1648)
+#define GENERATE_DH_PARAMS_NAME (certtool_opt_strs+1700)
+#define GENERATE_DH_PARAMS_name (certtool_opt_strs+1719)
#define GENERATE_DH_PARAMS_FLAGS (OPTST_DISABLED)
/*
* get-dh-params option description:
*/
-#define GET_DH_PARAMS_DESC (certtool_opt_strs+1702)
-#define GET_DH_PARAMS_NAME (certtool_opt_strs+1762)
-#define GET_DH_PARAMS_name (certtool_opt_strs+1776)
+#define GET_DH_PARAMS_DESC (certtool_opt_strs+1738)
+#define GET_DH_PARAMS_NAME (certtool_opt_strs+1798)
+#define GET_DH_PARAMS_name (certtool_opt_strs+1812)
#define GET_DH_PARAMS_FLAGS (OPTST_DISABLED)
/*
* dh-info option description:
*/
-#define DH_INFO_DESC (certtool_opt_strs+1790)
-#define DH_INFO_NAME (certtool_opt_strs+1850)
-#define DH_INFO_name (certtool_opt_strs+1858)
+#define DH_INFO_DESC (certtool_opt_strs+1826)
+#define DH_INFO_NAME (certtool_opt_strs+1886)
+#define DH_INFO_name (certtool_opt_strs+1894)
#define DH_INFO_FLAGS (OPTST_DISABLED)
/*
* load-privkey option description:
*/
-#define LOAD_PRIVKEY_DESC (certtool_opt_strs+1866)
-#define LOAD_PRIVKEY_NAME (certtool_opt_strs+1891)
-#define LOAD_PRIVKEY_name (certtool_opt_strs+1904)
+#define LOAD_PRIVKEY_DESC (certtool_opt_strs+1902)
+#define LOAD_PRIVKEY_NAME (certtool_opt_strs+1927)
+#define LOAD_PRIVKEY_name (certtool_opt_strs+1940)
#define LOAD_PRIVKEY_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* load-pubkey option description:
*/
-#define LOAD_PUBKEY_DESC (certtool_opt_strs+1917)
-#define LOAD_PUBKEY_NAME (certtool_opt_strs+1941)
-#define LOAD_PUBKEY_name (certtool_opt_strs+1953)
+#define LOAD_PUBKEY_DESC (certtool_opt_strs+1953)
+#define LOAD_PUBKEY_NAME (certtool_opt_strs+1977)
+#define LOAD_PUBKEY_name (certtool_opt_strs+1989)
#define LOAD_PUBKEY_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* load-request option description:
*/
-#define LOAD_REQUEST_DESC (certtool_opt_strs+1965)
-#define LOAD_REQUEST_NAME (certtool_opt_strs+1998)
-#define LOAD_REQUEST_name (certtool_opt_strs+2011)
+#define LOAD_REQUEST_DESC (certtool_opt_strs+2001)
+#define LOAD_REQUEST_NAME (certtool_opt_strs+2034)
+#define LOAD_REQUEST_name (certtool_opt_strs+2047)
#define LOAD_REQUEST_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* load-certificate option description:
*/
-#define LOAD_CERTIFICATE_DESC (certtool_opt_strs+2024)
-#define LOAD_CERTIFICATE_NAME (certtool_opt_strs+2049)
-#define LOAD_CERTIFICATE_name (certtool_opt_strs+2066)
+#define LOAD_CERTIFICATE_DESC (certtool_opt_strs+2060)
+#define LOAD_CERTIFICATE_NAME (certtool_opt_strs+2085)
+#define LOAD_CERTIFICATE_name (certtool_opt_strs+2102)
#define LOAD_CERTIFICATE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* load-ca-privkey option description:
*/
-#define LOAD_CA_PRIVKEY_DESC (certtool_opt_strs+2083)
-#define LOAD_CA_PRIVKEY_NAME (certtool_opt_strs+2134)
-#define LOAD_CA_PRIVKEY_name (certtool_opt_strs+2150)
+#define LOAD_CA_PRIVKEY_DESC (certtool_opt_strs+2119)
+#define LOAD_CA_PRIVKEY_NAME (certtool_opt_strs+2170)
+#define LOAD_CA_PRIVKEY_name (certtool_opt_strs+2186)
#define LOAD_CA_PRIVKEY_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* load-ca-certificate option description:
*/
-#define LOAD_CA_CERTIFICATE_DESC (certtool_opt_strs+2166)
-#define LOAD_CA_CERTIFICATE_NAME (certtool_opt_strs+2217)
-#define LOAD_CA_CERTIFICATE_name (certtool_opt_strs+2237)
+#define LOAD_CA_CERTIFICATE_DESC (certtool_opt_strs+2202)
+#define LOAD_CA_CERTIFICATE_NAME (certtool_opt_strs+2253)
+#define LOAD_CA_CERTIFICATE_name (certtool_opt_strs+2273)
#define LOAD_CA_CERTIFICATE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* password option description:
*/
-#define PASSWORD_DESC (certtool_opt_strs+2257)
-#define PASSWORD_NAME (certtool_opt_strs+2273)
-#define PASSWORD_name (certtool_opt_strs+2282)
+#define PASSWORD_DESC (certtool_opt_strs+2293)
+#define PASSWORD_NAME (certtool_opt_strs+2309)
+#define PASSWORD_name (certtool_opt_strs+2318)
#define PASSWORD_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* null-password option description:
*/
-#define NULL_PASSWORD_DESC (certtool_opt_strs+2291)
-#define NULL_PASSWORD_NAME (certtool_opt_strs+2315)
-#define NULL_PASSWORD_name (certtool_opt_strs+2329)
+#define NULL_PASSWORD_DESC (certtool_opt_strs+2327)
+#define NULL_PASSWORD_NAME (certtool_opt_strs+2351)
+#define NULL_PASSWORD_name (certtool_opt_strs+2365)
#define NULL_PASSWORD_FLAGS (OPTST_DISABLED)
/*
* certificate-info option description:
*/
-#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2343)
-#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2386)
-#define CERTIFICATE_INFO_name (certtool_opt_strs+2403)
+#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2379)
+#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2422)
+#define CERTIFICATE_INFO_name (certtool_opt_strs+2439)
#define CERTIFICATE_INFO_FLAGS (OPTST_DISABLED)
/*
* certificate-pubkey option description:
*/
-#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2420)
-#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2451)
-#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2470)
+#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2456)
+#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2487)
+#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2506)
#define CERTIFICATE_PUBKEY_FLAGS (OPTST_DISABLED)
/*
* pgp-certificate-info option description:
*/
-#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2489)
-#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2540)
-#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2561)
+#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2525)
+#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2576)
+#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2597)
#define PGP_CERTIFICATE_INFO_FLAGS (OPTST_DISABLED)
/*
* pgp-ring-info option description:
*/
-#define PGP_RING_INFO_DESC (certtool_opt_strs+2582)
-#define PGP_RING_INFO_NAME (certtool_opt_strs+2639)
-#define PGP_RING_INFO_name (certtool_opt_strs+2653)
+#define PGP_RING_INFO_DESC (certtool_opt_strs+2618)
+#define PGP_RING_INFO_NAME (certtool_opt_strs+2675)
+#define PGP_RING_INFO_name (certtool_opt_strs+2689)
#define PGP_RING_INFO_FLAGS (OPTST_DISABLED)
/*
* crl-info option description:
*/
-#define CRL_INFO_DESC (certtool_opt_strs+2667)
-#define CRL_INFO_NAME (certtool_opt_strs+2712)
-#define CRL_INFO_name (certtool_opt_strs+2721)
+#define CRL_INFO_DESC (certtool_opt_strs+2703)
+#define CRL_INFO_NAME (certtool_opt_strs+2748)
+#define CRL_INFO_name (certtool_opt_strs+2757)
#define CRL_INFO_FLAGS (OPTST_DISABLED)
/*
* crq-info option description:
*/
-#define CRQ_INFO_DESC (certtool_opt_strs+2730)
-#define CRQ_INFO_NAME (certtool_opt_strs+2781)
-#define CRQ_INFO_name (certtool_opt_strs+2790)
+#define CRQ_INFO_DESC (certtool_opt_strs+2766)
+#define CRQ_INFO_NAME (certtool_opt_strs+2817)
+#define CRQ_INFO_name (certtool_opt_strs+2826)
#define CRQ_INFO_FLAGS (OPTST_DISABLED)
/*
* no-crq-extensions option description:
*/
-#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2799)
-#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2845)
-#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2863)
+#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2835)
+#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2881)
+#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2899)
#define NO_CRQ_EXTENSIONS_FLAGS (OPTST_DISABLED)
/*
* p12-info option description:
*/
-#define P12_INFO_DESC (certtool_opt_strs+2881)
-#define P12_INFO_NAME (certtool_opt_strs+2923)
-#define P12_INFO_name (certtool_opt_strs+2932)
+#define P12_INFO_DESC (certtool_opt_strs+2917)
+#define P12_INFO_NAME (certtool_opt_strs+2959)
+#define P12_INFO_name (certtool_opt_strs+2968)
#define P12_INFO_FLAGS (OPTST_DISABLED)
/*
* p7-info option description:
*/
-#define P7_INFO_DESC (certtool_opt_strs+2941)
-#define P7_INFO_NAME (certtool_opt_strs+2982)
-#define P7_INFO_name (certtool_opt_strs+2990)
+#define P7_INFO_DESC (certtool_opt_strs+2977)
+#define P7_INFO_NAME (certtool_opt_strs+3018)
+#define P7_INFO_name (certtool_opt_strs+3026)
#define P7_INFO_FLAGS (OPTST_DISABLED)
/*
* smime-to-p7 option description:
*/
-#define SMIME_TO_P7_DESC (certtool_opt_strs+2998)
-#define SMIME_TO_P7_NAME (certtool_opt_strs+3034)
-#define SMIME_TO_P7_name (certtool_opt_strs+3046)
+#define SMIME_TO_P7_DESC (certtool_opt_strs+3034)
+#define SMIME_TO_P7_NAME (certtool_opt_strs+3070)
+#define SMIME_TO_P7_name (certtool_opt_strs+3082)
#define SMIME_TO_P7_FLAGS (OPTST_DISABLED)
/*
* key-info option description:
*/
-#define KEY_INFO_DESC (certtool_opt_strs+3058)
-#define KEY_INFO_NAME (certtool_opt_strs+3093)
-#define KEY_INFO_name (certtool_opt_strs+3102)
+#define KEY_INFO_DESC (certtool_opt_strs+3094)
+#define KEY_INFO_NAME (certtool_opt_strs+3129)
+#define KEY_INFO_name (certtool_opt_strs+3138)
#define KEY_INFO_FLAGS (OPTST_DISABLED)
/*
* pgp-key-info option description:
*/
-#define PGP_KEY_INFO_DESC (certtool_opt_strs+3111)
-#define PGP_KEY_INFO_NAME (certtool_opt_strs+3155)
-#define PGP_KEY_INFO_name (certtool_opt_strs+3168)
+#define PGP_KEY_INFO_DESC (certtool_opt_strs+3147)
+#define PGP_KEY_INFO_NAME (certtool_opt_strs+3191)
+#define PGP_KEY_INFO_name (certtool_opt_strs+3204)
#define PGP_KEY_INFO_FLAGS (OPTST_DISABLED)
/*
* pubkey-info option description:
*/
-#define PUBKEY_INFO_DESC (certtool_opt_strs+3181)
-#define PUBKEY_INFO_NAME (certtool_opt_strs+3215)
-#define PUBKEY_INFO_name (certtool_opt_strs+3227)
+#define PUBKEY_INFO_DESC (certtool_opt_strs+3217)
+#define PUBKEY_INFO_NAME (certtool_opt_strs+3251)
+#define PUBKEY_INFO_name (certtool_opt_strs+3263)
#define PUBKEY_INFO_FLAGS (OPTST_DISABLED)
/*
* v1 option description:
*/
-#define V1_DESC (certtool_opt_strs+3239)
-#define V1_NAME (certtool_opt_strs+3300)
-#define V1_name (certtool_opt_strs+3303)
+#define V1_DESC (certtool_opt_strs+3275)
+#define V1_NAME (certtool_opt_strs+3336)
+#define V1_name (certtool_opt_strs+3339)
#define V1_FLAGS (OPTST_DISABLED)
/*
* to-p12 option description with
* "Must also have options" and "Incompatible options":
*/
-#define TO_P12_DESC (certtool_opt_strs+3306)
-#define TO_P12_NAME (certtool_opt_strs+3336)
-#define TO_P12_name (certtool_opt_strs+3343)
+#define TO_P12_DESC (certtool_opt_strs+3342)
+#define TO_P12_NAME (certtool_opt_strs+3372)
+#define TO_P12_name (certtool_opt_strs+3379)
static int const aTo_P12MustList[] = {
INDEX_OPT_LOAD_CERTIFICATE, NO_EQUIVALENT };
#define TO_P12_FLAGS (OPTST_DISABLED)
@@ -618,129 +632,129 @@ static int const aTo_P12MustList[] = {
/*
* to-p8 option description:
*/
-#define TO_P8_DESC (certtool_opt_strs+3350)
-#define TO_P8_NAME (certtool_opt_strs+3379)
-#define TO_P8_name (certtool_opt_strs+3385)
+#define TO_P8_DESC (certtool_opt_strs+3386)
+#define TO_P8_NAME (certtool_opt_strs+3415)
+#define TO_P8_name (certtool_opt_strs+3421)
#define TO_P8_FLAGS (OPTST_DISABLED)
/*
* pkcs8 option description:
*/
-#define PKCS8_DESC (certtool_opt_strs+3391)
-#define PKCS8_NAME (certtool_opt_strs+3427)
-#define PKCS8_name (certtool_opt_strs+3433)
+#define PKCS8_DESC (certtool_opt_strs+3427)
+#define PKCS8_NAME (certtool_opt_strs+3463)
+#define PKCS8_name (certtool_opt_strs+3469)
#define PKCS8_FLAGS (OPTST_DISABLED)
/*
* rsa option description:
*/
-#define RSA_DESC (certtool_opt_strs+3439)
-#define RSA_NAME (certtool_opt_strs+3456)
-#define RSA_name (certtool_opt_strs+3460)
+#define RSA_DESC (certtool_opt_strs+3475)
+#define RSA_NAME (certtool_opt_strs+3492)
+#define RSA_name (certtool_opt_strs+3496)
#define RSA_FLAGS (OPTST_DISABLED)
/*
* dsa option description:
*/
-#define DSA_DESC (certtool_opt_strs+3464)
-#define DSA_NAME (certtool_opt_strs+3481)
-#define DSA_name (certtool_opt_strs+3485)
+#define DSA_DESC (certtool_opt_strs+3500)
+#define DSA_NAME (certtool_opt_strs+3517)
+#define DSA_name (certtool_opt_strs+3521)
#define DSA_FLAGS (OPTST_DISABLED)
/*
* ecc option description:
*/
-#define ECC_DESC (certtool_opt_strs+3489)
-#define ECC_NAME (certtool_opt_strs+3514)
-#define ECC_name (certtool_opt_strs+3518)
+#define ECC_DESC (certtool_opt_strs+3525)
+#define ECC_NAME (certtool_opt_strs+3550)
+#define ECC_name (certtool_opt_strs+3554)
#define ECC_FLAGS (OPTST_DISABLED)
/*
* hash option description:
*/
-#define HASH_DESC (certtool_opt_strs+3522)
-#define HASH_NAME (certtool_opt_strs+3557)
-#define HASH_name (certtool_opt_strs+3562)
+#define HASH_DESC (certtool_opt_strs+3558)
+#define HASH_NAME (certtool_opt_strs+3593)
+#define HASH_name (certtool_opt_strs+3598)
#define HASH_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* inder option description:
*/
-#define INDER_DESC (certtool_opt_strs+3567)
-#define INDER_NAME (certtool_opt_strs+3623)
-#define NOT_INDER_name (certtool_opt_strs+3629)
-#define NOT_INDER_PFX (certtool_opt_strs+3638)
+#define INDER_DESC (certtool_opt_strs+3603)
+#define INDER_NAME (certtool_opt_strs+3659)
+#define NOT_INDER_name (certtool_opt_strs+3665)
+#define NOT_INDER_PFX (certtool_opt_strs+3674)
#define INDER_name (NOT_INDER_name + 3)
#define INDER_FLAGS (OPTST_DISABLED)
/*
* inraw option description:
*/
-#define INRAW_DESC (certtool_opt_strs+3641)
+#define INRAW_DESC (certtool_opt_strs+3677)
#define INRAW_NAME NULL
-#define INRAW_name (certtool_opt_strs+3670)
+#define INRAW_name (certtool_opt_strs+3706)
#define INRAW_FLAGS (INDER_FLAGS | OPTST_ALIAS)
/*
* outder option description:
*/
-#define OUTDER_DESC (certtool_opt_strs+3676)
-#define OUTDER_NAME (certtool_opt_strs+3732)
-#define NOT_OUTDER_name (certtool_opt_strs+3739)
-#define NOT_OUTDER_PFX (certtool_opt_strs+3638)
+#define OUTDER_DESC (certtool_opt_strs+3712)
+#define OUTDER_NAME (certtool_opt_strs+3768)
+#define NOT_OUTDER_name (certtool_opt_strs+3775)
+#define NOT_OUTDER_PFX (certtool_opt_strs+3674)
#define OUTDER_name (NOT_OUTDER_name + 3)
#define OUTDER_FLAGS (OPTST_DISABLED)
/*
* outraw option description:
*/
-#define OUTRAW_DESC (certtool_opt_strs+3749)
+#define OUTRAW_DESC (certtool_opt_strs+3785)
#define OUTRAW_NAME NULL
-#define OUTRAW_name (certtool_opt_strs+3779)
+#define OUTRAW_name (certtool_opt_strs+3815)
#define OUTRAW_FLAGS (OUTDER_FLAGS | OPTST_ALIAS)
/*
* bits option description:
*/
-#define BITS_DESC (certtool_opt_strs+3786)
-#define BITS_NAME (certtool_opt_strs+3830)
-#define BITS_name (certtool_opt_strs+3835)
+#define BITS_DESC (certtool_opt_strs+3822)
+#define BITS_NAME (certtool_opt_strs+3866)
+#define BITS_name (certtool_opt_strs+3871)
#define BITS_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* sec-param option description:
*/
-#define SEC_PARAM_DESC (certtool_opt_strs+3840)
-#define SEC_PARAM_NAME (certtool_opt_strs+3903)
-#define SEC_PARAM_name (certtool_opt_strs+3913)
+#define SEC_PARAM_DESC (certtool_opt_strs+3876)
+#define SEC_PARAM_NAME (certtool_opt_strs+3939)
+#define SEC_PARAM_name (certtool_opt_strs+3949)
#define SEC_PARAM_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* disable-quick-random option description:
*/
-#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3923)
-#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3933)
-#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3954)
+#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3959)
+#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3969)
+#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3990)
#define DISABLE_QUICK_RANDOM_FLAGS (OPTST_DISABLED)
/*
* template option description:
*/
-#define TEMPLATE_DESC (certtool_opt_strs+3975)
-#define TEMPLATE_NAME (certtool_opt_strs+4026)
-#define TEMPLATE_name (certtool_opt_strs+4035)
+#define TEMPLATE_DESC (certtool_opt_strs+4011)
+#define TEMPLATE_NAME (certtool_opt_strs+4062)
+#define TEMPLATE_name (certtool_opt_strs+4071)
#define TEMPLATE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* pkcs-cipher option description:
*/
-#define PKCS_CIPHER_DESC (certtool_opt_strs+4044)
-#define PKCS_CIPHER_NAME (certtool_opt_strs+4089)
-#define PKCS_CIPHER_name (certtool_opt_strs+4101)
+#define PKCS_CIPHER_DESC (certtool_opt_strs+4080)
+#define PKCS_CIPHER_NAME (certtool_opt_strs+4125)
+#define PKCS_CIPHER_name (certtool_opt_strs+4137)
#define PKCS_CIPHER_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
@@ -748,9 +762,9 @@ static int const aTo_P12MustList[] = {
* dane-rr option description with
* "Must also have options" and "Incompatible options":
*/
-#define DANE_RR_DESC (certtool_opt_strs+4113)
-#define DANE_RR_NAME (certtool_opt_strs+4167)
-#define DANE_RR_name (certtool_opt_strs+4175)
+#define DANE_RR_DESC (certtool_opt_strs+4149)
+#define DANE_RR_NAME (certtool_opt_strs+4203)
+#define DANE_RR_name (certtool_opt_strs+4211)
static int const aDane_RrMustList[] = {
INDEX_OPT_DANE_HOST, NO_EQUIVALENT };
#define DANE_RR_FLAGS (OPTST_DISABLED)
@@ -758,54 +772,62 @@ static int const aDane_RrMustList[] = {
/*
* dane-host option description:
*/
-#define DANE_HOST_DESC (certtool_opt_strs+4183)
-#define DANE_HOST_NAME (certtool_opt_strs+4230)
-#define DANE_HOST_name (certtool_opt_strs+4240)
+#define DANE_HOST_DESC (certtool_opt_strs+4219)
+#define DANE_HOST_NAME (certtool_opt_strs+4266)
+#define DANE_HOST_name (certtool_opt_strs+4276)
#define DANE_HOST_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* dane-proto option description:
*/
-#define DANE_PROTO_DESC (certtool_opt_strs+4250)
-#define DANE_PROTO_NAME (certtool_opt_strs+4297)
-#define DANE_PROTO_name (certtool_opt_strs+4308)
+#define DANE_PROTO_DESC (certtool_opt_strs+4286)
+#define DANE_PROTO_NAME (certtool_opt_strs+4333)
+#define DANE_PROTO_name (certtool_opt_strs+4344)
#define DANE_PROTO_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* dane-port option description:
*/
-#define DANE_PORT_DESC (certtool_opt_strs+4319)
-#define DANE_PORT_NAME (certtool_opt_strs+4362)
-#define DANE_PORT_name (certtool_opt_strs+4372)
+#define DANE_PORT_DESC (certtool_opt_strs+4355)
+#define DANE_PORT_NAME (certtool_opt_strs+4398)
+#define DANE_PORT_name (certtool_opt_strs+4408)
#define DANE_PORT_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* dane-ca option description:
*/
-#define DANE_CA_DESC (certtool_opt_strs+4382)
-#define DANE_CA_NAME (certtool_opt_strs+4457)
-#define DANE_CA_name (certtool_opt_strs+4465)
+#define DANE_CA_DESC (certtool_opt_strs+4418)
+#define DANE_CA_NAME (certtool_opt_strs+4493)
+#define DANE_CA_name (certtool_opt_strs+4501)
#define DANE_CA_FLAGS (OPTST_DISABLED)
/*
+ * dane-full-x509 option description:
+ */
+#define DANE_FULL_X509_DESC (certtool_opt_strs+4509)
+#define DANE_FULL_X509_NAME (certtool_opt_strs+4581)
+#define DANE_FULL_X509_name (certtool_opt_strs+4596)
+#define DANE_FULL_X509_FLAGS (OPTST_DISABLED)
+
+/*
* dane-local option description:
*/
-#define DANE_LOCAL_DESC (certtool_opt_strs+4473)
-#define DANE_LOCAL_NAME (certtool_opt_strs+4549)
-#define DANE_LOCAL_name (certtool_opt_strs+4560)
+#define DANE_LOCAL_DESC (certtool_opt_strs+4611)
+#define DANE_LOCAL_NAME (certtool_opt_strs+4687)
+#define DANE_LOCAL_name (certtool_opt_strs+4698)
#define DANE_LOCAL_FLAGS (OPTST_DISABLED)
/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (certtool_opt_strs+4571)
-#define HELP_name (certtool_opt_strs+4615)
+#define HELP_DESC (certtool_opt_strs+4709)
+#define HELP_name (certtool_opt_strs+4753)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (certtool_opt_strs+4620)
-#define MORE_HELP_name (certtool_opt_strs+4665)
+#define MORE_HELP_DESC (certtool_opt_strs+4758)
+#define MORE_HELP_name (certtool_opt_strs+4803)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -818,8 +840,8 @@ static int const aDane_RrMustList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (certtool_opt_strs+4675)
-#define VER_name (certtool_opt_strs+4711)
+#define VER_DESC (certtool_opt_strs+4813)
+#define VER_name (certtool_opt_strs+4849)
/*
* Declare option callback procedures
*/
@@ -853,8 +875,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DEBUG_DESC, DEBUG_NAME, DEBUG_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 1, VALUE_OPT_INFILE,
- /* equiv idx, value */ 1, VALUE_OPT_INFILE,
+ { /* entry idx, value */ 1, VALUE_OPT_VERBOSE,
+ /* equiv idx, value */ 1, VALUE_OPT_VERBOSE,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, NOLIMIT, 0,
+ /* opt state flags */ VERBOSE_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --verbose */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ VERBOSE_DESC, VERBOSE_NAME, VERBOSE_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 2, VALUE_OPT_INFILE,
+ /* equiv idx, value */ 2, VALUE_OPT_INFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INFILE_FLAGS, 0,
@@ -865,8 +899,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INFILE_DESC, INFILE_NAME, INFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 2, VALUE_OPT_OUTFILE,
- /* equiv idx, value */ 2, VALUE_OPT_OUTFILE,
+ { /* entry idx, value */ 3, VALUE_OPT_OUTFILE,
+ /* equiv idx, value */ 3, VALUE_OPT_OUTFILE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTFILE_FLAGS, 0,
@@ -877,8 +911,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTFILE_DESC, OUTFILE_NAME, OUTFILE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 3, VALUE_OPT_GENERATE_SELF_SIGNED,
- /* equiv idx, value */ 3, VALUE_OPT_GENERATE_SELF_SIGNED,
+ { /* entry idx, value */ 4, VALUE_OPT_GENERATE_SELF_SIGNED,
+ /* equiv idx, value */ 4, VALUE_OPT_GENERATE_SELF_SIGNED,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GENERATE_SELF_SIGNED_FLAGS, 0,
@@ -889,8 +923,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GENERATE_SELF_SIGNED_DESC,
GENERATE_SELF_SIGNED_NAME, GENERATE_SELF_SIGNED_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 4, VALUE_OPT_GENERATE_CERTIFICATE,
- /* equiv idx, value */ 4, VALUE_OPT_GENERATE_CERTIFICATE,
+ { /* entry idx, value */ 5, VALUE_OPT_GENERATE_CERTIFICATE,
+ /* equiv idx, value */ 5, VALUE_OPT_GENERATE_CERTIFICATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GENERATE_CERTIFICATE_FLAGS, 0,
@@ -901,8 +935,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GENERATE_CERTIFICATE_DESC,
GENERATE_CERTIFICATE_NAME, GENERATE_CERTIFICATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 5, VALUE_OPT_GENERATE_PROXY,
- /* equiv idx, value */ 5, VALUE_OPT_GENERATE_PROXY,
+ { /* entry idx, value */ 6, VALUE_OPT_GENERATE_PROXY,
+ /* equiv idx, value */ 6, VALUE_OPT_GENERATE_PROXY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GENERATE_PROXY_FLAGS, 0,
@@ -913,8 +947,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GENERATE_PROXY_DESC, GENERATE_PROXY_NAME,
GENERATE_PROXY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 6, VALUE_OPT_GENERATE_CRL,
- /* equiv idx, value */ 6, VALUE_OPT_GENERATE_CRL,
+ { /* entry idx, value */ 7, VALUE_OPT_GENERATE_CRL,
+ /* equiv idx, value */ 7, VALUE_OPT_GENERATE_CRL,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GENERATE_CRL_FLAGS, 0,
@@ -925,8 +959,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GENERATE_CRL_DESC, GENERATE_CRL_NAME,
GENERATE_CRL_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 7, VALUE_OPT_UPDATE_CERTIFICATE,
- /* equiv idx, value */ 7, VALUE_OPT_UPDATE_CERTIFICATE,
+ { /* entry idx, value */ 8, VALUE_OPT_UPDATE_CERTIFICATE,
+ /* equiv idx, value */ 8, VALUE_OPT_UPDATE_CERTIFICATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ UPDATE_CERTIFICATE_FLAGS, 0,
@@ -937,8 +971,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ UPDATE_CERTIFICATE_DESC, UPDATE_CERTIFICATE_NAME,
UPDATE_CERTIFICATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 8, VALUE_OPT_GENERATE_PRIVKEY,
- /* equiv idx, value */ 8, VALUE_OPT_GENERATE_PRIVKEY,
+ { /* entry idx, value */ 9, VALUE_OPT_GENERATE_PRIVKEY,
+ /* equiv idx, value */ 9, VALUE_OPT_GENERATE_PRIVKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GENERATE_PRIVKEY_FLAGS, 0,
@@ -949,8 +983,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GENERATE_PRIVKEY_DESC, GENERATE_PRIVKEY_NAME,
GENERATE_PRIVKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 9, VALUE_OPT_GENERATE_REQUEST,
- /* equiv idx, value */ 9, VALUE_OPT_GENERATE_REQUEST,
+ { /* entry idx, value */ 10, VALUE_OPT_GENERATE_REQUEST,
+ /* equiv idx, value */ 10, VALUE_OPT_GENERATE_REQUEST,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GENERATE_REQUEST_FLAGS, 0,
@@ -961,8 +995,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GENERATE_REQUEST_DESC, GENERATE_REQUEST_NAME,
GENERATE_REQUEST_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 10, VALUE_OPT_VERIFY_CHAIN,
- /* equiv idx, value */ 10, VALUE_OPT_VERIFY_CHAIN,
+ { /* entry idx, value */ 11, VALUE_OPT_VERIFY_CHAIN,
+ /* equiv idx, value */ 11, VALUE_OPT_VERIFY_CHAIN,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ VERIFY_CHAIN_FLAGS, 0,
@@ -973,8 +1007,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ VERIFY_CHAIN_DESC, VERIFY_CHAIN_NAME,
VERIFY_CHAIN_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 11, VALUE_OPT_VERIFY,
- /* equiv idx, value */ 11, VALUE_OPT_VERIFY,
+ { /* entry idx, value */ 12, VALUE_OPT_VERIFY,
+ /* equiv idx, value */ 12, VALUE_OPT_VERIFY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ VERIFY_FLAGS, 0,
@@ -985,8 +1019,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ VERIFY_DESC, VERIFY_NAME, VERIFY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 12, VALUE_OPT_VERIFY_CRL,
- /* equiv idx, value */ 12, VALUE_OPT_VERIFY_CRL,
+ { /* entry idx, value */ 13, VALUE_OPT_VERIFY_CRL,
+ /* equiv idx, value */ 13, VALUE_OPT_VERIFY_CRL,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ VERIFY_CRL_FLAGS, 0,
@@ -997,8 +1031,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ VERIFY_CRL_DESC, VERIFY_CRL_NAME, VERIFY_CRL_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 13, VALUE_OPT_GENERATE_DH_PARAMS,
- /* equiv idx, value */ 13, VALUE_OPT_GENERATE_DH_PARAMS,
+ { /* entry idx, value */ 14, VALUE_OPT_GENERATE_DH_PARAMS,
+ /* equiv idx, value */ 14, VALUE_OPT_GENERATE_DH_PARAMS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GENERATE_DH_PARAMS_FLAGS, 0,
@@ -1009,8 +1043,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GENERATE_DH_PARAMS_DESC, GENERATE_DH_PARAMS_NAME,
GENERATE_DH_PARAMS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 14, VALUE_OPT_GET_DH_PARAMS,
- /* equiv idx, value */ 14, VALUE_OPT_GET_DH_PARAMS,
+ { /* entry idx, value */ 15, VALUE_OPT_GET_DH_PARAMS,
+ /* equiv idx, value */ 15, VALUE_OPT_GET_DH_PARAMS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ GET_DH_PARAMS_FLAGS, 0,
@@ -1021,8 +1055,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ GET_DH_PARAMS_DESC, GET_DH_PARAMS_NAME,
GET_DH_PARAMS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 15, VALUE_OPT_DH_INFO,
- /* equiv idx, value */ 15, VALUE_OPT_DH_INFO,
+ { /* entry idx, value */ 16, VALUE_OPT_DH_INFO,
+ /* equiv idx, value */ 16, VALUE_OPT_DH_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DH_INFO_FLAGS, 0,
@@ -1033,8 +1067,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DH_INFO_DESC, DH_INFO_NAME, DH_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 16, VALUE_OPT_LOAD_PRIVKEY,
- /* equiv idx, value */ 16, VALUE_OPT_LOAD_PRIVKEY,
+ { /* entry idx, value */ 17, VALUE_OPT_LOAD_PRIVKEY,
+ /* equiv idx, value */ 17, VALUE_OPT_LOAD_PRIVKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LOAD_PRIVKEY_FLAGS, 0,
@@ -1045,8 +1079,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ LOAD_PRIVKEY_DESC, LOAD_PRIVKEY_NAME,
LOAD_PRIVKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 17, VALUE_OPT_LOAD_PUBKEY,
- /* equiv idx, value */ 17, VALUE_OPT_LOAD_PUBKEY,
+ { /* entry idx, value */ 18, VALUE_OPT_LOAD_PUBKEY,
+ /* equiv idx, value */ 18, VALUE_OPT_LOAD_PUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LOAD_PUBKEY_FLAGS, 0,
@@ -1057,8 +1091,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ LOAD_PUBKEY_DESC, LOAD_PUBKEY_NAME,
LOAD_PUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 18, VALUE_OPT_LOAD_REQUEST,
- /* equiv idx, value */ 18, VALUE_OPT_LOAD_REQUEST,
+ { /* entry idx, value */ 19, VALUE_OPT_LOAD_REQUEST,
+ /* equiv idx, value */ 19, VALUE_OPT_LOAD_REQUEST,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LOAD_REQUEST_FLAGS, 0,
@@ -1069,8 +1103,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ LOAD_REQUEST_DESC, LOAD_REQUEST_NAME,
LOAD_REQUEST_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 19, VALUE_OPT_LOAD_CERTIFICATE,
- /* equiv idx, value */ 19, VALUE_OPT_LOAD_CERTIFICATE,
+ { /* entry idx, value */ 20, VALUE_OPT_LOAD_CERTIFICATE,
+ /* equiv idx, value */ 20, VALUE_OPT_LOAD_CERTIFICATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LOAD_CERTIFICATE_FLAGS, 0,
@@ -1081,8 +1115,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ LOAD_CERTIFICATE_DESC, LOAD_CERTIFICATE_NAME,
LOAD_CERTIFICATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 20, VALUE_OPT_LOAD_CA_PRIVKEY,
- /* equiv idx, value */ 20, VALUE_OPT_LOAD_CA_PRIVKEY,
+ { /* entry idx, value */ 21, VALUE_OPT_LOAD_CA_PRIVKEY,
+ /* equiv idx, value */ 21, VALUE_OPT_LOAD_CA_PRIVKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LOAD_CA_PRIVKEY_FLAGS, 0,
@@ -1093,8 +1127,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ LOAD_CA_PRIVKEY_DESC, LOAD_CA_PRIVKEY_NAME,
LOAD_CA_PRIVKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 21, VALUE_OPT_LOAD_CA_CERTIFICATE,
- /* equiv idx, value */ 21, VALUE_OPT_LOAD_CA_CERTIFICATE,
+ { /* entry idx, value */ 22, VALUE_OPT_LOAD_CA_CERTIFICATE,
+ /* equiv idx, value */ 22, VALUE_OPT_LOAD_CA_CERTIFICATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ LOAD_CA_CERTIFICATE_FLAGS, 0,
@@ -1105,8 +1139,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ LOAD_CA_CERTIFICATE_DESC,
LOAD_CA_CERTIFICATE_NAME, LOAD_CA_CERTIFICATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 22, VALUE_OPT_PASSWORD,
- /* equiv idx, value */ 22, VALUE_OPT_PASSWORD,
+ { /* entry idx, value */ 23, VALUE_OPT_PASSWORD,
+ /* equiv idx, value */ 23, VALUE_OPT_PASSWORD,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PASSWORD_FLAGS, 0,
@@ -1117,8 +1151,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PASSWORD_DESC, PASSWORD_NAME, PASSWORD_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 23, VALUE_OPT_NULL_PASSWORD,
- /* equiv idx, value */ 23, VALUE_OPT_NULL_PASSWORD,
+ { /* entry idx, value */ 24, VALUE_OPT_NULL_PASSWORD,
+ /* equiv idx, value */ 24, VALUE_OPT_NULL_PASSWORD,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ NULL_PASSWORD_FLAGS, 0,
@@ -1129,8 +1163,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ NULL_PASSWORD_DESC, NULL_PASSWORD_NAME,
NULL_PASSWORD_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 24, VALUE_OPT_CERTIFICATE_INFO,
- /* equiv idx, value */ 24, VALUE_OPT_CERTIFICATE_INFO,
+ { /* entry idx, value */ 25, VALUE_OPT_CERTIFICATE_INFO,
+ /* equiv idx, value */ 25, VALUE_OPT_CERTIFICATE_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CERTIFICATE_INFO_FLAGS, 0,
@@ -1141,8 +1175,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CERTIFICATE_INFO_DESC, CERTIFICATE_INFO_NAME,
CERTIFICATE_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 25, VALUE_OPT_CERTIFICATE_PUBKEY,
- /* equiv idx, value */ 25, VALUE_OPT_CERTIFICATE_PUBKEY,
+ { /* entry idx, value */ 26, VALUE_OPT_CERTIFICATE_PUBKEY,
+ /* equiv idx, value */ 26, VALUE_OPT_CERTIFICATE_PUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CERTIFICATE_PUBKEY_FLAGS, 0,
@@ -1153,8 +1187,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CERTIFICATE_PUBKEY_DESC, CERTIFICATE_PUBKEY_NAME,
CERTIFICATE_PUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 26, VALUE_OPT_PGP_CERTIFICATE_INFO,
- /* equiv idx, value */ 26, VALUE_OPT_PGP_CERTIFICATE_INFO,
+ { /* entry idx, value */ 27, VALUE_OPT_PGP_CERTIFICATE_INFO,
+ /* equiv idx, value */ 27, VALUE_OPT_PGP_CERTIFICATE_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_CERTIFICATE_INFO_FLAGS, 0,
@@ -1165,8 +1199,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_CERTIFICATE_INFO_DESC,
PGP_CERTIFICATE_INFO_NAME, PGP_CERTIFICATE_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 27, VALUE_OPT_PGP_RING_INFO,
- /* equiv idx, value */ 27, VALUE_OPT_PGP_RING_INFO,
+ { /* entry idx, value */ 28, VALUE_OPT_PGP_RING_INFO,
+ /* equiv idx, value */ 28, VALUE_OPT_PGP_RING_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_RING_INFO_FLAGS, 0,
@@ -1177,8 +1211,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_RING_INFO_DESC, PGP_RING_INFO_NAME,
PGP_RING_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 28, VALUE_OPT_CRL_INFO,
- /* equiv idx, value */ 28, VALUE_OPT_CRL_INFO,
+ { /* entry idx, value */ 29, VALUE_OPT_CRL_INFO,
+ /* equiv idx, value */ 29, VALUE_OPT_CRL_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CRL_INFO_FLAGS, 0,
@@ -1189,8 +1223,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CRL_INFO_DESC, CRL_INFO_NAME, CRL_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 29, VALUE_OPT_CRQ_INFO,
- /* equiv idx, value */ 29, VALUE_OPT_CRQ_INFO,
+ { /* entry idx, value */ 30, VALUE_OPT_CRQ_INFO,
+ /* equiv idx, value */ 30, VALUE_OPT_CRQ_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CRQ_INFO_FLAGS, 0,
@@ -1201,8 +1235,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CRQ_INFO_DESC, CRQ_INFO_NAME, CRQ_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 30, VALUE_OPT_NO_CRQ_EXTENSIONS,
- /* equiv idx, value */ 30, VALUE_OPT_NO_CRQ_EXTENSIONS,
+ { /* entry idx, value */ 31, VALUE_OPT_NO_CRQ_EXTENSIONS,
+ /* equiv idx, value */ 31, VALUE_OPT_NO_CRQ_EXTENSIONS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ NO_CRQ_EXTENSIONS_FLAGS, 0,
@@ -1213,8 +1247,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ NO_CRQ_EXTENSIONS_DESC, NO_CRQ_EXTENSIONS_NAME,
NO_CRQ_EXTENSIONS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 31, VALUE_OPT_P12_INFO,
- /* equiv idx, value */ 31, VALUE_OPT_P12_INFO,
+ { /* entry idx, value */ 32, VALUE_OPT_P12_INFO,
+ /* equiv idx, value */ 32, VALUE_OPT_P12_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ P12_INFO_FLAGS, 0,
@@ -1225,8 +1259,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ P12_INFO_DESC, P12_INFO_NAME, P12_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 32, VALUE_OPT_P7_INFO,
- /* equiv idx, value */ 32, VALUE_OPT_P7_INFO,
+ { /* entry idx, value */ 33, VALUE_OPT_P7_INFO,
+ /* equiv idx, value */ 33, VALUE_OPT_P7_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ P7_INFO_FLAGS, 0,
@@ -1237,8 +1271,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ P7_INFO_DESC, P7_INFO_NAME, P7_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 33, VALUE_OPT_SMIME_TO_P7,
- /* equiv idx, value */ 33, VALUE_OPT_SMIME_TO_P7,
+ { /* entry idx, value */ 34, VALUE_OPT_SMIME_TO_P7,
+ /* equiv idx, value */ 34, VALUE_OPT_SMIME_TO_P7,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SMIME_TO_P7_FLAGS, 0,
@@ -1249,8 +1283,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SMIME_TO_P7_DESC, SMIME_TO_P7_NAME,
SMIME_TO_P7_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 34, VALUE_OPT_KEY_INFO,
- /* equiv idx, value */ 34, VALUE_OPT_KEY_INFO,
+ { /* entry idx, value */ 35, VALUE_OPT_KEY_INFO,
+ /* equiv idx, value */ 35, VALUE_OPT_KEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ KEY_INFO_FLAGS, 0,
@@ -1261,8 +1295,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ KEY_INFO_DESC, KEY_INFO_NAME, KEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 35, VALUE_OPT_PGP_KEY_INFO,
- /* equiv idx, value */ 35, VALUE_OPT_PGP_KEY_INFO,
+ { /* entry idx, value */ 36, VALUE_OPT_PGP_KEY_INFO,
+ /* equiv idx, value */ 36, VALUE_OPT_PGP_KEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_KEY_INFO_FLAGS, 0,
@@ -1273,8 +1307,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_KEY_INFO_DESC, PGP_KEY_INFO_NAME,
PGP_KEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 36, VALUE_OPT_PUBKEY_INFO,
- /* equiv idx, value */ 36, VALUE_OPT_PUBKEY_INFO,
+ { /* entry idx, value */ 37, VALUE_OPT_PUBKEY_INFO,
+ /* equiv idx, value */ 37, VALUE_OPT_PUBKEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PUBKEY_INFO_FLAGS, 0,
@@ -1285,8 +1319,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PUBKEY_INFO_DESC, PUBKEY_INFO_NAME,
PUBKEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 37, VALUE_OPT_V1,
- /* equiv idx, value */ 37, VALUE_OPT_V1,
+ { /* entry idx, value */ 38, VALUE_OPT_V1,
+ /* equiv idx, value */ 38, VALUE_OPT_V1,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ V1_FLAGS, 0,
@@ -1297,8 +1331,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ V1_DESC, V1_NAME, V1_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 38, VALUE_OPT_TO_P12,
- /* equiv idx, value */ 38, VALUE_OPT_TO_P12,
+ { /* entry idx, value */ 39, VALUE_OPT_TO_P12,
+ /* equiv idx, value */ 39, VALUE_OPT_TO_P12,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TO_P12_FLAGS, 0,
@@ -1309,8 +1343,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TO_P12_DESC, TO_P12_NAME, TO_P12_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 39, VALUE_OPT_TO_P8,
- /* equiv idx, value */ 39, VALUE_OPT_TO_P8,
+ { /* entry idx, value */ 40, VALUE_OPT_TO_P8,
+ /* equiv idx, value */ 40, VALUE_OPT_TO_P8,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TO_P8_FLAGS, 0,
@@ -1321,8 +1355,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TO_P8_DESC, TO_P8_NAME, TO_P8_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 40, VALUE_OPT_PKCS8,
- /* equiv idx, value */ 40, VALUE_OPT_PKCS8,
+ { /* entry idx, value */ 41, VALUE_OPT_PKCS8,
+ /* equiv idx, value */ 41, VALUE_OPT_PKCS8,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PKCS8_FLAGS, 0,
@@ -1333,8 +1367,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PKCS8_DESC, PKCS8_NAME, PKCS8_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 41, VALUE_OPT_RSA,
- /* equiv idx, value */ 41, VALUE_OPT_RSA,
+ { /* entry idx, value */ 42, VALUE_OPT_RSA,
+ /* equiv idx, value */ 42, VALUE_OPT_RSA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ RSA_FLAGS, 0,
@@ -1345,8 +1379,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ RSA_DESC, RSA_NAME, RSA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 42, VALUE_OPT_DSA,
- /* equiv idx, value */ 42, VALUE_OPT_DSA,
+ { /* entry idx, value */ 43, VALUE_OPT_DSA,
+ /* equiv idx, value */ 43, VALUE_OPT_DSA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DSA_FLAGS, 0,
@@ -1357,8 +1391,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DSA_DESC, DSA_NAME, DSA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 43, VALUE_OPT_ECC,
- /* equiv idx, value */ 43, VALUE_OPT_ECC,
+ { /* entry idx, value */ 44, VALUE_OPT_ECC,
+ /* equiv idx, value */ 44, VALUE_OPT_ECC,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ ECC_FLAGS, 0,
@@ -1369,8 +1403,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ ECC_DESC, ECC_NAME, ECC_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 44, VALUE_OPT_HASH,
- /* equiv idx, value */ 44, VALUE_OPT_HASH,
+ { /* entry idx, value */ 45, VALUE_OPT_HASH,
+ /* equiv idx, value */ 45, VALUE_OPT_HASH,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ HASH_FLAGS, 0,
@@ -1381,8 +1415,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ HASH_DESC, HASH_NAME, HASH_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 45, VALUE_OPT_INDER,
- /* equiv idx, value */ 45, VALUE_OPT_INDER,
+ { /* entry idx, value */ 46, VALUE_OPT_INDER,
+ /* equiv idx, value */ 46, VALUE_OPT_INDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INDER_FLAGS, 0,
@@ -1393,8 +1427,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name,
/* disablement strs */ NOT_INDER_name, NOT_INDER_PFX },
- { /* entry idx, value */ 46, VALUE_OPT_INRAW,
- /* equiv idx, value */ 46, VALUE_OPT_INRAW,
+ { /* entry idx, value */ 47, VALUE_OPT_INRAW,
+ /* equiv idx, value */ 47, VALUE_OPT_INRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INRAW_FLAGS, 0,
@@ -1405,8 +1439,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INRAW_DESC, INRAW_NAME, INRAW_name,
/* disablement strs */ 0, 0 },
- { /* entry idx, value */ 47, VALUE_OPT_OUTDER,
- /* equiv idx, value */ 47, VALUE_OPT_OUTDER,
+ { /* entry idx, value */ 48, VALUE_OPT_OUTDER,
+ /* equiv idx, value */ 48, VALUE_OPT_OUTDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTDER_FLAGS, 0,
@@ -1417,8 +1451,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name,
/* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX },
- { /* entry idx, value */ 48, VALUE_OPT_OUTRAW,
- /* equiv idx, value */ 48, VALUE_OPT_OUTRAW,
+ { /* entry idx, value */ 49, VALUE_OPT_OUTRAW,
+ /* equiv idx, value */ 49, VALUE_OPT_OUTRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTRAW_FLAGS, 0,
@@ -1429,8 +1463,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTRAW_DESC, OUTRAW_NAME, OUTRAW_name,
/* disablement strs */ 0, 0 },
- { /* entry idx, value */ 49, VALUE_OPT_BITS,
- /* equiv idx, value */ 49, VALUE_OPT_BITS,
+ { /* entry idx, value */ 50, VALUE_OPT_BITS,
+ /* equiv idx, value */ 50, VALUE_OPT_BITS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BITS_FLAGS, 0,
@@ -1441,8 +1475,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 50, VALUE_OPT_SEC_PARAM,
- /* equiv idx, value */ 50, VALUE_OPT_SEC_PARAM,
+ { /* entry idx, value */ 51, VALUE_OPT_SEC_PARAM,
+ /* equiv idx, value */ 51, VALUE_OPT_SEC_PARAM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SEC_PARAM_FLAGS, 0,
@@ -1453,8 +1487,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 51, VALUE_OPT_DISABLE_QUICK_RANDOM,
- /* equiv idx, value */ 51, VALUE_OPT_DISABLE_QUICK_RANDOM,
+ { /* entry idx, value */ 52, VALUE_OPT_DISABLE_QUICK_RANDOM,
+ /* equiv idx, value */ 52, VALUE_OPT_DISABLE_QUICK_RANDOM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DISABLE_QUICK_RANDOM_FLAGS, 0,
@@ -1465,8 +1499,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DISABLE_QUICK_RANDOM_DESC,
DISABLE_QUICK_RANDOM_NAME, DISABLE_QUICK_RANDOM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 52, VALUE_OPT_TEMPLATE,
- /* equiv idx, value */ 52, VALUE_OPT_TEMPLATE,
+ { /* entry idx, value */ 53, VALUE_OPT_TEMPLATE,
+ /* equiv idx, value */ 53, VALUE_OPT_TEMPLATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TEMPLATE_FLAGS, 0,
@@ -1477,8 +1511,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TEMPLATE_DESC, TEMPLATE_NAME, TEMPLATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 53, VALUE_OPT_PKCS_CIPHER,
- /* equiv idx, value */ 53, VALUE_OPT_PKCS_CIPHER,
+ { /* entry idx, value */ 54, VALUE_OPT_PKCS_CIPHER,
+ /* equiv idx, value */ 54, VALUE_OPT_PKCS_CIPHER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PKCS_CIPHER_FLAGS, 0,
@@ -1489,8 +1523,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PKCS_CIPHER_DESC, PKCS_CIPHER_NAME,
PKCS_CIPHER_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 54, VALUE_OPT_DANE_RR,
- /* equiv idx, value */ 54, VALUE_OPT_DANE_RR,
+ { /* entry idx, value */ 55, VALUE_OPT_DANE_RR,
+ /* equiv idx, value */ 55, VALUE_OPT_DANE_RR,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DANE_RR_FLAGS, 0,
@@ -1501,8 +1535,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DANE_RR_DESC, DANE_RR_NAME, DANE_RR_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 55, VALUE_OPT_DANE_HOST,
- /* equiv idx, value */ 55, VALUE_OPT_DANE_HOST,
+ { /* entry idx, value */ 56, VALUE_OPT_DANE_HOST,
+ /* equiv idx, value */ 56, VALUE_OPT_DANE_HOST,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DANE_HOST_FLAGS, 0,
@@ -1513,8 +1547,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DANE_HOST_DESC, DANE_HOST_NAME, DANE_HOST_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 56, VALUE_OPT_DANE_PROTO,
- /* equiv idx, value */ 56, VALUE_OPT_DANE_PROTO,
+ { /* entry idx, value */ 57, VALUE_OPT_DANE_PROTO,
+ /* equiv idx, value */ 57, VALUE_OPT_DANE_PROTO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DANE_PROTO_FLAGS, 0,
@@ -1525,8 +1559,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DANE_PROTO_DESC, DANE_PROTO_NAME, DANE_PROTO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 57, VALUE_OPT_DANE_PORT,
- /* equiv idx, value */ 57, VALUE_OPT_DANE_PORT,
+ { /* entry idx, value */ 58, VALUE_OPT_DANE_PORT,
+ /* equiv idx, value */ 58, VALUE_OPT_DANE_PORT,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DANE_PORT_FLAGS, 0,
@@ -1537,8 +1571,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DANE_PORT_DESC, DANE_PORT_NAME, DANE_PORT_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 58, VALUE_OPT_DANE_CA,
- /* equiv idx, value */ 58, VALUE_OPT_DANE_CA,
+ { /* entry idx, value */ 59, VALUE_OPT_DANE_CA,
+ /* equiv idx, value */ 59, VALUE_OPT_DANE_CA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DANE_CA_FLAGS, 0,
@@ -1549,8 +1583,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DANE_CA_DESC, DANE_CA_NAME, DANE_CA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 59, VALUE_OPT_DANE_LOCAL,
- /* equiv idx, value */ 59, VALUE_OPT_DANE_LOCAL,
+ { /* entry idx, value */ 60, VALUE_OPT_DANE_FULL_X509,
+ /* equiv idx, value */ 60, VALUE_OPT_DANE_FULL_X509,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ DANE_FULL_X509_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --dane-full-x509 */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ DANE_FULL_X509_DESC, DANE_FULL_X509_NAME,
DANE_FULL_X509_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 61, VALUE_OPT_DANE_LOCAL,
+ /* equiv idx, value */ 61, VALUE_OPT_DANE_LOCAL,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DANE_LOCAL_FLAGS, 0,
@@ -1605,14 +1651,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the certtool Option Environment
*/
-#define zPROGNAME (certtool_opt_strs+4719)
-#define zUsageTitle (certtool_opt_strs+4728)
+#define zPROGNAME (certtool_opt_strs+4857)
+#define zUsageTitle (certtool_opt_strs+4866)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (certtool_opt_strs+4835)
-#define zExplain (certtool_opt_strs+4854)
-#define zDetail (certtool_opt_strs+4857)
-#define zFullVersion (certtool_opt_strs+5031)
+#define zBugsAddr (certtool_opt_strs+4973)
+#define zExplain (certtool_opt_strs+4992)
+#define zDetail (certtool_opt_strs+4995)
+#define zFullVersion (certtool_opt_strs+5169)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -1626,7 +1672,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define certtool_full_usage (NULL)
-#define certtool_short_usage (certtool_opt_strs+5050)
+#define certtool_short_usage (certtool_opt_strs+5188)
#endif /* not defined __doxygen__ */
@@ -1843,7 +1889,7 @@ tOptions certtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 63 /* full option count */, 60 /* user option count */,
+ 65 /* full option count */, 62 /* user option count */,
certtool_full_usage, certtool_short_usage,
NULL, NULL,
PKGDATADIR, certtool_packager_info
diff --git a/src/certtool-args.def b/src/certtool-args.def
index ac40d78..cfc9ffc 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -10,6 +10,7 @@ explain = "";
#define INFILE_OPT 1
#define OUTFILE_OPT 1
+#define VERBOSE_OPT 1
#include args-std.def
flag = {
@@ -391,6 +392,12 @@ flag = {
};
flag = {
+ name = dane-full-x509;
+ descrip = "Use the hash of the full X.509 certificate, rather than the
public key.";
+ doc = "This option forces the generated record to contain the hash of
the full X.509 certificate. By default only the hash of the public key is
used.";
+};
+
+flag = {
name = dane-local;
descrip = "Whether the provided certificate or public key is an unsigned
local entity.";
doc = "DANE distinguishes certificates and public keys offered via
the DNSSEC to trusted and local entities. Use this flag if this is a local
entity.";
@@ -525,8 +532,10 @@ To verify a Certificate Revocation List (CRL) do:
$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
@end example
address@hidden DANE RR generation
-To create a DANE resource record for a CA signed certificate use the following
commands.
address@hidden DANE TLSA RR generation
+
+
+To create a DANE TLSA resource record for a CA signed certificate use the
following commands.
@example
$ certtool --dane-rr --dane-host www.example.com --load-certificate cert.pem
@@ -538,6 +547,10 @@ $ certtool --dane-rr --dane-host www.example.com
--load-certificate cert.pem \
--dane-local
@end example
+The latter is useful to add in your DNS entry even if your certificate is
signed
+by a CA. That way even users who do not trust your CA will be able to verify
your
+certificate using DANE.
+
In order to create a record for the signer of your certificate use:
@example
$ certtool --dane-rr --dane-host www.example.com --load-certificate cert.pem \
diff --git a/src/certtool-args.h b/src/certtool-args.h
index 429b67a..8360fc2 100644
--- a/src/certtool-args.h
+++ b/src/certtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.h)
*
- * It has been AutoGen-ed October 8, 2012 at 04:53:23 PM by AutoGen 5.16
+ * It has been AutoGen-ed October 9, 2012 at 07:10:23 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -68,71 +68,73 @@
*/
typedef enum {
INDEX_OPT_DEBUG = 0,
- INDEX_OPT_INFILE = 1,
- INDEX_OPT_OUTFILE = 2,
- INDEX_OPT_GENERATE_SELF_SIGNED = 3,
- INDEX_OPT_GENERATE_CERTIFICATE = 4,
- INDEX_OPT_GENERATE_PROXY = 5,
- INDEX_OPT_GENERATE_CRL = 6,
- INDEX_OPT_UPDATE_CERTIFICATE = 7,
- INDEX_OPT_GENERATE_PRIVKEY = 8,
- INDEX_OPT_GENERATE_REQUEST = 9,
- INDEX_OPT_VERIFY_CHAIN = 10,
- INDEX_OPT_VERIFY = 11,
- INDEX_OPT_VERIFY_CRL = 12,
- INDEX_OPT_GENERATE_DH_PARAMS = 13,
- INDEX_OPT_GET_DH_PARAMS = 14,
- INDEX_OPT_DH_INFO = 15,
- INDEX_OPT_LOAD_PRIVKEY = 16,
- INDEX_OPT_LOAD_PUBKEY = 17,
- INDEX_OPT_LOAD_REQUEST = 18,
- INDEX_OPT_LOAD_CERTIFICATE = 19,
- INDEX_OPT_LOAD_CA_PRIVKEY = 20,
- INDEX_OPT_LOAD_CA_CERTIFICATE = 21,
- INDEX_OPT_PASSWORD = 22,
- INDEX_OPT_NULL_PASSWORD = 23,
- INDEX_OPT_CERTIFICATE_INFO = 24,
- INDEX_OPT_CERTIFICATE_PUBKEY = 25,
- INDEX_OPT_PGP_CERTIFICATE_INFO = 26,
- INDEX_OPT_PGP_RING_INFO = 27,
- INDEX_OPT_CRL_INFO = 28,
- INDEX_OPT_CRQ_INFO = 29,
- INDEX_OPT_NO_CRQ_EXTENSIONS = 30,
- INDEX_OPT_P12_INFO = 31,
- INDEX_OPT_P7_INFO = 32,
- INDEX_OPT_SMIME_TO_P7 = 33,
- INDEX_OPT_KEY_INFO = 34,
- INDEX_OPT_PGP_KEY_INFO = 35,
- INDEX_OPT_PUBKEY_INFO = 36,
- INDEX_OPT_V1 = 37,
- INDEX_OPT_TO_P12 = 38,
- INDEX_OPT_TO_P8 = 39,
- INDEX_OPT_PKCS8 = 40,
- INDEX_OPT_RSA = 41,
- INDEX_OPT_DSA = 42,
- INDEX_OPT_ECC = 43,
- INDEX_OPT_HASH = 44,
- INDEX_OPT_INDER = 45,
- INDEX_OPT_INRAW = 46,
- INDEX_OPT_OUTDER = 47,
- INDEX_OPT_OUTRAW = 48,
- INDEX_OPT_BITS = 49,
- INDEX_OPT_SEC_PARAM = 50,
- INDEX_OPT_DISABLE_QUICK_RANDOM = 51,
- INDEX_OPT_TEMPLATE = 52,
- INDEX_OPT_PKCS_CIPHER = 53,
- INDEX_OPT_DANE_RR = 54,
- INDEX_OPT_DANE_HOST = 55,
- INDEX_OPT_DANE_PROTO = 56,
- INDEX_OPT_DANE_PORT = 57,
- INDEX_OPT_DANE_CA = 58,
- INDEX_OPT_DANE_LOCAL = 59,
- INDEX_OPT_VERSION = 60,
- INDEX_OPT_HELP = 61,
- INDEX_OPT_MORE_HELP = 62
+ INDEX_OPT_VERBOSE = 1,
+ INDEX_OPT_INFILE = 2,
+ INDEX_OPT_OUTFILE = 3,
+ INDEX_OPT_GENERATE_SELF_SIGNED = 4,
+ INDEX_OPT_GENERATE_CERTIFICATE = 5,
+ INDEX_OPT_GENERATE_PROXY = 6,
+ INDEX_OPT_GENERATE_CRL = 7,
+ INDEX_OPT_UPDATE_CERTIFICATE = 8,
+ INDEX_OPT_GENERATE_PRIVKEY = 9,
+ INDEX_OPT_GENERATE_REQUEST = 10,
+ INDEX_OPT_VERIFY_CHAIN = 11,
+ INDEX_OPT_VERIFY = 12,
+ INDEX_OPT_VERIFY_CRL = 13,
+ INDEX_OPT_GENERATE_DH_PARAMS = 14,
+ INDEX_OPT_GET_DH_PARAMS = 15,
+ INDEX_OPT_DH_INFO = 16,
+ INDEX_OPT_LOAD_PRIVKEY = 17,
+ INDEX_OPT_LOAD_PUBKEY = 18,
+ INDEX_OPT_LOAD_REQUEST = 19,
+ INDEX_OPT_LOAD_CERTIFICATE = 20,
+ INDEX_OPT_LOAD_CA_PRIVKEY = 21,
+ INDEX_OPT_LOAD_CA_CERTIFICATE = 22,
+ INDEX_OPT_PASSWORD = 23,
+ INDEX_OPT_NULL_PASSWORD = 24,
+ INDEX_OPT_CERTIFICATE_INFO = 25,
+ INDEX_OPT_CERTIFICATE_PUBKEY = 26,
+ INDEX_OPT_PGP_CERTIFICATE_INFO = 27,
+ INDEX_OPT_PGP_RING_INFO = 28,
+ INDEX_OPT_CRL_INFO = 29,
+ INDEX_OPT_CRQ_INFO = 30,
+ INDEX_OPT_NO_CRQ_EXTENSIONS = 31,
+ INDEX_OPT_P12_INFO = 32,
+ INDEX_OPT_P7_INFO = 33,
+ INDEX_OPT_SMIME_TO_P7 = 34,
+ INDEX_OPT_KEY_INFO = 35,
+ INDEX_OPT_PGP_KEY_INFO = 36,
+ INDEX_OPT_PUBKEY_INFO = 37,
+ INDEX_OPT_V1 = 38,
+ INDEX_OPT_TO_P12 = 39,
+ INDEX_OPT_TO_P8 = 40,
+ INDEX_OPT_PKCS8 = 41,
+ INDEX_OPT_RSA = 42,
+ INDEX_OPT_DSA = 43,
+ INDEX_OPT_ECC = 44,
+ INDEX_OPT_HASH = 45,
+ INDEX_OPT_INDER = 46,
+ INDEX_OPT_INRAW = 47,
+ INDEX_OPT_OUTDER = 48,
+ INDEX_OPT_OUTRAW = 49,
+ INDEX_OPT_BITS = 50,
+ INDEX_OPT_SEC_PARAM = 51,
+ INDEX_OPT_DISABLE_QUICK_RANDOM = 52,
+ INDEX_OPT_TEMPLATE = 53,
+ INDEX_OPT_PKCS_CIPHER = 54,
+ INDEX_OPT_DANE_RR = 55,
+ INDEX_OPT_DANE_HOST = 56,
+ INDEX_OPT_DANE_PROTO = 57,
+ INDEX_OPT_DANE_PORT = 58,
+ INDEX_OPT_DANE_CA = 59,
+ INDEX_OPT_DANE_FULL_X509 = 60,
+ INDEX_OPT_DANE_LOCAL = 61,
+ INDEX_OPT_VERSION = 62,
+ INDEX_OPT_HELP = 63,
+ INDEX_OPT_MORE_HELP = 64
} teOptIndex;
-#define OPTION_CT 63
+#define OPTION_CT 65
#define CERTTOOL_VERSION "@VERSION@"
#define CERTTOOL_FULL_VERSION "certtool @VERSION@"
@@ -173,69 +175,71 @@ typedef enum {
#define VALUE_OPT_DEBUG 'd'
#define OPT_VALUE_DEBUG (DESC(DEBUG).optArg.argInt)
-#define VALUE_OPT_INFILE 1
-#define VALUE_OPT_OUTFILE 2
+#define VALUE_OPT_VERBOSE 'V'
+#define VALUE_OPT_INFILE 2
+#define VALUE_OPT_OUTFILE 3
#define VALUE_OPT_GENERATE_SELF_SIGNED 's'
#define VALUE_OPT_GENERATE_CERTIFICATE 'c'
-#define VALUE_OPT_GENERATE_PROXY 5
-#define VALUE_OPT_GENERATE_CRL 6
+#define VALUE_OPT_GENERATE_PROXY 6
+#define VALUE_OPT_GENERATE_CRL 7
#define VALUE_OPT_UPDATE_CERTIFICATE 'u'
#define VALUE_OPT_GENERATE_PRIVKEY 'p'
#define VALUE_OPT_GENERATE_REQUEST 'q'
#define VALUE_OPT_VERIFY_CHAIN 'e'
-#define VALUE_OPT_VERIFY 11
-#define VALUE_OPT_VERIFY_CRL 12
-#define VALUE_OPT_GENERATE_DH_PARAMS 13
-#define VALUE_OPT_GET_DH_PARAMS 14
-#define VALUE_OPT_DH_INFO 15
-#define VALUE_OPT_LOAD_PRIVKEY 16
-#define VALUE_OPT_LOAD_PUBKEY 17
-#define VALUE_OPT_LOAD_REQUEST 18
-#define VALUE_OPT_LOAD_CERTIFICATE 19
-#define VALUE_OPT_LOAD_CA_PRIVKEY 20
-#define VALUE_OPT_LOAD_CA_CERTIFICATE 21
-#define VALUE_OPT_PASSWORD 22
-#define VALUE_OPT_NULL_PASSWORD 23
+#define VALUE_OPT_VERIFY 12
+#define VALUE_OPT_VERIFY_CRL 13
+#define VALUE_OPT_GENERATE_DH_PARAMS 14
+#define VALUE_OPT_GET_DH_PARAMS 15
+#define VALUE_OPT_DH_INFO 16
+#define VALUE_OPT_LOAD_PRIVKEY 17
+#define VALUE_OPT_LOAD_PUBKEY 18
+#define VALUE_OPT_LOAD_REQUEST 19
+#define VALUE_OPT_LOAD_CERTIFICATE 20
+#define VALUE_OPT_LOAD_CA_PRIVKEY 21
+#define VALUE_OPT_LOAD_CA_CERTIFICATE 22
+#define VALUE_OPT_PASSWORD 23
+#define VALUE_OPT_NULL_PASSWORD 24
#define VALUE_OPT_CERTIFICATE_INFO 'i'
-#define VALUE_OPT_CERTIFICATE_PUBKEY 25
-#define VALUE_OPT_PGP_CERTIFICATE_INFO 26
-#define VALUE_OPT_PGP_RING_INFO 27
+#define VALUE_OPT_CERTIFICATE_PUBKEY 26
+#define VALUE_OPT_PGP_CERTIFICATE_INFO 27
+#define VALUE_OPT_PGP_RING_INFO 28
#define VALUE_OPT_CRL_INFO 'l'
-#define VALUE_OPT_CRQ_INFO 29
-#define VALUE_OPT_NO_CRQ_EXTENSIONS 30
-#define VALUE_OPT_P12_INFO 31
-#define VALUE_OPT_P7_INFO 32
-#define VALUE_OPT_SMIME_TO_P7 129
+#define VALUE_OPT_CRQ_INFO 30
+#define VALUE_OPT_NO_CRQ_EXTENSIONS 31
+#define VALUE_OPT_P12_INFO 32
+#define VALUE_OPT_P7_INFO 129
+#define VALUE_OPT_SMIME_TO_P7 130
#define VALUE_OPT_KEY_INFO 'k'
-#define VALUE_OPT_PGP_KEY_INFO 131
-#define VALUE_OPT_PUBKEY_INFO 132
-#define VALUE_OPT_V1 133
-#define VALUE_OPT_TO_P12 134
-#define VALUE_OPT_TO_P8 135
+#define VALUE_OPT_PGP_KEY_INFO 132
+#define VALUE_OPT_PUBKEY_INFO 133
+#define VALUE_OPT_V1 134
+#define VALUE_OPT_TO_P12 135
+#define VALUE_OPT_TO_P8 136
#define VALUE_OPT_PKCS8 '8'
-#define VALUE_OPT_RSA 137
-#define VALUE_OPT_DSA 138
-#define VALUE_OPT_ECC 139
-#define VALUE_OPT_HASH 140
-#define VALUE_OPT_INDER 141
-#define VALUE_OPT_INRAW 142
-#define VALUE_OPT_OUTDER 143
-#define VALUE_OPT_OUTRAW 144
-#define VALUE_OPT_BITS 145
+#define VALUE_OPT_RSA 138
+#define VALUE_OPT_DSA 139
+#define VALUE_OPT_ECC 140
+#define VALUE_OPT_HASH 141
+#define VALUE_OPT_INDER 142
+#define VALUE_OPT_INRAW 143
+#define VALUE_OPT_OUTDER 144
+#define VALUE_OPT_OUTRAW 145
+#define VALUE_OPT_BITS 146
#define OPT_VALUE_BITS (DESC(BITS).optArg.argInt)
-#define VALUE_OPT_SEC_PARAM 146
-#define VALUE_OPT_DISABLE_QUICK_RANDOM 147
-#define VALUE_OPT_TEMPLATE 148
-#define VALUE_OPT_PKCS_CIPHER 149
-#define VALUE_OPT_DANE_RR 150
-#define VALUE_OPT_DANE_HOST 151
-#define VALUE_OPT_DANE_PROTO 152
-#define VALUE_OPT_DANE_PORT 153
+#define VALUE_OPT_SEC_PARAM 147
+#define VALUE_OPT_DISABLE_QUICK_RANDOM 148
+#define VALUE_OPT_TEMPLATE 149
+#define VALUE_OPT_PKCS_CIPHER 150
+#define VALUE_OPT_DANE_RR 151
+#define VALUE_OPT_DANE_HOST 152
+#define VALUE_OPT_DANE_PROTO 153
+#define VALUE_OPT_DANE_PORT 154
#define OPT_VALUE_DANE_PORT (DESC(DANE_PORT).optArg.argInt)
-#define VALUE_OPT_DANE_CA 154
-#define VALUE_OPT_DANE_LOCAL 155
+#define VALUE_OPT_DANE_CA 155
+#define VALUE_OPT_DANE_FULL_X509 156
+#define VALUE_OPT_DANE_LOCAL 157
#define VALUE_OPT_HELP 'h'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
diff --git a/src/certtool-common.c b/src/certtool-common.c
index a07fe02..8935038 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -79,7 +79,8 @@ load_secret_key (int mand, common_info_st * info)
gnutls_datum_t hex_key;
int ret;
- fprintf (stderr, "Loading secret key...\n");
+ if (info->verbose)
+ fprintf (stderr, "Loading secret key...\n");
if (info->secret_key == NULL)
{
@@ -324,7 +325,8 @@ load_cert_list (int mand, size_t * crt_size, common_info_st
* info)
int ptr_size;
*crt_size = 0;
- fprintf (stderr, "Loading certificate list...\n");
+ if (info->verbose)
+ fprintf (stderr, "Loading certificate list...\n");
if (info->cert == NULL)
{
@@ -375,7 +377,8 @@ load_cert_list (int mand, size_t * crt_size, common_info_st
* info)
(*crt_size)++;
}
- fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
+ if (info->verbose)
+ fprintf (stderr, "Loaded %d certificates.\n", (int) *crt_size);
return crt;
}
diff --git a/src/certtool-common.h b/src/certtool-common.h
index cdfec62..c1c07ff 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -51,6 +51,8 @@ typedef struct common_info
int null_password;
unsigned int crq_extensions;
unsigned int v1_cert;
+
+ unsigned int verbose;
} common_info_st;
gnutls_pubkey_t load_public_key_or_import(int mand, gnutls_privkey_t privkey,
common_info_st * info);
diff --git a/src/certtool.c b/src/certtool.c
index ce71b20..17aefd2 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -971,6 +971,9 @@ cmd_parser (int argc, char **argv)
memset (&cinfo, 0, sizeof (cinfo));
+ if (HAVE_OPT(VERBOSE))
+ cinfo.verbose = 1;
+
if (HAVE_OPT(LOAD_PRIVKEY))
cinfo.privkey = OPT_ARG(LOAD_PRIVKEY);
@@ -1109,7 +1112,7 @@ static void dane_info(const char* host, const char*
proto, unsigned int port,
port = 443;
crt = load_cert (0, cinfo);
- if (crt != NULL)
+ if (crt != NULL && HAVE_OPT(DANE_FULL_X509))
{
selector = 0; /* X.509 */
@@ -1120,7 +1123,7 @@ static void dane_info(const char* host, const char*
proto, unsigned int port,
gnutls_x509_crt_deinit (crt);
}
- else
+ else /* use public key only */
{
selector = 1;
@@ -1128,19 +1131,42 @@ static void dane_info(const char* host, const char*
proto, unsigned int port,
if (ret < 0)
error (EXIT_FAILURE, 0, "pubkey_init: %s", gnutls_strerror (ret));
- pubkey = load_pubkey (1, cinfo);
+ if (crt != NULL)
+ {
+
+ ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
+ if (ret < 0)
+ {
+ error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
+ gnutls_strerror (ret));
+ }
+
+ size = buffer_size;
+ ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer,
&size);
+ if (ret < 0)
+ {
+ error (EXIT_FAILURE, 0, "pubkey_export: %s",
+ gnutls_strerror (ret));
+ }
+
+ gnutls_x509_crt_deinit(crt);
+ }
+ else
+ {
+ pubkey = load_pubkey (1, cinfo);
+
+ size = buffer_size;
+ ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer,
&size);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
+ }
- size = buffer_size;
- ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_DER, buffer, &size);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret));
-
gnutls_pubkey_deinit (pubkey);
}
if (default_dig != GNUTLS_DIG_SHA256 && default_dig != GNUTLS_DIG_SHA512)
{
- fprintf(stderr, "Unsupported digest. Assuming SHA256.\n");
+ if (default_dig != GNUTLS_DIG_UNKNOWN) fprintf(stderr, "Unsupported
digest. Assuming SHA256.\n");
default_dig = GNUTLS_DIG_SHA256;
}
@@ -1172,7 +1198,7 @@ static void dane_info(const char* host, const char*
proto, unsigned int port,
if (ret < 0)
error (EXIT_FAILURE, 0, "hex encode error: %s", gnutls_strerror (ret));
- fprintf(outfile, "_%u._%s.%s. IN TLSA ( %u %u %u %s )\n", port, proto, host,
usage, selector, type, buffer);
+ fprintf(outfile, "_%u._%s.%s. IN TLSA ( %x %x %x %s )\n", port, proto, host,
usage, selector, type, buffer);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-63-g2c8f79e,
Nikos Mavrogiannopoulos <=